Security Bulletin: IBM Cloud Transformation Advisor is vulnerable to multiple vulnerabilities
Summary IBM Cloud Transformation Advisor has addressed multiple security vulnerabilities listed herein. Vulnerability Details ** CVEID: CVE-2023-49569 DESCRIPTION: **go-git could allow a remote attacker to traverse directories on the system. By sending a specially crafted request using the...
9.8CVSS
10AI Score
EPSS
GHSA-8R3F-844C-MC37 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...
7.5AI Score
CVE-2023-45289 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.8AI Score
0.0004EPSS
CVE-2023-46402 vulnerabilities
Vulnerabilities for packages: melange, pulumi-kubernetes-operator, argo-cd, flux-notification-controller,...
7.5CVSS
7.7AI Score
0.0005EPSS
Vulnerabilities for packages: kubernetes-dns-node-cache, ip-masq-agent, kubernetes, spark-operator, aws-ebs-csi-driver, cluster-autoscaler, node-feature-discovery, kubernetes-csi-driver-hostpath, local-static-provisioner, nodetaint,...
2.7CVSS
4.3AI Score
0.0004EPSS
GHSA-X84C-P2G9-RQV9 vulnerabilities
Vulnerabilities for packages: harbor-scanner-trivy, docker, melange, k3d, prometheus, wolfictl, docker-compose, buf, grype, kaniko, neuvector-scanner, tekton-pipelines, syft, dagger, cri-tools, helm-push,...
7.5AI Score
CVE-2023-44487 vulnerabilities
Vulnerabilities for packages: envoy-ratelimit, gobuster, nats, aws-efs-csi-driver, thanos, kots, kubernetes-csi-livenessprobe, external-dns, grype, ollama, pulumi-language-dotnet, tctl, metacontroller, tomcat, vault-csi-provider, prometheus, up, gitlab-runner, telegraf,...
7.5CVSS
9AI Score
0.732EPSS
GHSA-2C7C-3MJ9-8FQH vulnerabilities
Vulnerabilities for packages: kubescape, cosign, dex, vexctl, cert-manager, rekor, tekton-pipelines, slsa-verifier, sops, tkn, argo-workflows, oauth2-proxy, kots, terragrunt, spire-server, argo-cd, aactl, kyverno, tekton-chains, external-secrets-operator, gitsign, cloudflared, fulcio,...
7.5AI Score
CVE-2024-21626 vulnerabilities
Vulnerabilities for packages: docker, kubescape, ingress-nginx-controller, kaniko, newrelic-infrastructure-agent, datadog-agent, nvidia-device-plugin, kots, k3s, buildkitd, grype, nerdctl, zarf, runc, trivy, skopeo, wolfictl, telegraf, ctop, syft, k9s, skaffold, k3d, kubernetes, cadvisor,...
8.6CVSS
9.2AI Score
0.051EPSS
GHSA-7WW5-4WQC-M92C vulnerabilities
Vulnerabilities for packages: kubescape, helm, cert-manager, kaniko, tekton-pipelines, newrelic-infrastructure-agent, fuse-overlayfs-snapshotter, helm-push, kots, eksctl, gitness, grype, trivy, melange, up, telegraf, ctop, neuvector-agent, skaffold, cilium-cli, k3d, flux-source-controller, zot,...
7.5AI Score
CVE-2024-25620 vulnerabilities
Vulnerabilities for packages: eksctl, cilium-cli, kubescape, up, cert-manager, k9s, flux-source-controller, istio-operator, trivy, zot, zarf, k8sgpt, helm-operator, flux-helm-controller, helm-push, kots,...
6.4CVSS
6.7AI Score
0.0004EPSS
GHSA-R53H-JV2G-VPX6 vulnerabilities
Vulnerabilities for packages: eksctl, cilium-cli, kubescape, up, cert-manager, k9s, flux-source-controller, istio-operator, trivy, zot, zarf, k8sgpt, helm-operator, flux-helm-controller, helm-push, kots,...
7.5AI Score
7.5AI Score
GHSA-95PR-FXF5-86GV vulnerabilities
Vulnerabilities for packages: kubescape, falcoctl, vexctl, tkn, slsa-verifier, policy-controller, spire-server, aactl, neuvector-sigstore-interface, zarf, goreleaser, tekton-chains, gitsign, melange, wolfictl, apko, skaffold, flux-source-controller, falco, zot,...
7.5AI Score
Vulnerabilities for packages: crossplane-provider-azure, cosign, falcoctl, kubescape, influxd, terraform, loki, step-ca, vexctl, flux, cert-manager, gomplate, bank-vaults, rekor, slsa-verifier, sops, tekton-pipelines, guac, tkn, snyk-cli, k3s, opentofu, policy-controller, buildkitd, spire-server,.....
6CVSS
6.2AI Score
0.0004EPSS
CVE-2024-24789 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, snyk-cli, spicedb, velero-plugin-for-aws, ollama, kube-vip, timestamp-authority, pulumi-language-dotnet, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic, nri-nginx,....
5.5CVSS
6.1AI Score
0.0004EPSS
GHSA-V6V8-XJ6M-XWQH vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, cosign, falcoctl, kubescape, influxd, terraform, loki, step-ca, vexctl, flux, cert-manager, gomplate, bank-vaults, rekor, slsa-verifier, sops, tekton-pipelines, guac, tkn, snyk-cli, k3s, opentofu, policy-controller, buildkitd, spire-server,.....
7.5AI Score
CVE-2023-45285 vulnerabilities
Vulnerabilities for packages: gobuster, nats, dgraph, render-template, flannel-cni-plugin, sbom-scorecard, gitlab-logger, slsa-verifier, gosu, prometheus-stackdriver-exporter, sops, cni-plugins, gke-gcloud-auth-plugin, gops, helm-push, cortex, docker-cli, sonobuoy, aactl, wait-for-port,...
7.5CVSS
7.9AI Score
0.001EPSS
CVE-2024-32473 vulnerabilities
Vulnerabilities for packages: harbor-scanner-trivy, docker, melange, k3d, prometheus, wolfictl, docker-compose, buf, grype, kaniko, neuvector-scanner, tekton-pipelines, syft, dagger, cri-tools, helm-push,...
4.7CVSS
4.9AI Score
0.0004EPSS
7.8CVSS
9.2AI Score
0.001EPSS
7.5AI Score
7.5AI Score
CVE-2023-45288 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, spicedb, temporal-server, velero-plugin-for-aws, ollama, timestamp-authority, pulumi-language-dotnet, hubble, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic,...
6.8AI Score
0.0004EPSS
CVE-2024-24787 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, trillian, osv-scanner, step-ca, logstash, flyte, aws-efs-csi-driver, thanos, go, gosu, capslock, jitsucom-bulker, k8sgpt, kubernetes-csi-external-provisioner, local-static-provisioner, dask-gateway, snyk-cli, helm-push,...
6.5AI Score
0.0004EPSS
GHSA-5FQ7-4MXC-535H vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, trillian, osv-scanner, step-ca, logstash, flyte, aws-efs-csi-driver, thanos, go, gosu, capslock, jitsucom-bulker, k8sgpt, kubernetes-csi-external-provisioner, local-static-provisioner, dask-gateway, snyk-cli, helm-push,...
7.5AI Score
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, trillian, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, k8sgpt, kots, kubernetes-csi-livenessprobe, prometheus-statsd-exporter, external-dns, ollama, aws-ebs-csi-driver, pulumi-language-dotnet,...
6.1CVSS
7.3AI Score
0.001EPSS
CVE-2024-24557 vulnerabilities
Vulnerabilities for packages: kubescape, cosign, falcoctl, loki, helm, vexctl, cert-manager, tekton-pipelines, newrelic-infrastructure-agent, slsa-verifier, cri-tools, guac, k8sgpt, argo-workflows, flux-image-reflector-controller, datadog-agent, kots, k3s, policy-controller, buildkitd, eksctl,...
7.8CVSS
7.5AI Score
0.001EPSS
CVE-2024-24784 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.8AI Score
0.0004EPSS
GHSA-RR6R-CFGF-GC6H vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
CVE-2024-35255 vulnerabilities
Vulnerabilities for packages: kubescape, cosign, falcoctl, loki, step-ca, flux, cert-manager, flyte, bank-vaults, harbor-registry, rekor, sops, tekton-pipelines, guac, thanos, k8sgpt, argo-workflows, tkn, terragrunt, boring-registry, policy-controller, buildkitd, airflow, spire-server, cortex,...
5.5CVSS
6AI Score
0.0004EPSS
GHSA-M5VV-6R4H-3VJ9 vulnerabilities
Vulnerabilities for packages: kubescape, cosign, falcoctl, loki, step-ca, flux, cert-manager, flyte, bank-vaults, harbor-registry, rekor, sops, tekton-pipelines, guac, thanos, k8sgpt, argo-workflows, tkn, terragrunt, boring-registry, policy-controller, buildkitd, airflow, spire-server, cortex,...
7.5AI Score
GHSA-3F2Q-6294-FMQ5 vulnerabilities
Vulnerabilities for packages: melange, pulumi-kubernetes-operator, argo-cd, flux-notification-controller,...
7.5AI Score
CVE-2023-48795 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, nats, trillian, step-ca, thanos, helm-push, kots, temporal-server, prometheus-statsd-exporter, external-dns, grype, ollama, nerdctl, crossplane-provider-aws, tekton-chains, vault-csi-provider, trivy, prometheus, up,...
5.9CVSS
7.1AI Score
0.963EPSS
CVE-2024-24786 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, falcoctl, nats, trillian, osv-scanner, step-ca, kaniko, aws-efs-csi-driver, thanos, kubernetes-csi-external-provisioner, capslock, k8sgpt, datadog-agent, kots, kubeadm-bootstrap-controller, spicedb, temporal-server,...
6.7AI Score
0.0004EPSS
GHSA-88JX-383Q-W4QC vulnerabilities
Vulnerabilities for packages: kubescape, falcoctl, vexctl, tkn, slsa-verifier, policy-controller, spire-server, aactl, neuvector-sigstore-interface, zarf, goreleaser, tekton-chains, gitsign, melange, wolfictl, apko, skaffold, flux-source-controller, falco, zot,...
7.5AI Score
GHSA-4V7X-PQXF-CX7M vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, spicedb, temporal-server, velero-plugin-for-aws, ollama, timestamp-authority, pulumi-language-dotnet, hubble, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic,...
7.5AI Score
GHSA-2JWV-JMQ4-4J3R vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, trillian, osv-scanner, step-ca, logstash, flyte, aws-efs-csi-driver, thanos, go, gosu, capslock, jitsucom-bulker, k8sgpt, kubernetes-csi-external-provisioner, local-static-provisioner, dask-gateway, snyk-cli, helm-push,...
7.5AI Score
CVE-2024-24790 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, falcoctl, nri-jmx, xcaddy, kaniko, capslock, nri-consul, snyk-cli, spicedb, velero-plugin-for-aws, ollama, kube-vip, timestamp-authority, pulumi-language-dotnet, runc, vault-csi-provider, trivy, nats-server, telegraf, supercronic, nri-nginx,....
9.8CVSS
9.8AI Score
0.001EPSS
CVE-2023-46737 vulnerabilities
Vulnerabilities for packages: melange, kubescape, cosign, tekton-chains, aactl, apko, tkn, slsa-verifier, goreleaser, spire-server, falco, skaffold, policy-controller,...
5.3CVSS
5.1AI Score
0.0005EPSS
CVE-2023-39325 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, gobuster, falcoctl, nats, trillian, aws-efs-csi-driver, thanos, go, kubernetes-csi-external-provisioner, k8sgpt, kots, kubernetes-csi-livenessprobe, prometheus-statsd-exporter, external-dns, ollama, aws-ebs-csi-driver,...
7.5CVSS
8.4AI Score
0.002EPSS
GHSA-C5Q2-7R4C-MV6G vulnerabilities
Vulnerabilities for packages: cosign, dex, falcoctl, dgraph, step-ca, vexctl, gomplate, cert-manager, rekor, tekton-pipelines, slsa-verifier, tkn, frp, guac, argo-workflows, istio-cni, oauth2-proxy, terragrunt, policy-controller, grpc-health-probe, spire-server, minio, step, argo-cd, aactl,...
7.5AI Score
GHSA-VFP6-JRW2-99G9 vulnerabilities
Vulnerabilities for packages: melange, kubescape, cosign, tekton-chains, aactl, apko, tkn, slsa-verifier, goreleaser, spire-server, falco, skaffold, policy-controller,...
7.5AI Score
GHSA-3Q2C-PVP5-3CQP vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
GHSA-FGQ5-Q76C-GX78 vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
GHSA-J6M3-GC37-6R6Q vulnerabilities
Vulnerabilities for packages: crossplane-provider-azure, envoy-ratelimit, gobuster, nats, trillian, flannel-cni-plugin, bazelisk, aws-efs-csi-driver, thanos, gosu, kubernetes-csi-external-provisioner, capslock, k8sgpt, cni-plugins, dask-gateway, datadog-agent, helm-push,...
7.5AI Score
GHSA-9763-4F94-GFCH vulnerabilities
Vulnerabilities for packages: kubescape, cosign, vexctl, flux, kaniko, tkn, slsa-verifier, sops, terragrunt, boring-registry, policy-controller, spire-server, gitness, argo-cd, aactl, pulumi-language-java, pulumi-language-dotnet, zarf, goreleaser, pulumi, crossplane-provider-aws, tekton-chains,...
7.5AI Score
Vulnerabilities for packages: kubernetes-dns-node-cache, ip-masq-agent, spark-operator, aws-ebs-csi-driver, aws-efs-csi-driver, cluster-autoscaler, prometheus-adapter, nodetaint,...
8.8CVSS
8.1AI Score
0.001EPSS
GHSA-HQ6Q-C2X6-HMCH vulnerabilities
Vulnerabilities for packages: kubernetes-dns-node-cache, ip-masq-agent, spark-operator, aws-ebs-csi-driver, aws-efs-csi-driver, cluster-autoscaler, prometheus-adapter, nodetaint,...
7.5AI Score
CVE-2024-26147 vulnerabilities
Vulnerabilities for packages: eksctl, cilium-cli, kubescape, up, cert-manager, k9s, flux-source-controller, istio-operator, trivy, zot, zarf, k8sgpt, helm-operator, flux-helm-controller, helm-push, kots,...
7.5CVSS
7.7AI Score
0.0004EPSS
9.8CVSS
9.9AI Score
0.005EPSS