Security scans have identified multiple high-severity vulnerabilities across several container images used within the environment. These vulnerabilities affect the following components:
Outdated packages and libraries in these images contain known CVE-listed vulnerabilities with potential for remote code execution, denial of service, information disclosure, and privilege escalation. Immediate remediation is recommended to maintain a strong security posture.
Affected Components and Key CVEs
1. docker.io/milvusdb/etcd
2. docker.io/minio/minio
Security scans have identified multiple high-severity vulnerabilities across several container images used within the environment. These vulnerabilities affect the following components:
milvusdb/etcdminioOutdated packages and libraries in these images contain known CVE-listed vulnerabilities with potential for remote code execution, denial of service, information disclosure, and privilege escalation. Immediate remediation is recommended to maintain a strong security posture.
Affected Components and Key CVEs
1.
docker.io/milvusdb/etcdlibperl5.36,perl,perl-base(Fixed in: 5.36.0-7+deb12u2)libc6,libc-bin(Fixed in: 2.36-9+deb12u10)libgnutls30(Fixed in: 3.7.9-2+deb12u5)golang.org/x/crypto(Fixed in: 0.35.0)github.com/golang-jwt/jwt/v4(Fixed in: 4.5.2)2.
docker.io/minio/miniogolang.org/x/crypto(Fixed in: 0.35.0)golang.org/x/oauth2(Fixed in: 0.27.0)github.com/golang-jwt/jwt/v4andjwt/v5(Fixed in: 4.5.2 / 5.2.2)curl(Fixed in: 8.16.0+)