Kubernetes Metric-Server CVEs

[Chris Doble]

Hi,

I hope this is the right forum to address this to, if not could you point me in the right direction please? 😊

We’re using Kubernetes metrics-server 0.6.4 which I believe is the latest version. We scan all of our images for known CVEs and there have been a few High detected in both 0.6.3 & 0.6.4 (listed below). Would it be possible to get these fixed in the next release please? In particular CVE-2023-44487 which we are particularly concerned about.

CVE-2023-44487 - Upgrade package google.golang.org/grpc to version 1.56.3 or above.

CVE-2023-47108 - Upgrade package go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc to version 0.46.0 or above.

CVE-2023-45142 - Upgrade package go.opentelemetry.io/contrib/instrumentation/net/http/otelhttp to version 0.44.0 or above.

CVE-2023-39325 - Upgrade package golang.org/x/net to version 0.17.0 or above.

 

 

Kind Regards

 

Chris Doble

 

Chris Doble| DevOps Engineer

Containers & Serverless | Technology Platforms

Chilworth House, Eastleigh, Hants, SO53 3RY

(: 02380 354 714 (external)  (: 7874714 (internal)  (: 07800 691672 (Mobile)

*: chris...@aviva.com

 

Aviva: Confidential

Aviva is the trading name for the principal subsidiaries of the

Aviva Group in the United Kingdom. The principal subsidiaries are:

Aviva Insurance Limited.

Registered Office Pitheavlis, Perth PH2 0NH.

Registered in Scotland Number 2116.

Authorised by the Prudential Regulation Authority and regulated by the Financial

Conduct Authority and the Prudential Regulation Authority.

Firm Reference Number 202153.



Aviva Life & Pensions UK Limited.

Registered Office: Aviva, Wellington Row, York, YO90 1WR.

Registered in England No. 3253947.

Authorised by the Prudential Regulation Authority and regulated by the Financial Conduct Authority and the Prudential Regulation Authority.

Firm Reference Number 185896.



Aviva Health UK Limited.

Registered Office 8 Surrey Street Norwich NR1 3NG.

Registered in England Number 2464270.

Authorised and regulated by the Financial Conduct Authority.

Firm Reference Number 308139.



Aviva Insurance Ireland Designated Activity Company.

Registered Office: Cherrywood Business Park, Dublin, Ireland D18 W2P5.

Firm reference Number C171485.

Authorised and regulated by the Central Bank of Ireland.

Registered UK Branch Address: St Helen’s, 1 Undershaft, London EC3P 3DQ.

UK branch authorised by the Prudential Regulation Authority. Subject to regulation by the Financial Conduct Authority (FCA reference No.827591) and limited regulation by the Prudential Regulation Authority. Details about the extent of our regulation by the Prudential Regulation Authority are available from us on request.

**********************************************************************

This email and any files sent with it are intended only for the named recipient. If

you are not the named recipient please telephone/email

the sender immediately. You should not disclose the content or

take/retain/distribute any copies.

**********************************************************************

aviva.co.uk (END)