CVE-2023-39325 vulnerabilities

2024-05-1321:06:55

packages.wolfi.dev

vulnerabilities

package

k8sgpt-operator

gitlab-runner

prometheus-elasticsearch-exporter

security

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

8.4 High

AI Score

Confidence

High

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.002 Low

EPSS

Percentile

59.0%

JSON

Vulnerabilities for packages: prometheus-mysqld-exporter, grpcurl, nri-prometheus, kubernetes-ingress-defaultbackend, gitlab-runner, kubeflow-katib, gitlab-pages, external-secrets-operator, cosign, k8sgpt, kube-fluentd-operator, gitlab-shell, prometheus-pushgateway, kubernetes-csi-external-attacher, prometheus-statsd-exporter, telegraf, kubescape, crossplane-provider-azure, stakater-reloader, aws-efs-csi-driver, kubernetes-csi-external-snapshotter, runc, gke-gcloud-auth-plugin, gatekeeper, caddy, prometheus-stackdriver-exporter, opentofu, cluster-autoscaler, aws-ebs-csi-driver, kubevela, dynamic-localpv-provisioner, trust-manager, kubernetes-csi-livenessprobe, nfs-subdir-external-provisioner, influxd, hey, skaffold, kyverno, slsa-verifier, haproxy-ingress, prometheus-postgres-exporter, istio-cni, pulumi-language-dotnet, pulumi-language-java, pulumi, secrets-store-csi-driver-provider-gcp, mc, tkn, kind, thanos-operator, apko, trillian, falco, metrics-server, istio-pilot-agent, flux-kustomize-controller, k3s, prometheus-elasticsearch-exporter, dex, kubernetes-dashboard, vault-csi-provider, flux-helm-controller, node-problem-detector, timoni, flux-image-automation-controller, falcoctl, k8sgpt-operator, tekton-chains, prometheus-mongodb-exporter, vertical-pod-autoscaler, external-dns, kaf, buildkitd, ollama, vault, istio-pilot-discovery, nats, prometheus-blackbox-exporter, argo-cd, hugo, helm, flux, kubernetes-dashboard-metrics-scraper, aactl, metacontroller, dive, flux-notification-controller, kubewatch, weaviate, karpenter, pulumi-language-yaml, up, frp, gobuster, istio-operator, vault-k8s, flux-image-reflector-controller, nvidia-device-plugin, k3d, prometheus-node-exporter, sigstore-scaffolding, prometheus, src, crossplane-provider-aws, kubernetes-csi-external-resizer, kubernetes-dns-node-cache, oauth2-proxy, tctl, containerd, spark-operator, git-lfs, bank-vaults, pulumi-kubernetes-operator, kots, gitness, coredns, terraform, prometheus-bind-exporter, newrelic-infrastructure-agent, atlantis, gomplate, kubernetes-csi-node-driver-registrar, cloud-sql-proxy, consul, prometheus-operator, rqlite, fuse-overlayfs-snapshotter, prometheus-adapter, keda, dgraph, kube-state-metrics, flux-source-controller, kpt, kubernetes-csi-external-provisioner, chartmuseum, minio, kube-logging-operator, cue, nodetaint, wireguard-go, prometheus-alertmanager, bom, aws-load-balancer-controller, zot, go, yq, secrets-store-csi-driver, memcached-exporter, thanos

OSVersionArchitecturePackageVersionFilename
Wolfiunknownx86_64aactl<= 0.4.12-r7aactl-0.4.12-r7.apk
Wolfiunknownaarch64aactl<= 0.4.12-r7aactl-0.4.12-r7.apk
Wolfiunknownx86_64apko<= 0.10.0-r6apko-0.10.0-r6.apk
Wolfiunknownaarch64apko<= 0.10.0-r6apko-0.10.0-r6.apk
Wolfiunknownx86_64argo-cd<= 2.7.14-r5argo-cd-2.7.14-r5.apk
Wolfiunknownaarch64argo-cd<= 2.7.14-r5argo-cd-2.7.14-r5.apk
Wolfiunknownx86_64argo-cd<= 2.8.4-r4argo-cd-2.8.4-r4.apk
Wolfiunknownaarch64argo-cd<= 2.8.4-r4argo-cd-2.8.4-r4.apk
Wolfiunknownx86_64atlantis<= 0.26.0-r3atlantis-0.26.0-r3.apk
Wolfiunknownaarch64atlantis<= 0.26.0-r3atlantis-0.26.0-r3.apk

OS	Version	Architecture	Package	Version	Filename
Wolfi	unknown	x86_64	aactl	<= 0.4.12-r7	aactl-0.4.12-r7.apk
Wolfi	unknown	aarch64	aactl	<= 0.4.12-r7	aactl-0.4.12-r7.apk
Wolfi	unknown	x86_64	apko	<= 0.10.0-r6	apko-0.10.0-r6.apk
Wolfi	unknown	aarch64	apko	<= 0.10.0-r6	apko-0.10.0-r6.apk
Wolfi	unknown	x86_64	argo-cd	<= 2.7.14-r5	argo-cd-2.7.14-r5.apk
Wolfi	unknown	aarch64	argo-cd	<= 2.7.14-r5	argo-cd-2.7.14-r5.apk
Wolfi	unknown	x86_64	argo-cd	<= 2.8.4-r4	argo-cd-2.8.4-r4.apk
Wolfi	unknown	aarch64	argo-cd	<= 2.8.4-r4	argo-cd-2.8.4-r4.apk
Wolfi	unknown	x86_64	atlantis	<= 0.26.0-r3	atlantis-0.26.0-r3.apk
Wolfi	unknown	aarch64	atlantis	<= 0.26.0-r3	atlantis-0.26.0-r3.apk