Security and CVE report
Gloo Platform container images are scanned using Trivy for HIGH and CRITICAL vulnerabilities.
How does Solo fix CVEs?
For OS vulnerabilities that are part of the Istio image, Solo waits for the CVE patch to be provided by the Istio community before releasing a new Solo image. According to the Istio CVE policy, critical CVEs that are found in Istio or that are exploitable through Istio are fixed by the Istio community as soon as possible, and released outside the regular release cycle. Fixes for non-critical CVEs are usually provided as part of the regular Istio release cycle.
For vulnerabilities that are found in a component that Solo controls, such as the image for the Gloo management server, Solo is responsible to provide a security patch. The patch is released as soon as it is available, independently from any Istio release.
Security and CVE scan
Latest 2.4.x gloo mesh enterprise Release: 2.4.6
gloo mesh enterprise gloo-mesh-apiserver image
No scan found
gloo mesh enterprise gloo-mesh-ui image
No scan found
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No scan found
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No scan found
gloo mesh enterprise gloo-mesh-mgmt-server image
No scan found
gloo mesh enterprise gloo-mesh-istiod-agent image
No scan found
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.4.5
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.5 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.5 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.5 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.4.4
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.4 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.4 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.4 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.4 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.4 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.4 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.4 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.4 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.15.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.4.3
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.3 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.3 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.3 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.3 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.3 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.3 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.3 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.3 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.4.2
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.2 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.2 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.2 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.2 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.2 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.2 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.2 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.2 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.4.1
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.1 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.1 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.1 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.1 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.1 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.1 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-28840 | github.com/docker/docker | HIGH | v23.0.1+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.1 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.1 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.13.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230824050558-a835e9cca9eb | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.4.0
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.4.0 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.4.0 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.4.0 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-spire-controller:2.4.0 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/spire-controller-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.4.0 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.4.0 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.4.0 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.4.0 (alpine 3.18.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.2-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.11.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.54.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20230403164233-3e857775086a | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Latest 2.3.x gloo mesh enterprise Release: 2.3.22
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.22 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.22 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.22 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.21
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.21 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.21 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.21 (alpine 3.18.4)
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.20
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.20 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.20 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.20 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.20 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.20 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.20 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.20 (alpine 3.18.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.1.3-r0 | 3.1.4-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.19
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.19 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.19 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.19 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.19 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.19 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.19 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.19 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.18
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.18 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.18 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.18 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.18 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.18 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.18 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.18 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.11-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.17
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.17 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.17 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.17 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.17 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.17 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.17 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.17 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.16
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.16 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.16 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.16 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.16 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.16 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.16 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.16 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.15
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.15 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.15 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.15 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.15 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.15 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.15 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.15 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.14
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.14 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.14 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.14 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.14 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.14 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.14 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.14 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.13
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.13 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.13 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.13 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.13 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.13 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.13 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.13 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.12
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.12 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.12 (alpine 3.17.5)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.12 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.12 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.12 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.12 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.12 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.10-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.11
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.11 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.11 (alpine 3.17.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.11 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.11 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.11 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.11 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.11 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.8.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.10
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.10 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.10 (alpine 3.17.4)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.10 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.10 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.10 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.10 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.10 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.9
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.9 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.9 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.9 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.9 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.9 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.9 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.9 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.8
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.8 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.8 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.8 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.8 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.8 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.8 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.8 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.7
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.7 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.7 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.7 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.7 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.7 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.7 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.7 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.6
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.6 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.6 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.6 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.6 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.6 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.6 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.6 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.5
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.5 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.5 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.5 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.5 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.5 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.5 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.5 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.4
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.4 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.4 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.4 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.4 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.4 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.4 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.4 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.9-r1 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.3
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.3 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.3 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.3 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.3 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.3 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.3 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.3 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.2
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.2 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.2 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.2 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.2 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.2 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.2 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.2 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.1
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.1 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.1 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.1 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.1 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.1 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.1 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.1 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r4 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.3.0
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.3.0 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.3.0 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.3.0 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.3.0 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.3.0 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.3.0 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.12.3 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-portal-server:2.3.0 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r3 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
Vulnerabilities Listed for usr/local/bin/portal-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.7.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20221208171804-952b2e8bc4b0 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise enterprise-networking image
No scan found
Latest 2.2.x gloo mesh enterprise Release: 2.2.9
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.9 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.9 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.9 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.8
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.8 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.8 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.8 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.7
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.7 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.7 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.7 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.6
gloo mesh enterprise gloo-mesh-apiserver image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.23.7 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.6 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.6 (ubuntu 20.04)
gloo mesh enterprise gloo-mesh-mgmt-server image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v2.8.1+incompatible | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2023-28840 | github.com/docker/docker | HIGH | v20.10.16+incompatible | 20.10.24, 23.0.3 | https://avd.aquasec.com/nvd/cve-2023-28840 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
No Vulnerabilities Found for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.6 (alpine 3.16.2)
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220606160615-c6abaf5e5fd6 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.5
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.5 (alpine 3.17.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.8-r0 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.8-r0 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.5 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.52.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.4
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.4 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.4 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.3
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.3 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.3 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1t-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.5.0 | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.5.0 | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.2
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.2 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.2 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.1
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.1 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.1 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.2.0
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.2.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.2.0 (alpine 3.16.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
| CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
| CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.2.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.2.0 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.2.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.2 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.2.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Latest 2.1.x gloo mesh enterprise Release: 2.1.5
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.5 (alpine 3.17.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libcrypto3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
| CVE-2022-4450 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0216 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0216 |
| CVE-2023-0217 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0217 |
| CVE-2023-0286 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0401 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r0 | https://avd.aquasec.com/nvd/cve-2023-0401 |
| CVE-2023-0464 | libssl3 | HIGH | 3.0.7-r2 | 3.0.8-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-5363 | libssl3 | HIGH | 3.0.7-r2 | 3.0.12-r0 | https://avd.aquasec.com/nvd/cve-2023-5363 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.5 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.5 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.1.4
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.4 (alpine 3.16.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
| CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
| CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.4 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.4 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.1.3
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.3 (alpine 3.16.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
| CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
| CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.3 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.3 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.1.2
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.2 (alpine 3.16.3)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | curl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | curl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r4 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r4 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r4 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r4 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r4 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | libcurl | HIGH | 7.83.1-r4 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
| CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
| CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.2 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.2 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.1.1
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.1 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-32221 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | curl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-42915 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
| CVE-2022-42916 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | curl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-32221 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-42915 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
| CVE-2022-42916 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | libcurl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
| CVE-2022-2309 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r1 | https://avd.aquasec.com/nvd/cve-2022-2309 |
| CVE-2022-40303 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40303 |
| CVE-2022-40304 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40304 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
| CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
| CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
| CVE-2022-37434 | zlib | CRITICAL | 1.2.12-r1 | 1.2.12-r2 | https://avd.aquasec.com/nvd/cve-2022-37434 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.1 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.1 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/istiod-agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-portal-server image
No scan found
gloo mesh enterprise enterprise-networking image
No scan found
Release 2.1.0
gloo mesh enterprise gloo-mesh-apiserver image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-apiserver:2.1.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/apiserver-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
| CVE-2019-11253 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.13.12, 1.14.8, 1.15.5, 1.16.2 | https://avd.aquasec.com/nvd/cve-2019-11253 |
| CVE-2020-8558 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.18.4, 1.17.7, 1.16.11 | https://avd.aquasec.com/nvd/cve-2020-8558 |
| CVE-2021-25741 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.19.15, 1.20.11, 1.21.5, 1.22.2 | https://avd.aquasec.com/nvd/cve-2021-25741 |
| CVE-2023-3676 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3676 |
| CVE-2023-3955 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.1, 1.27.5, 1.26.8, 1.25.13, 1.24.17 | https://avd.aquasec.com/nvd/cve-2023-3955 |
| CVE-2023-5528 | k8s.io/kubernetes | HIGH | v1.13.0 | 1.28.4, 1.27.8, 1.26.11, 1.25.16 | https://avd.aquasec.com/nvd/cve-2023-5528 |
gloo mesh enterprise gloo-mesh-ui image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-ui:2.1.0 (alpine 3.16.1)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-32221 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
| CVE-2023-23914 | curl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | curl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-42915 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
| CVE-2022-42916 | curl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
| CVE-2022-43551 | curl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | curl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | curl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | curl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-32221 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-32221 |
| CVE-2023-23914 | libcurl | CRITICAL | 7.83.1-r2 | 7.83.1-r6 | https://avd.aquasec.com/nvd/cve-2023-23914 |
| CVE-2023-38545 | libcurl | CRITICAL | 7.83.1-r2 | 8.4.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38545 |
| CVE-2022-42915 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42915 |
| CVE-2022-42916 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r4 | https://avd.aquasec.com/nvd/cve-2022-42916 |
| CVE-2022-43551 | libcurl | HIGH | 7.83.1-r2 | 7.83.1-r5 | https://avd.aquasec.com/nvd/cve-2022-43551 |
| CVE-2023-27533 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27533 |
| CVE-2023-27534 | libcurl | HIGH | 7.83.1-r2 | 8.0.1-r0 | https://avd.aquasec.com/nvd/cve-2023-27534 |
| CVE-2023-28319 | libcurl | HIGH | 7.83.1-r2 | 8.1.0-r0 | https://avd.aquasec.com/nvd/cve-2023-28319 |
| CVE-2023-38039 | libcurl | HIGH | 7.83.1-r2 | 8.3.0-r0 | https://avd.aquasec.com/nvd/cve-2023-38039 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1q-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2023-1999 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r1 | https://avd.aquasec.com/nvd/cve-2023-1999 |
| CVE-2023-4863 | libwebp | HIGH | 1.2.3-r0 | 1.2.3-r2 | https://avd.aquasec.com/nvd/cve-2023-4863 |
| CVE-2022-2309 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r1 | https://avd.aquasec.com/nvd/cve-2022-2309 |
| CVE-2022-40303 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40303 |
| CVE-2022-40304 | libxml2 | HIGH | 2.9.14-r0 | 2.9.14-r2 | https://avd.aquasec.com/nvd/cve-2022-40304 |
| CVE-2023-29491 | ncurses-libs | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-29491 | ncurses-terminfo-base | HIGH | 6.3_p20220521-r0 | 6.3_p20220521-r1 | https://avd.aquasec.com/nvd/cve-2023-29491 |
| CVE-2023-35945 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r1 | https://avd.aquasec.com/nvd/cve-2023-35945 |
| CVE-2023-44487 | nghttp2-libs | HIGH | 1.47.0-r0 | 1.47.0-r2 | https://avd.aquasec.com/nvd/cve-2023-44487 |
| CVE-2022-41409 | pcre2 | HIGH | 10.40-r0 | 10.42-r0 | https://avd.aquasec.com/nvd/cve-2022-41409 |
| CVE-2022-37434 | zlib | CRITICAL | 1.2.12-r1 | 1.2.12-r2 | https://avd.aquasec.com/nvd/cve-2022-37434 |
gloo mesh enterprise rbac-webhook image
No scan found
gloo mesh enterprise gloo-mesh-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-agent:2.1.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/agent-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-otel-controller image
No scan found
gloo mesh enterprise gloo-mesh-spire-controller image
No scan found
gloo mesh enterprise enterprise-agent image
No scan found
gloo mesh enterprise gloo-mesh-envoy image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-envoy:2.1.0 (ubuntu 18.04)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0286 | openssl | HIGH | 1.1.1-1ubuntu2.1~18.04.20 | 1.1.1-1ubuntu2.1~18.04.21 | https://avd.aquasec.com/nvd/cve-2023-0286 |
gloo mesh enterprise gloo-mesh-mgmt-server image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-mgmt-server:2.1.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
| CVE-2022-4450 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0215 |
| CVE-2023-0286 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2023-0286 |
| CVE-2023-0464 | libssl1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r1 | https://avd.aquasec.com/nvd/cve-2023-0464 |
Vulnerabilities Listed for usr/local/bin/mgmt-server-linux-amd64
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2023-29002 | github.com/cilium/cilium | HIGH | v1.11.5 | 1.11.16, 1.12.9, 1.13.2 | https://avd.aquasec.com/nvd/cve-2023-29002 |
| CVE-2021-21272 | github.com/deislabs/oras | HIGH | v0.8.1 | 0.9.0 | https://avd.aquasec.com/nvd/cve-2021-21272 |
| CVE-2020-26160 | github.com/dgrijalva/jwt-go | HIGH | v3.2.0+incompatible | https://avd.aquasec.com/nvd/cve-2020-26160 | |
| CVE-2017-11468 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.7.0-rc.0 | https://avd.aquasec.com/nvd/cve-2017-11468 |
| CVE-2023-2253 | github.com/docker/distribution | HIGH | v0.0.0-20191216044856-a8371794149d | 2.8.2-beta.1 | https://avd.aquasec.com/nvd/cve-2023-2253 |
| CVE-2022-37315 | github.com/graphql-go/graphql | HIGH | v0.8.0 | 0.8.1 | https://avd.aquasec.com/nvd/cve-2022-37315 |
| CVE-2014-9356 | github.com/moby/moby | HIGH | v0.7.3-0.20190826074503-38ab9da00309 | 1.3.3 | https://avd.aquasec.com/nvd/cve-2014-9356 |
| CVE-2023-27561 | github.com/opencontainers/runc | HIGH | v1.1.1 | 1.1.5 | https://avd.aquasec.com/nvd/cve-2023-27561 |
| CVE-2022-27664 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.0.0-20220906165146-f3363e06e74c | https://avd.aquasec.com/nvd/cve-2022-27664 |
| CVE-2022-41721 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.1.1-0.20221104162952-702349b0e862 | https://avd.aquasec.com/nvd/cve-2022-41721 |
| CVE-2022-41723 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.7.0 | https://avd.aquasec.com/nvd/cve-2022-41723 |
| CVE-2023-39325 | golang.org/x/net | HIGH | v0.0.0-20220722155237-a158d28d115b | 0.17.0 | https://avd.aquasec.com/nvd/cve-2023-39325 |
| CVE-2022-32149 | golang.org/x/text | HIGH | v0.3.7 | 0.3.8 | https://avd.aquasec.com/nvd/cve-2022-32149 |
| GHSA-m425-mq94-257g | google.golang.org/grpc | HIGH | v1.49.0 | 1.56.3, 1.57.1, 1.58.3 | https://github.com/advisories/GHSA-m425-mq94-257g |
| CVE-2019-14993 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.1.13, 1.2.4 | https://avd.aquasec.com/nvd/cve-2019-14993 |
| CVE-2021-39155 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39155 |
| CVE-2021-39156 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.9.8, 1.10.4, 1.11.1 | https://avd.aquasec.com/nvd/cve-2021-39156 |
| CVE-2022-23635 | istio.io/istio | HIGH | v0.0.0-20220516185659-202e88863858 | 1.13.1, 1.12.4, 1.11.7 | https://avd.aquasec.com/nvd/cve-2022-23635 |
gloo mesh enterprise gloo-mesh-istiod-agent image
Vulnerabilities Listed for gcr.io/gloo-mesh/gloo-mesh-istiod-agent:2.1.0 (alpine 3.16.2)
| Vulnerability ID | Package | Severity | Installed Version | Fixed Version | Reference |
|---|---|---|---|---|---|
| CVE-2022-4450 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 | https://avd.aquasec.com/nvd/cve-2022-4450 |
| CVE-2023-0215 | libcrypto1.1 | HIGH | 1.1.1s-r0 | 1.1.1t-r0 |