Open
Description
What would you like to be added:
A new release for registry.k8s.io/build-image/debian-base
Why is this needed:
The current version: registry.k8s.io/build-image/debian-base:bookworm-v1.0.4, has a package: libexpat1 that contains a CRITICAL security vulnerability. I am trying to use this image registry.k8s.io/sig-storage/smbplugin:v1.15.0 and this image uses the above image as a base. They can't upgrade to the new remediated version of libexpat1 which is 2.6.3-1, so we need the base image to be updated.
_ _ _
__ _(_)____ ___| (_)
\ \ /\ / / |_ / / __| | |
\ V V /| |/ / | (__| | |
\_/\_/ |_/___| \___|_|_|
SUCCESS Ready to scan Docker image registry.k8s.io/sig-storage/smbplugin:v1.15.0
SUCCESS Scanned Docker image
SUCCESS Docker image scan analysis ready
OS Package vulnerabilities:
.
.
.
Name: libexpat1, Version: 2.5.0-1
CVE-2024-45490, Severity: CRITICAL, Source: https://security-tracker.debian.org/tracker/CVE-2024-45490
CVE-2024-45491, Severity: HIGH, Source: https://security-tracker.debian.org/tracker/CVE-2024-45491
CVE-2024-45492, Severity: HIGH, Source: https://security-tracker.debian.org/tracker/CVE-2024-45492
CVE-2023-52425, Severity: LOW, Source: https://security-tracker.debian.org/tracker/CVE-2023-52425
CVSS score: 7.5, CVSS exploitability score: 3.9
💥 Has public exploit
CVE-2023-52426, Severity: LOW, Source: https://security-tracker.debian.org/tracker/CVE-2023-52426
CVSS score: 5.5, CVSS exploitability score: 1.8
CVE-2024-28757, Severity: LOW, Source: https://security-tracker.debian.org/tracker/CVE-2024-28757
.
.
.