Many critical and high CVEs in plugin image v1.5.0 #3
Description
The image ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 has many critical and high CVEs that have been fixed.
Are these issues fixed in the latest release?
See related issue #2 that plugin v1.5.0 includes the CNI v1.3.0.
| IMAGE | SEVERITY | IMPACTED PACKAGE | FIXED VERSIONS | CVEs |
|---|---|---|---|---|
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | Critical | github.com/golang/go | 1.19.10,1.20.5 | CVE-2023-29404 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | Critical | github.com/golang/go | 1.19.10,1.20.5 | CVE-2023-29405 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | Critical | github.com/golang/go | 1.19.10,1.20.5 | CVE-2023-29402 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | Critical | github.com/golang/go | 1.21.11,1.22.4 | CVE-2024-24790 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:glibc-common | 0:2.17-326.el7_9.3 (RHSA-2024:3588) | CVE-2024-33599 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:glibc | 0:2.17-326.el7_9.3 (RHSA-2024:3588) | CVE-2024-33599 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:glibc-common | 0:2.17-326.el7_9.3 (RHSA-2024:3588) | CVE-2024-2961 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:glibc | 0:2.17-326.el7_9.3 (RHSA-2024:3588) | CVE-2024-2961 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.16 (RHSA-2024:3741) | CVE-2023-50868 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.16 (RHSA-2024:3741) | CVE-2023-50387 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:krb5-libs | 0:1.15.1-55.el7_9 (RHSA-2022:8640) | CVE-2022-42898 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:xz | 0:5.2.2-2.el7_9 (RHSA-2022:5052) | CVE-2022-1271 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:xz-libs | 0:5.2.2-2.el7_9 (RHSA-2022:5052) | CVE-2022-1271 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:gzip | 0:1.5-11.el7_9 (RHSA-2022:2191) | CVE-2022-1271 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:zlib | 0:1.2.7-18.el7_6.1 (RHSA-2023:0975),0:1.2.7-18.el7_7.1 (RHSA-2023:0943) | CVE-2018-25032 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2020:4366) | CVE-2020-7943 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:libxml2 | 0:2.9.1-6.el7_9.9 (RHSA-2025:2673) | CVE-2024-56171 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:libxml2-python | 0:2.9.1-6.el7_9.9 (RHSA-2025:2673) | CVE-2024-56171 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | github.com/golang/go | 1.20.12,1.21.5 | CVE-2023-45285 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | github.com/golang/go | 1.20.9,1.21.2 | CVE-2023-39323 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-libs | 0:2.7.5-93.el7_9 (RHSA-2023:3555) | CVE-2023-24329 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python | 0:2.7.5-93.el7_9 (RHSA-2023:3555) | CVE-2023-24329 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:openssl-libs | 1:1.0.2k-21.el7_7.1 (RHSA-2024:5136) | CVE-2023-0286 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:expat | 0:2.1.0-15.el7_9 (RHSA-2022:6834) | CVE-2022-40674 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:openssl-libs | 1:1.0.2k-10.el7_4 (RHSA-2022:1076),1:1.0.2k-18.el7_6 (RHSA-2022:1078),1:1.0.2k-21.el7_7 (RHSA-2022:1077) | CVE-2022-0778 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:cyrus-sasl-lib | 0:2.1.26-24.el7_9 (RHSA-2022:0666) | CVE-2022-24407 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | github.com/golang/go | 1.20.11,1.20.12,1.21.4,1.21.5 | CVE-2023-45283 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | github.com/golang/go | 1.19.10,1.20.5 | CVE-2023-29403 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:systemd | 0:219-78.el7_9.7 (RHSA-2022:6160) | CVE-2022-2526 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:systemd-libs | 0:219-78.el7_9.7 (RHSA-2022:6160) | CVE-2022-2526 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2020:4366) | CVE-2020-7238 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2019:3172) | CVE-2019-10906 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2019:3172) | CVE-2016-10745 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:libxml2 | 0:2.9.1-6.el7_9.9 (RHSA-2025:2673) | CVE-2025-24928 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:libxml2-python | 0:2.9.1-6.el7_9.9 (RHSA-2025:2673) | CVE-2025-24928 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.18 (RHSA-2025:1718) | CVE-2024-11187 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.17 (RHSA-2024:5930) | CVE-2024-1737 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.17 (RHSA-2024:5930) | CVE-2024-1975 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:krb5-libs | 0:1.15.1-55.el7_9.3 (RHSA-2024:8788) | CVE-2024-3596 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.16 (RHSA-2024:3741) | CVE-2023-4408 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.15 (RHSA-2023:5691) | CVE-2023-3341 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-libs | 0:2.7.5-94.el7_9 (RHSA-2023:6885) | CVE-2023-40217 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python | 0:2.7.5-94.el7_9 (RHSA-2023:6885) | CVE-2023-40217 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.14 (RHSA-2023:4152) | CVE-2023-2828 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2021:1313) | CVE-2020-8165 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2021:1313) | CVE-2020-8162 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2020:4366) | CVE-2020-7663 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:nss-sysinit | 0:3.79.0-5.el7_9 (RHSA-2023:1332) | CVE-2023-0767 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:nss | 0:3.79.0-5.el7_9 (RHSA-2023:1332) | CVE-2023-0767 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:nss-tools | 0:3.79.0-5.el7_9 (RHSA-2023:1332) | CVE-2023-0767 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.10 (RHSA-2022:6765) | CVE-2022-38178 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:bind-license | 32:9.11.4-26.P2.el7_9.10 (RHSA-2022:6765) | CVE-2022-38177 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:expat | 0:2.1.0-14.el7_9 (RHSA-2022:1069) | CVE-2022-25236 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:expat | 0:2.1.0-14.el7_9 (RHSA-2022:1069) | CVE-2022-25235 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:expat | 0:2.1.0-14.el7_9 (RHSA-2022:1069) | CVE-2022-25315 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2020:4366) | CVE-2020-14334 |
| ghcr.io/k8snetworkplumbingwg/plugins:v1.5.0 | High | 7:python-pycurl | 0:7.43.0.2-4.el7sat (RHSA-2020:4366) | CVE-2018-3258 |