Uploaded image for project: 'OpenShift GitOps'
  1. OpenShift GitOps
  2. GITOPS-3015

CVE-2023-24329: Python dependencies upgrade required.

XMLWordPrintable

    • GITOPS Sprint 241

      Description of problem:

      CVE-2023-24329 is causing the KAM image to degarde the container quality to B. Please check
      https://catalog.redhat.com/software/containers/openshift-gitops-1/kam-delivery-rhel8/60428fbddbb14c0b8248b529?container-tabs=security

      Prerequisites (if any, like setup, operators/versions):

      NA

      Steps to Reproduce

      Install the Operator using the bundle.

      Go to the KAM container, you will notice that the KAM container is using old and vulnerable python packages.

      platform-python-3.6.8-51.el8.x86_64
      python3-libs-3.6.8-51.el8.x86_64

      Actual results:

      NA

      Expected results:

      Upgrade the below python packages
      python3-libs-3.6.8-51.el8.x86_64
      platform-python-3.6.8-51.el8.x86_64

      Reproducibility (Always/Intermittent/Only Once):

      Acceptance criteria: 

      Python packages are upgraded and verified.

      Package versions required

      • platform-python-3.6.8-51.el8_8.1 
      • python3-libs-3.6.8-51.el8_8.1 

      Definition of Done:

      Build Details:

      Additional info (Such as Logs, Screenshots, etc):

       

       *

            rh-ee-sghadi Siddhesh Ghadi
            aveerama@redhat.com Abhishek Veeramalla
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Created:
              Updated:
              Resolved: