From bb69eb0a54891533d8e286c172c56222ff419b38 Mon Sep 17 00:00:00 2001 From: Moyo Oyegunle Date: Tue, 11 Feb 2025 00:42:53 -0500 Subject: [PATCH 1/2] Update Python version to 3.13.2 and enhance request processing with retry logic.Fixed Bugs around parsing abd running image. Improved Documentation. --- .../acs-correlation-example/Dockerfile | 16 +++---- .../acs-correlation-example/README.md | 27 +++++++++++- .../acs-correlation-example/acs_request.py | 29 ++++++++++--- util-scripts/acs-correlation-example/app.py | 6 ++- .../endpoint_list.json | 2 +- .../acs-correlation-example/logging.conf | 4 +- .../acs-correlation-example/requirements.txt | 43 ++++--------------- 7 files changed, 71 insertions(+), 56 deletions(-) diff --git a/util-scripts/acs-correlation-example/Dockerfile b/util-scripts/acs-correlation-example/Dockerfile index 36def15..2ff4d5f 100644 --- a/util-scripts/acs-correlation-example/Dockerfile +++ b/util-scripts/acs-correlation-example/Dockerfile @@ -7,15 +7,16 @@ FROM registry.access.redhat.com/ubi9:9.1.0-1782 #Change User USER 0 + # Install the required software RUN dnf install -y wget yum-utils make gcc openssl-devel bzip2-devel libffi-devel zlib-devel && \ - wget https://www.python.org/ftp/python/3.10.8/Python-3.10.8.tgz && \ - tar xzf Python-3.10.8.tgz && \ - cd Python-3.10.8 && \ + wget https://www.python.org/ftp/python/3.13.2/Python-3.13.2.tgz && \ + tar xzf Python-3.13.2.tgz && \ + cd Python-3.13.2 && \ ./configure --with-system-ffi --with-computed-gotos --enable-loadable-sqlite-extensions && \ make altinstall && \ cd .. && \ - rm Python-3.10.8.tgz + rm Python-3.13.2.tgz # # Install pip # RUN curl -O https://bootstrap.pypa.io/get-pip.py && python3 get-pip.py && python3 get-pip.py @@ -30,7 +31,7 @@ COPY ./ ./app WORKDIR ./app #Install App Dependecies -RUN pip3.10 install -r requirements.txt && pip3.10 install --upgrade pip +RUN pip3.13 install -r requirements.txt && pip3.13 install --upgrade pip #Expose Ports EXPOSE 8080/tcp @@ -38,8 +39,5 @@ EXPOSE 8080/tcp #Change Permissions to allow not root-user work RUN chmod -R g+rw ./ -#Change User -USER 1001 - #ENTRY -ENTRYPOINT python3.10 app.py +ENTRYPOINT python3.13 app.py diff --git a/util-scripts/acs-correlation-example/README.md b/util-scripts/acs-correlation-example/README.md index 30dbf81..28c285f 100644 --- a/util-scripts/acs-correlation-example/README.md +++ b/util-scripts/acs-correlation-example/README.md @@ -17,7 +17,30 @@ podman build -t quick_acs_app . ``` + - Copy and update endpoint list file and token + ```bash + export CENTRAL_API_URL="https://console-openshift-console.apps.cluster1.sandbox568.opentlc.com" + export MAIN_ACS_TOKEN="" + export ENDPOINT_DIR=$(mktemp -d -t ACS_Endpoint_List_XXXX ) + export OUTPUT_FILE_DIR=$(mktemp -d -t ACS_Output_DIR_XXXX ) + cat ./endpoint_list.json | envsubst > ${ENDPOINT_DIR}/endpoint_list.json + ``` + - Run Container ```bash - podman run --env $MAIN_ACS_TOKEN --env OUTPUT_FOLDER=/output -v /tmp/output:/output:Z localhost/quick_acs_app - ``` \ No newline at end of file + podman run --name acs_correlator \ + --replace \ + --userns=keep-id \ + --env MAIN_ACS_TOKEN=${MAIN_ACS_TOKEN} \ + --env ENDPOINT_LIST_JSON_PATH=/endpoint/endpoint_list.json \ + --env OUTPUT_FOLDER=/output \ + -v ${OUTPUT_FILE_DIR}:/output:z \ + -v ${ENDPOINT_DIR}:/endpoint:z \ + localhost/quick_acs_app + ``` + - If All goes well sample output should get written out to ${OUTPUT_FILE_DIR} + + - TODO: + - Example uses the [Pydantic Library to create models to export out objects relationships](https://docs.pydantic.dev/1.10/usage/exporting_models/#advanced-include-and-exclude). + - The sample relationships used for output can be seen in the [app.py](util-scripts/acs-correlation-example/app.py) on line 866 + - Will eventually extend this example to get custom relationships and export out a file. diff --git a/util-scripts/acs-correlation-example/acs_request.py b/util-scripts/acs-correlation-example/acs_request.py index 9aded2d..0d01940 100644 --- a/util-scripts/acs-correlation-example/acs_request.py +++ b/util-scripts/acs-correlation-example/acs_request.py @@ -1,6 +1,6 @@ from httpx import AsyncClient,HTTPError,NetworkError,RequestError,TimeoutException,ConnectTimeout,InvalidURL,ProtocolError,ConnectError import os -from httpx._config import SSLConfig +#from httpx._config import SSLConfig from logging import getLogger, config import typing as t import asyncio @@ -128,14 +128,29 @@ async def request_processing(full_url_path,insecure:bool=False,headers:dict=None """Send the Request and process the response""" logger.debug(f"request_processing -start: url:{full_url_path} verify_ssl:{insecure}") error=None + retry_count=3 + response_dict={"response_object":[],"error_object":None} - if params is None: - response_dict = await make_request(full_url_path,insecure,headers,params) - else: - if "pagination.limit" in params and "total_expected_count" in params: - response_dict = await request_processing_pagination(full_url_path,insecure,headers,params) + + + while retry_count > 0 and retry_count < 4: + if params is None: + response_dict = await make_request(full_url_path,insecure,headers,params) else: - response_dict = await make_request(full_url_path,insecure,headers,params) + if "pagination.limit" in params and "total_expected_count" in params: + response_dict = await request_processing_pagination(full_url_path,insecure,headers,params) + else: + response_dict = await make_request(full_url_path,insecure,headers,params) + + if response_dict["error_object"] is not None: + logger.error(f"request_processing - error: {response_dict['error_object']}") + retry_count-=1 + logger.info(f"Retrying request: {retry_count} attempts left") + logger.info(f"Sleeping for 5 seconds before retry") + await asyncio.sleep(5) + else: + break + return response_dict async def get_acs_alert(url,alert_id: str,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: diff --git a/util-scripts/acs-correlation-example/app.py b/util-scripts/acs-correlation-example/app.py index 18793fc..999c3a8 100644 --- a/util-scripts/acs-correlation-example/app.py +++ b/util-scripts/acs-correlation-example/app.py @@ -861,7 +861,7 @@ async def generate_cluster_namespace_deployment_alert_output_file(): """ Generate the output for the Cluster and Deployment """ - logger.info("Generating Output for Cluster and Deployment") + logger.info("Generating Output File for Cluster-Deployment-Namespace-Alerts-Relationship") exclude_keys = { "clusters": { @@ -953,6 +953,10 @@ async def main(): # Load the ACS Endpoints result_endpoint_list = await read_parse_acs_endpoints(settings.endpoint_list_json_path) + while result_endpoint_list is None: + logger.error("Error reading endpoint list file") + logger.info("Exiting") + return for endpoint in result_endpoint_list.endpoints: await ParsedMemory.check_endpoint_valid_healthy(endpoint) diff --git a/util-scripts/acs-correlation-example/endpoint_list.json b/util-scripts/acs-correlation-example/endpoint_list.json index 14fb331..715b11d 100644 --- a/util-scripts/acs-correlation-example/endpoint_list.json +++ b/util-scripts/acs-correlation-example/endpoint_list.json @@ -2,7 +2,7 @@ "endpoints": [ { "endpoint_name": "ACS_Demo_Environment", - "endpoint_url": "https://central-rhacs-operator.apps.cluster11.sandbox2585.opentlc.com", + "endpoint_url": "${CENTRAL_API_URL}", "endpoint_url_description": "ACS API endpoint for the application to make requess to", "endpoint_token_env_variable_name": "MAIN_ACS_TOKEN", "verify_endpoint_ssl" : "False", diff --git a/util-scripts/acs-correlation-example/logging.conf b/util-scripts/acs-correlation-example/logging.conf index a166157..9b36a94 100644 --- a/util-scripts/acs-correlation-example/logging.conf +++ b/util-scripts/acs-correlation-example/logging.conf @@ -25,7 +25,7 @@ formatter=detailedFormatter args=(sys.stdout,) [formatter_normalFormatter] -format=%(asctime)s loglevel=%(levelname)-6s logger=%(name)s %(funcName)s() L%(lineno)-4d %(message)s +format=%(asctime)s loglevel=%(levelname)-6s %(funcName)s() L%(lineno)-4d %(message)s [formatter_detailedFormatter] -format=%(asctime)s loglevel=%(levelname)-6s logger=%(name)s %(funcName)s() L%(lineno)-4d %(message)s call_trace=%(pathname)s L%(lineno)-4d \ No newline at end of file +format=%(asctime)s loglevel=%(levelname)-6s %(funcName)s() L%(lineno)-4d %(message)s call_trace=%(pathname)s L%(lineno)-4d \ No newline at end of file diff --git a/util-scripts/acs-correlation-example/requirements.txt b/util-scripts/acs-correlation-example/requirements.txt index 10bc802..a8ced2a 100644 --- a/util-scripts/acs-correlation-example/requirements.txt +++ b/util-scripts/acs-correlation-example/requirements.txt @@ -1,39 +1,14 @@ -aiofiles==23.2.1 +aiofiles==24.1.0 annotated-types==0.7.0 -anyio==4.4.0 -certifi==2024.7.4 -click==8.1.7 -dnspython==2.6.1 -email_validator==2.1.1 -exceptiongroup==1.2.1 -fastapi==0.111.0 -fastapi-cli==0.0.4 +anyio==4.8.0 +certifi==2025.1.31 h11==0.14.0 -httpcore==1.0.5 -httptools==0.6.1 -httpx==0.27.0 -idna==3.7 -Jinja2==3.1.4 -markdown-it-py==3.0.0 -MarkupSafe==2.1.5 -mdurl==0.1.2 -orjson==3.10.4 -pydantic==2.7.4 -pydantic-settings==2.3.3 -pydantic_core==2.18.4 -Pygments==2.18.0 +httpcore==1.0.7 +httpx==0.28.1 +idna==3.10 +pydantic==2.10.6 +pydantic-settings==2.7.1 +pydantic_core==2.27.2 python-dotenv==1.0.1 -python-multipart==0.0.9 -PyYAML==6.0.1 -rich==13.7.1 -shellingham==1.5.4 sniffio==1.3.1 -starlette==0.37.2 -typer==0.12.3 typing_extensions==4.12.2 -ujson==5.10.0 -uuid==1.30 -uvicorn==0.30.1 -uvloop==0.19.0 -watchfiles==0.22.0 -websockets==12.0 From 5352258b9e37c901b1ccbc635b2848fa9a9d3fbb Mon Sep 17 00:00:00 2001 From: Moyo Oyegunle Date: Thu, 20 Feb 2025 23:27:36 -0500 Subject: [PATCH 2/2] Update to fix bugs, and edit output files --- .../acs-correlation-example/acs_request.py | 104 +- util-scripts/acs-correlation-example/app.py | 376 +- .../acs-correlation-example/config.py | 10 +- .../endpoint_list.json | 2 +- ...amespace_deployment_alert_output_file.json | 57589 ++++------------ ...dpoint_policy_alert_count_output_file.json | 625 +- 6 files changed, 15910 insertions(+), 42796 deletions(-) diff --git a/util-scripts/acs-correlation-example/acs_request.py b/util-scripts/acs-correlation-example/acs_request.py index 0d01940..10c859d 100644 --- a/util-scripts/acs-correlation-example/acs_request.py +++ b/util-scripts/acs-correlation-example/acs_request.py @@ -36,24 +36,35 @@ def __next__(self): return self.start else: raise StopIteration - - -async def make_request(full_url_path,insecure:bool=False,headers:dict=None,params:dict=None,offset=None) -> dict: + +async def make_request( + client, + full_url_path, + insecure: bool = False, + headers: dict = None, + params: dict = None, + offset = None +) -> dict: """Make a request to the API""" error=None response=None + local_client=False #TODO: Clean offset and params if offset is not None: params["pagination.offset"] = offset + if client is None: + logger.debug(f"make_request - client is None,will create a new client") + client = AsyncClient(verify=insecure) + local_client=True + try: - async with AsyncClient(verify=insecure) as client: - response = await client.get( - f"{full_url_path}",headers=headers,params=params - ) - logger.debug(f"request_processing - attempted request") - response.raise_for_status() + response = await client.get( + f"{full_url_path}",headers=headers,params=params + ) + logger.debug(f"request_processing - attempted request") + response.raise_for_status() except ConnectTimeout as timeout_err: logger.error(f" Connect Timeout error occurred: {timeout_err}") error=f"Connect Timeout error occurred: {timeout_err}" @@ -75,14 +86,18 @@ async def make_request(full_url_path,insecure:bool=False,headers:dict=None,param except IOError as e: logger.error("I/O error({0}): {1}".format(e.errno, e.strerror)) except BaseException as e: - print("Something serious has occured") - error=f"Something Seriously unexpected has occured" + print("Something serious has occurred") + error=f"Something Seriously unexpected has occurred" + finally: + if local_client: + await client.aclose() return {"response_object":response,"error_object":error} -async def request_processing_pagination(full_url_path,insecure:bool=False,headers:dict=None,params:dict=None): +async def request_processing_pagination(client,full_url_path,insecure:bool=False,headers:dict=None,params:dict=None): """ Args: + client (AsyncClient): httpx AsyncClient object for making requests full_url_path (_type_): ACS URL with path for the request insecure (bool, optional): Make an insecure Request, Should be set from verify_endpoint_ssl on endpoint object headers (dict, optional): Headers for Request to ACS. Defaults to None. @@ -116,7 +131,7 @@ async def request_processing_pagination(full_url_path,insecure:bool=False,header response_dict={"response_object":[],"error_object":None} for offset in PaginationCounter(total_expected_count,params["pagination.limit"]): params.update({"pagination.offset":offset}) - temp_dict = await make_request(full_url_path,insecure,headers,params) + temp_dict = await make_request(client,full_url_path,insecure,headers,params) if temp_dict["error_object"] is not None: return temp_dict["error_object"] @@ -124,36 +139,23 @@ async def request_processing_pagination(full_url_path,insecure:bool=False,header response_dict["response_object"].append(temp_dict["response_object"]) return response_dict -async def request_processing(full_url_path,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: +async def request_processing(client,full_url_path,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: """Send the Request and process the response""" logger.debug(f"request_processing -start: url:{full_url_path} verify_ssl:{insecure}") error=None - retry_count=3 response_dict={"response_object":[],"error_object":None} - - - while retry_count > 0 and retry_count < 4: - if params is None: - response_dict = await make_request(full_url_path,insecure,headers,params) - else: - if "pagination.limit" in params and "total_expected_count" in params: - response_dict = await request_processing_pagination(full_url_path,insecure,headers,params) - else: - response_dict = await make_request(full_url_path,insecure,headers,params) - - if response_dict["error_object"] is not None: - logger.error(f"request_processing - error: {response_dict['error_object']}") - retry_count-=1 - logger.info(f"Retrying request: {retry_count} attempts left") - logger.info(f"Sleeping for 5 seconds before retry") - await asyncio.sleep(5) + if params is None: + response_dict = await make_request(client,full_url_path,insecure,headers,params) + else: + if "pagination.limit" in params and "total_expected_count" in params: + response_dict = await request_processing_pagination(client,full_url_path,insecure,headers,params) else: - break + response_dict = await make_request(client,full_url_path,insecure,headers,params) return response_dict -async def get_acs_alert(url,alert_id: str,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: +async def get_acs_alert(client,url,alert_id: str,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: """Get ACS alert from the API""" if alert_id is not None: logger.debug(f"get_acs_alert -start: url:{url} id:{alert_id} verify_ssl:{insecure}") @@ -161,27 +163,27 @@ async def get_acs_alert(url,alert_id: str,insecure:bool=False,headers:dict=None, else: logger.debug(f"get_acs_alert -start: url:{url} verify_ssl:{insecure}") rhacs_alert_url_path=f"{url}/v1/alerts" - response_dict = await request_processing(rhacs_alert_url_path,insecure,headers,params) + response_dict = await request_processing(client,rhacs_alert_url_path,insecure,headers,params) logger.debug(f"get_acs_alert - complete") return response_dict -async def get_policy(url,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: +async def get_policy(client,url,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: """Get Policy from the API""" logger.debug(f"get_policy -start: url:{url} verify_ssl:{insecure}") rhacs_policy_url_path=f"{url}/v1/policies" - response_dict = await request_processing(rhacs_policy_url_path,insecure,headers,params) + response_dict = await request_processing(client,rhacs_policy_url_path,insecure,headers,params) logger.debug(f"get_policy - complete") return response_dict -async def get_alert_count(url,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: +async def get_alert_count(client,url,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: """Get Alert Count""" logger.debug(f"get_policy -start: url:{url} verify_ssl:{insecure}") rhacs_policy_url_path=f"{url}/v1/alertscount" - response_dict = await request_processing(rhacs_policy_url_path,insecure,headers,params) + response_dict = await request_processing(client,rhacs_policy_url_path,insecure,headers,params) logger.debug(f"get_policy - complete") return response_dict -async def get_acs_deployment(url,deployment_id:str, insecure:bool=False,headers:dict=None,params:dict=None) -> dict: +async def get_acs_deployment(client,url,deployment_id:str, insecure:bool=False,headers:dict=None,params:dict=None) -> dict: """Get Deployment from the API""" if deployment_id is not None: logger.debug(f"get_acs_alert -start: url:{url} id:{deployment_id} verify_ssl:{insecure}") @@ -191,14 +193,28 @@ async def get_acs_deployment(url,deployment_id:str, insecure:bool=False,headers: rhacs_deployment_url_path=f"{url}/v1/deployments" logger.debug(f"get_deployment -start: url:{url}") - response_dict = await request_processing(rhacs_deployment_url_path,insecure,headers,params) + response_dict = await request_processing(client,rhacs_deployment_url_path,insecure,headers,params) logger.debug(f"get_deployment - complete") return response_dict -async def get_rhacs_health(url,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: - """Get health from the API""" +async def get_rhacs_health(client,url,insecure:bool=False,headers:dict=None,params:dict=None) -> dict: + """ + Asynchronously retrieves the health status of RHACS (Red Hat Advanced Cluster Security). + Args: + client: The HTTP client to use for making the request. + url (str): The base URL for the RHACS instance. + insecure (bool, optional): Whether to ignore SSL certificate verification. Defaults to False. + headers (dict, optional): Additional headers to include in the request. Defaults to None. + params (dict, optional): Additional parameters to include in the request. Defaults to None. + Returns: + dict: The response dictionary containing the health status of RHACS. + Logs: + Debug logs indicating the start and completion of the health check request. + """ + + logger.debug(f"get_rhacs_health -start: url:{url}") rhacs_health_url_path=f"{url}/v1/ping" - response_dict = await request_processing(rhacs_health_url_path,insecure,headers,params) + response_dict = await request_processing(client,rhacs_health_url_path,insecure,headers,params) logger.debug(f"get_rhacs_health - complete") return response_dict \ No newline at end of file diff --git a/util-scripts/acs-correlation-example/app.py b/util-scripts/acs-correlation-example/app.py index 999c3a8..787b42b 100644 --- a/util-scripts/acs-correlation-example/app.py +++ b/util-scripts/acs-correlation-example/app.py @@ -1,20 +1,79 @@ +""" _description_ + This module provides classes and functions to interact with ACS (Advanced Cluster Security) API, + retrieve and process data related to alerts, policies, deployments, and clusters. + It includes asynchronous methods for reading, writing, and processing data, + as well as managing the state of the application. + Classes: + ACSAlertCount: Represents the count of ACS alerts. + ACSViolations: Represents ACS violations with optional attributes. + ACSImageDetails: Represents details of an ACS image. + ACSImage: Represents an ACS image with optional attributes. + ACSContainer: Represents an ACS container with optional attributes. + ACSContainerlist: Represents a list of ACS containers. + ACSDeployment: Represents an affected RHACS deployment. + ACSDeploymentList: Represents a list of deployments obtained from RHACS. + ACSPolicy: Represents policy information for a policy generating a violation. + ACSPolicyList: Represents a list of policies obtained from ACS. + ACSAlert: Represents alert information from RHACS. + ACSAlertList: Represents a list of alerts obtained from RHACS. + OCPNamespace: Represents OCP namespace information. + OCPNamespaceList: Represents a list of OCP namespaces. + OCPCluster: Represents OCP cluster information. + OCPClusterlist: Represents a list of OCP clusters. + ACSEndpoint: Represents ACS endpoint information. + ACSEndpointList: Represents a list of ACS endpoints. + ParsedMemory: A static class container that contains parsed data in memory at the cluster level. + Functions: + write_output_file(file_path: str, content: str) -> None: + Writes the content to a file asynchronously. + read_parse_acs_endpoints(endpoint_file) -> ACSEndpointList: + Reads and parses the list of ACS endpoints to poll. + get_endpoint_policies(ACSEndpoint: ACSEndpoint) -> ACSPolicyList: + Retrieves the list of policies for the ACS endpoints. + update_endpoint_policy_alert_count(ACSEndpoint: ACSEndpoint, ACSPolicyList: ACSPolicyList) -> None: + Updates the policy alert count. + get_alerts_for_policy(ACSEndpoint: ACSEndpoint, ACSPolicy: ACSPolicy) -> ACSAlert: + Retrieves alerts for a specific policy. + get_deployment_metadata_for_alert(alert: ACSAlert, ACSEndpoint: ACSEndpoint) -> ACSDeployment: + Retrieves deployment metadata for an alert. + continuously_process_healthy_endpoints(): + Continuously processes healthy endpoints. + generate_cluster_namespace_deployment_alert_output_file(): + Generates the output file for the cluster, namespace, deployment, and alert relationship. + generate_endpoint_policy_alert_count_output_file(): + Generates the output file for the policy alert count. + main(): + The main function for the application startup. + Entry Point: + The application runs in an asyncio loop and processes data from ACS endpoints. + + Raises: + Exception: _description_ + Exception: _description_ + + Returns: + _type_: _description_ +""" + import asyncio +import httpx from os import path, getenv -from signal import SIGTERM -from logging import getLogger, config -from acs_request import get_acs_alert, get_rhacs_health,get_policy,get_alert_count,get_acs_deployment -from pydantic import BaseModel, SecretStr, ValidationError, Field, field_serializer +from uuid import uuid4,UUID +from pydantic import BaseModel, SecretStr, ValidationError, ConfigDict, Field from pydantic_core import from_json from aiofiles import open as async_open, os as aiofiles_os from typing import Any, Optional, AsyncGenerator, Any from config import settings from typing_extensions import Annotated -from uuid import uuid4, UUID +from signal import SIGTERM +from logging import getLogger, config +from acs_request import get_acs_alert, get_rhacs_health, get_policy, get_alert_count, get_acs_deployment class ACSAlertCount(BaseModel): + """Represents the count of ACS alerts.""" count: int - + class ACSViolations(BaseModel): message: str keyValueAttrs: Optional[dict] = None @@ -120,7 +179,7 @@ class ACSPolicyList(BaseModel): endpoint_uuid: UUID = None async def get_policy_count(self): - return len(self.policies) + return len(self.policies) class ACSAlert(BaseModel): '''Class For Alert Information from RHACS''' @@ -175,11 +234,13 @@ class OCPClusterlist(BaseModel): class ACSEndpoint(BaseModel): '''App Object - ACS Endpoint Information''' + model_config = ConfigDict(arbitrary_types_allowed=True) internal_id: UUID = Field(default_factory=uuid4) endpoint_name: str endpoint_url: str endpoint_token_env_variable_name: str endpoint_token: SecretStr = Field(default="Empty",exclude=True) + endpoint_client: Optional[httpx.AsyncClient] = Field(default=None,exclude=True) verify_endpoint_ssl: bool = False healthy: bool = False metadata_processed: Optional[bool] = False @@ -188,6 +249,16 @@ class ACSEndpoint(BaseModel): endpoint_token_env_variable_name_description:str = "Environment Variable to retrieve the Token for this cluster" policies: ACSPolicyList = ACSPolicyList(policies=[]) + + + def initialize(self,token:str,client:httpx.AsyncClient) -> None: + self.endpoint_token = token + if client is None: + self.endpoint_client = httpx.AsyncClient(verify=self.verify_endpoint_ssl) + else: + self.endpoint_client = client + self.initialized = True + def get_health(self) -> bool: if not self.initialized: return False @@ -195,6 +266,7 @@ def get_health(self) -> bool: def set_health(self,health:bool) -> None: self.healthy = health + class ACSEndpointList(BaseModel): '''App Object - ACS Endpoint List''' @@ -369,12 +441,12 @@ async def check_namespace_exists_else_create(cls,namespace_id: str) -> OCPNamesp """ if not cls._lock.locked(): raise Exception(f"Lock not acquired for {cls.check_namespace_exists_else_create.__name__} method") - + logger.debug(f"Check if Namespace with ID {namespace_id} exists in our data") if namespace_id in cls.map_namespace_id_namespace_object.keys(): return cls.map_namespace_id_namespace_object[namespace_id] else: - logger.debug(f"Namespace with ID {namespace_id} does not exist in our data, creating new Namespace") + logger.debug("Namespace with ID %s does not exist in our data, creating new Namespace", namespace_id) new_namespace = OCPNamespace(namespace_id=namespace_id,namespace_name="",deployments=ACSDeploymentList(deployments=[]) ,alerts=ACSAlertList(alerts=[])) cls.namespace_list.namespaces.append(new_namespace) cls.map_namespace_id_namespace_object[namespace_id] = new_namespace @@ -402,64 +474,80 @@ async def check_cluster_exists_else_create(cls,cluster_id: str) -> OCPCluster: cls.ocp_clusters.clusters.append(new_cluster) cls.map_cluster_id_cluster_object[cluster_id] = new_cluster return new_cluster - + + @classmethod + async def initialize_endpoints(cls) -> None: + """ + Initialize the Endpoint + """ + if not cls._lock.locked(): + raise Exception(f"Lock not acquired for {cls.initialize_endpoints.__name__} method") + + for endpoint in cls.endpoint_list.endpoints: + if not endpoint.initialized: + await endpoint.initialize() @classmethod - async def check_endpoint_valid_healthy(cls,ACS_Endpoint:ACSEndpoint): + async def check_endpoint_valid_healthy(cls,ACS_Endpoint:ACSEndpoint) -> bool: """ Check if the Endpoint is Healthy and Ready """ logger.info(f"Checking Health of Endpoint {ACS_Endpoint.endpoint_name}") - if not ACS_Endpoint.initialized: - try: - token=getenv(ACS_Endpoint.endpoint_token_env_variable_name) - except: - logger.error(f"Error reading token from environment variable {ACS_Endpoint.endpoint_token_env_variable_name} for Endpoint {ACS_Endpoint.endpoint_name}") - return - ACS_Endpoint.endpoint_token = token - ACS_Endpoint.initialized = True - + attempt = 0 count = settings.health_check_retry_count - for i in range(count): + response_dict = {"error_object": "Pre-Request Error", "response_object": None} + + if not ACS_Endpoint.initialized: + token=getenv(ACS_Endpoint.endpoint_token_env_variable_name) + ACS_Endpoint.initialize(token=token,client=None) + + while response_dict["error_object"] is not None and attempt < count: headers={"Authorization": f"Bearer {ACS_Endpoint.endpoint_token}", "Content-Type": "application/json"} + + #Error while making the call try: - response_dict = await get_rhacs_health(ACS_Endpoint.endpoint_url,ACS_Endpoint.verify_endpoint_ssl,headers) - if "error_object" in response_dict and response_dict["error_object"] is not None: - logger.error(f"Policy Data Not Retrieved for Endpoint {ACSEndpoint.endpoint_name}") - logger.error(f"Error: {response_dict['error_object']}") - continue - - if response_dict["response_object"].status_code == 200: - logger.info(f"ACS API Connection Successful for Endpoint {ACS_Endpoint.endpoint_name} ") - ACS_Endpoint.set_health(True) - else: - logger.error(f"ACS API Connection Failed for Endpoint {ACS_Endpoint.endpoint_name} ") - except Exception as e: - logger.error(f"ACS API Connection Failed for Endpoint {ACS_Endpoint.endpoint_name} ") - logger.error(f"Error: {e}") - finally: - if ACS_Endpoint.healthy: - await cls.append_endpoint(ACS_Endpoint) - break - else: - if i < count: - logger.info(f"Retrying Health Check for Endpoint {ACS_Endpoint.endpoint_name} in {settings.health_check_retry_delay} seconds") - await asyncio.sleep(settings.health_check_retry_delay) - else: - logger.error(f"Health Check Failed for Endpoint {ACS_Endpoint.endpoint_name}") - logger.info("We will not be able to poll this endpoint for data") - return - + response_dict = await get_rhacs_health(ACS_Endpoint.endpoint_client,ACS_Endpoint.endpoint_url,ACS_Endpoint.verify_endpoint_ssl,headers) + except: + logger.error(f"Error Checking Health for Endpoint {ACS_Endpoint.endpoint_name}") + logger.error(f"Error: {response_dict['error_object']}") + await asyncio.sleep(settings.health_check_retry_delay) + attempt += 1 + continue + + #Error in the response + if response_dict["response_object"] is not None: + if response_dict["response_object"].status_code != 200: + logger.error(f"Response Code: {response_dict['response_object'].status_code}") + logger.error(f"Error Checking Health for Endpoint {ACS_Endpoint.endpoint_name}") + logger.error(f"Error: {response_dict['error_object']}") + await asyncio.sleep(settings.health_check_retry_delay) + attempt += 1 + + #If we have exhausted all attempts + if attempt >= count: + logger.error(f"Failed to get Health for Endpoint {ACS_Endpoint.endpoint_name}") + return False + + #If we have a successful response + if response_dict["response_object"].status_code == 200: + logger.info(f"Health Check for Endpoint {ACS_Endpoint.endpoint_name} successful") + ACS_Endpoint.set_health(True) + await cls.append_endpoint(ACS_Endpoint) + return True + else: + logger.error(f"Failed to get Health for Endpoint {ACS_Endpoint.endpoint_name}") + return False + @classmethod - async def append_policy_alertcount(cls,count,ACSPolicy:ACSPolicy) -> bool: + async def append_policy_alertcount(cls, count, policy: ACSPolicy) -> bool: """ Append the Alert Count to the Policy """ async with cls._lock: try: - ACSPolicy.violation_count = count - logger.debug(f"Alert Count for Policy {ACSPolicy.name} updated") + policy.violation_count = count + logger.debug(f"Alert Count for Policy {policy.name} updated") except: logger.error(f"Error appending Alert Count for Policy {ACSPolicy.name} to the list") return False @@ -536,7 +624,7 @@ async def append_alert(cls,ACSAlert:ACSAlert,ACSEndpoint:ACSEndpoint,ACSPolicy) cluster.alerts.alerts.append(ACSAlert) if alert_namespace_object is not None: cluster.namespaces.namespaces.append(alert_namespace_object) - + if ACSAlert.policy is not None: if ACSAlert.policy.id == ACSPolicy.id: #No need to maintain 2 policy objects with the same information @@ -591,7 +679,6 @@ async def append_deployment(cls,ACSDeployment:ACSDeployment,ACSAlert:ACSAlert) - config.fileConfig(log_file_path, disable_existing_loggers=False) logger = getLogger("logger_root") - async def write_output_file(file_path: str, content: str) -> None: """ Write the content to a file @@ -631,15 +718,15 @@ async def read_parse_acs_endpoints(endpoint_file) -> ACSEndpointList: logger.info("Exiting") return - async with async_open(endpoint_file, mode='r') as filehandle: - contents = await filehandle.read() + async with async_open(endpoint_file, mode='r') as endpoint_filehandler: + contents = await endpoint_filehandler.read() # Verify the JSON try: result_endpoint_list=ACSEndpointList.model_validate_json(contents) except ValidationError as e: logger.error(f"Error: {e}") - logger.info("Ccontent from file is not valid json for ACSEndpointList") + logger.info("content from file is not valid json for ACSEndpointList") return result_endpoint_list @@ -650,14 +737,26 @@ async def get_endpoint_policies(ACSEndpoint: ACSEndpoint) -> ACSPolicyList: logger.info("Getting Policies for ACS Endpoints") policies = ACSPolicyList(policies=[]) + attempt = 0 + retry_count = settings.api_retry_count + retry_delay = settings.api_read_retry_delay + response_dict = {"error_object": "Pre-Request Error", "response_object": None} headers={"Authorization": f"Bearer {ACSEndpoint.endpoint_token}", "Content-Type": "application/json"} - response_dict = await get_policy(ACSEndpoint.endpoint_url,ACSEndpoint.verify_endpoint_ssl,headers) + + while response_dict["error_object"] is not None and attempt < retry_count: + response_dict = await get_policy(ACSEndpoint.endpoint_client,ACSEndpoint.endpoint_url,ACSEndpoint.verify_endpoint_ssl,headers) + if response_dict["error_object"] is not None: + logger.error(f"Policy Data Not Retrieved for Endpoint {ACSEndpoint.endpoint_name}") + logger.error(f"Error: {response_dict['error_object']}") + await asyncio.sleep(retry_delay) + attempt += 1 + else: + break - if "error_object" in response_dict and response_dict["error_object"] is not None: - logger.error(f"Policy Data Not Retrieved for Endpoint {ACSEndpoint.endpoint_name}") - logger.error(f"Error: {response_dict['error_object']}") + if attempt >= retry_count: + logger.error(f"Failed to get Policy Data for Endpoint {ACSEndpoint.endpoint_name}") return if response_dict["response_object"].status_code == 200: @@ -691,7 +790,7 @@ async def update_endpoint_policy_alert_count(ACSEndpoint:ACSEndpoint,ACSPolicyLi "Content-Type": "application/json"} params={"query": f"Policy:{policy.name}"} - response_dict = await get_alert_count(ACSEndpoint.endpoint_url,ACSEndpoint.verify_endpoint_ssl,headers,params) + response_dict = await get_alert_count(ACSEndpoint.endpoint_client,ACSEndpoint.endpoint_url,ACSEndpoint.verify_endpoint_ssl,headers,params) if "error_object" in response_dict and response_dict["error_object"] is not None: logger.error(f"Failed getting Alert count for {policy.name}") @@ -720,17 +819,31 @@ async def get_alerts_for_policy(ACSEndpoint:ACSEndpoint,ACSPolicy:ACSPolicy) -> ACSAlert: _description_ """ logger.debug(f"Getting alerts for policy {ACSPolicy.name}") - params={"query": f"Policy:{ACSPolicy.name}","pagination.limit": 100,"pagination.offset": 0,"pagination.total_expected_count": ACSPolicy.violation_count} + params={"query": f"Policy:{ACSPolicy.name}","pagination.limit": 100,"pagination.offset": 0,"pagination.total_expected_count": ACSPolicy.violation_count} + attempt = 0 + retry_count = settings.api_retry_count + retry_delay = settings.api_read_retry_delay + parsed_alert_list = [] + response_dict = {"error_object": "Pre-Request Error", "response_object": None} + headers={"Authorization": f"Bearer {ACSEndpoint.endpoint_token}", "Content-Type": "application/json"} - parsed_alert_list = [] - response_dict = await get_acs_alert(ACSEndpoint.endpoint_url,None,ACSEndpoint.verify_endpoint_ssl,headers,params) - if "error_object" in response_dict and response_dict["error_object"] is not None: - logger.error(f"Failed getting Alerts for Policy {ACSPolicy.name}") - logger.error(f"Error: {response_dict['error_object']}") + while response_dict["error_object"] is not None and attempt < retry_count: + response_dict = await get_acs_alert(ACSEndpoint.endpoint_client,ACSEndpoint.endpoint_url,None,ACSEndpoint.verify_endpoint_ssl,headers,params) + if response_dict["error_object"] is not None: + logger.error(f"Failed getting Alerts for Policy {ACSPolicy.name}") + logger.error(f"Error: {response_dict['error_object']}") + await asyncio.sleep(retry_delay) + attempt += 1 + else: + break + + if attempt >= retry_count: + logger.error(f"Failed to get Alerts for Policy {ACSPolicy.name}") return + try: if hasattr(response_dict["response_object"], '__iter__'): for alert in response_dict["response_object"]: @@ -748,7 +861,7 @@ async def get_alerts_for_policy(ACSEndpoint:ACSEndpoint,ACSPolicy:ACSPolicy) -> for parsed_alert in parsed_alert_list: for alert in parsed_alert.alerts: - response_dict = await get_acs_alert(ACSEndpoint.endpoint_url,alert.id,ACSEndpoint.verify_endpoint_ssl,headers,params) + response_dict = await get_acs_alert(ACSEndpoint.endpoint_client,ACSEndpoint.endpoint_url,alert.id,ACSEndpoint.verify_endpoint_ssl,headers,params) if "error_object" in response_dict and response_dict["error_object"] is not None: logger.error(f"Failed getting Alerts for Policy {ACSPolicy.name}") logger.error(f"Error: {response_dict['error_object']}") @@ -771,7 +884,7 @@ async def get_deployment_metadata_for_alert(alert:ACSAlert,ACSEndpoint:ACSEndpoi logger.debug(f"Deployment Information not available for Alert {alert.id}") return deployment_id = alert.deployment.id - response_dict = await get_acs_deployment(ACSEndpoint.endpoint_url,deployment_id,ACSEndpoint.verify_endpoint_ssl,headers,params=None) + response_dict = await get_acs_deployment(ACSEndpoint.endpoint_client,ACSEndpoint.endpoint_url,deployment_id,ACSEndpoint.verify_endpoint_ssl,headers,params=None) if "error_object" in response_dict and response_dict["error_object"] is not None: logger.error(f"Failed getting Alerts for Alert {alert.id}") logger.error(f"Error: {response_dict['error_object']}") @@ -784,8 +897,8 @@ async def get_deployment_metadata_for_alert(alert:ACSAlert,ACSEndpoint:ACSEndpoi except ValidationError as e: logger.error(f"Error: {e}") return - -async def continously_process_healthy_endpoints(): + +async def continuously_process_healthy_endpoints(): """ Method is a continually running policy meant to process healthy endpoints """ @@ -811,7 +924,12 @@ async def continously_process_healthy_endpoints(): if await ParsedMemory.check_all_deployments_processed(): #All Deployments have been processed logger.info("All Data has been processed") - ParsedMemory.all_metadata_processed = True + ParsedMemory.all_metadata_processed = True + try: + for endpoint in ParsedMemory.endpoint_list.endpoints: + await endpoint.endpoint_client.aclose() + except: + logger.error("Error closing endpoint clients") break #Check if there are any healthy endpoints @@ -863,63 +981,33 @@ async def generate_cluster_namespace_deployment_alert_output_file(): """ logger.info("Generating Output File for Cluster-Deployment-Namespace-Alerts-Relationship") - exclude_keys = { + include_keys = { "clusters": { - '__all__': { - "deployments" : True - ,"alerts": True - ,"namespaces": { - "namespaces":{ - '__all__': { - "alerts": True - ,"deployments": - {"deployments": - {"__all__":{ - "annotations": True - ,"imagePullSecrets": True - ,"serviceAccount": True - ,"annotations": True - ,"created": True - ,"labels" : True - ,"tolerations": True - ,"ports": True - ,"inactive" : True - ,"priority" : True - ,"stateTimestamp": True - ,"alerts": { - "__all__": { - "deployment": True - ,"policy": { - "lifecycleStages" : True - ,"notifiers" : True - - } - } - } - ,"containers" : { - "__all__": { - "config": True - ,"securityContext": True - ,"volumes": True - ,"secrets": True - ,"ports": True - ,"resources": True - ,"livenessProbe": True - ,"readinessProbe": True - } - } - } - } - } - } - } + "__all__": { + "cluster_id": True + ,"cluster_name": True + ,"deployments": { + "deployments": { + "__all__": { + "name": True + ,"namespace": True + ,"riskScore": True + ,"alerts": { + "__all__": { + "id": True + ,"violations": True + } } - } - }, -} + } + } + } + } + } + } + output_content = ParsedMemory.ocp_clusters.model_dump_json( - exclude=exclude_keys,exclude_none=True,indent=4) + include=include_keys,indent=4) output_file = path.join(settings.output_folder, 'cluster_namespace_deployment_alert_output_file.json') await write_output_file(output_file, output_content) @@ -943,26 +1031,43 @@ async def generate_endpoint_policy_alert_count_output_file(): output_content = ParsedMemory.endpoint_list.model_dump_json(include=include_keys,indent=4) output_file = path.join(settings.output_folder, 'endpoint_policy_alert_count_output_file.json') await write_output_file(output_file, output_content) - + + + async def main(): '''App Startup Function''' logger.info("Starting up ACS API Correlation Service") - + # Set Instance Hostname logger.info("Instance Hostname: {}".format(settings.instance_hostname)) - + # Load the ACS Endpoints - result_endpoint_list = await read_parse_acs_endpoints(settings.endpoint_list_json_path) - while result_endpoint_list is None: - logger.error("Error reading endpoint list file") - logger.info("Exiting") + logger.info("Reading Endpoint List") + endpoint_file_read_retry_count = settings.endpoint_file_read_retry_count + + while endpoint_file_read_retry_count > 0: + result_endpoint_list = await read_parse_acs_endpoints(settings.endpoint_list_json_path) + if result_endpoint_list is not None: + break + logger.info(f"Retrying to read endpoint list in {settings.endpoint_file_read_retry_delay} seconds") + await asyncio.sleep(settings.endpoint_file_read_retry_delay) + endpoint_file_read_retry_count -= 1 + + if result_endpoint_list is None: + logger.error("Could not read any endpoints to poll, Application will exit") return + for endpoint in result_endpoint_list.endpoints: + if "http://" or "https://" not in endpoint.endpoint_url: + logger.error(f"Endpoint URL {endpoint.endpoint_url} is not valid, must start with http:// or https://") + logger.info("Will append https:// to the URL") + endpoint.endpoint_url = f"https://{endpoint.endpoint_url}" + await ParsedMemory.check_endpoint_valid_healthy(endpoint) - logger.debug("Starting up continously_process_healthy_endpoints for metadata") - asyncio.create_task(continously_process_healthy_endpoints()) - logger.debug("Ending continously_process_healthy_endpoints for metadata") + logger.debug("Starting up continuously_process_healthy_endpoints for metadata") + asyncio.create_task(continuously_process_healthy_endpoints()) + logger.debug("Ending continuously_process_healthy_endpoints for metadata") if await ParsedMemory.check_are_all_endpoints_unhealthy() and await ParsedMemory.get_endpoint_count() == 0: logger.error("No Healthy Endpoints to poll, Application will exit") @@ -988,5 +1093,4 @@ async def main(): If there are no issues the main() function should return and end application after processing """ asyncio.run(main()) - \ No newline at end of file diff --git a/util-scripts/acs-correlation-example/config.py b/util-scripts/acs-correlation-example/config.py index a882af2..b024d8f 100644 --- a/util-scripts/acs-correlation-example/config.py +++ b/util-scripts/acs-correlation-example/config.py @@ -1,5 +1,8 @@ -from pydantic_settings import BaseSettings +"""Module to read the configuration from the environment variables and provide the settings to the application +""" + import os +from pydantic_settings import BaseSettings from dotenv import load_dotenv # pylint: disable=import-error basedir = os.path.abspath(os.path.dirname(__file__)) @@ -14,6 +17,11 @@ class Settings(BaseSettings): #File Path where we can look for the list of ACS API Endpoints to work with endpoint_list_json_path:str = os.environ.get('ENDPOINT_LIST_JSON_PATH') or 'endpoint_list.json' + api_retry_count:int = os.environ.get('API_RETRY_COUNT') or 3 + api_read_retry_delay:int = os.environ.get('API_READ_RETRY_DELAY') or 10 + endpoint_file_read_retry_count:int = os.environ.get('ENDPOINT_FILE_READ_RETRY_COUNT') or 3 + endpoint_file_read_retry_delay:int = os.environ.get('ENDPOINT_FILE_READ_RETRY_DELAY') or 10 + #Health Check Retry Count health_check_retry_count:int = os.environ.get('HEALTH_CHECK_RETRY_COUNT') or 3 diff --git a/util-scripts/acs-correlation-example/endpoint_list.json b/util-scripts/acs-correlation-example/endpoint_list.json index 715b11d..e6fbca3 100644 --- a/util-scripts/acs-correlation-example/endpoint_list.json +++ b/util-scripts/acs-correlation-example/endpoint_list.json @@ -3,7 +3,7 @@ { "endpoint_name": "ACS_Demo_Environment", "endpoint_url": "${CENTRAL_API_URL}", - "endpoint_url_description": "ACS API endpoint for the application to make requess to", + "endpoint_url_description": "ACS API endpoint for the application to make requests to", "endpoint_token_env_variable_name": "MAIN_ACS_TOKEN", "verify_endpoint_ssl" : "False", "endpoint_token_env_variable_name_description": "Environment Variable to retrieve the Token for this cluster" diff --git a/util-scripts/acs-correlation-example/output/sample_cluster_namespace_deployment_alert_output_file.json b/util-scripts/acs-correlation-example/output/sample_cluster_namespace_deployment_alert_output_file.json index bc1f387..9f943b1 100644 --- a/util-scripts/acs-correlation-example/output/sample_cluster_namespace_deployment_alert_output_file.json +++ b/util-scripts/acs-correlation-example/output/sample_cluster_namespace_deployment_alert_output_file.json @@ -1,42307 +1,15294 @@ { "clusters": [ { - "cluster_id": "cc636516-5157-4127-a24d-a933a76afd85", - "cluster_name": "cluster-main", - "namespaces": { - "namespaces": [ - { - "namespace_id": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "namespace_name": "openshift-machine-config-operator", - "deployments": { - "deployments": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "7f0268b2-64c1-413f-9395-278b4b235bfd", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173612973Z", - "firstOccurred": "2024-06-23T01:30:19.173612973Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "de5022d6-5a08-4969-a137-a8faa02985a3", - "policy": { - "id": "f2183906-4577-47de-9bf4-270d09e0a93c", - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:35.033827963Z", - "firstOccurred": "2024-06-23T19:52:30.450849668Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "3372f523-1247-46a1-b028-ed5ccb20d2a4", - "policy": { - "id": "ddb7af9c-5ec1-45e1-a0cf-c36e3ef2b2ce", - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:32.122444217Z", - "firstOccurred": "2024-06-23T19:52:30.629709852Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "2be1762a-1973-4692-ac96-c1a353d94a22", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168712637Z", - "firstOccurred": "2024-06-23T01:30:19.168712637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c9f12575-ab66-4ef4-94a1-ae6b36232456", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.164036130Z", - "firstOccurred": "2024-06-23T01:30:19.164036130Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "12941439-ca17-4f3b-a7f3-a6c74b20df58", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.158422479Z", - "firstOccurred": "2024-06-23T01:30:19.158422479Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a2cf650d-4c6e-479c-bb01-20b29fda91aa", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.153981050Z", - "firstOccurred": "2024-06-23T01:30:19.153981050Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "9237163b-63f5-4510-b232-67610879335b", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.149920685Z", - "firstOccurred": "2024-06-23T01:30:19.149920685Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "211bae2f-9772-4b88-bf1e-b85a6052b334", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-daemon' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617616105Z", - "firstOccurred": "2024-06-23T01:30:26.617616105Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "abe33912-6b31-405a-9fea-d3f2708ad1b9", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-operator' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609554001Z", - "firstOccurred": "2024-06-23T01:30:26.609554001Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "58efe7a3-7d1e-46e2-993f-bda30d926bad", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617586689Z", - "firstOccurred": "2024-06-23T01:30:26.617586689Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "3f7f83bb-9485-45e8-bc4d-df5a63707f3b", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-server' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605861471Z", - "firstOccurred": "2024-06-23T01:30:26.605861471Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "8f4df61c-fceb-485d-b0ce-1b4c598b4c2c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609517267Z", - "firstOccurred": "2024-06-23T01:30:26.609517267Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "dd7d9628-8139-4d8c-8d98-cade9737cc61", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-controller' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603369663Z", - "firstOccurred": "2024-06-23T01:30:26.603369663Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "29276278-e012-45a5-9e0d-3b6fb36be208", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605838360Z", - "firstOccurred": "2024-06-23T01:30:26.605838360Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "50c9da01-5be3-4ac6-b15d-ce3c93b7480c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603303310Z", - "firstOccurred": "2024-06-23T01:30:26.603303310Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "55d0fd31-1040-4b55-932a-459737a7ccd7", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173578195Z", - "firstOccurred": "2024-06-23T01:30:19.173578195Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "d5a0c7de-b731-4208-917a-77e1549198cb", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173551817Z", - "firstOccurred": "2024-06-23T01:30:19.173551817Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "81f49857-2dc0-4200-9c1d-6790f38e4fee", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166973711Z", - "firstOccurred": "2024-06-23T01:30:19.166973711Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fddefc54-09b9-40e1-89d2-87cab9b72054", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168672097Z", - "firstOccurred": "2024-06-23T01:30:19.168672097Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c0b0e4bd-ea48-4a45-95f3-ffa2b423cf7e", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162458998Z", - "firstOccurred": "2024-06-23T01:30:19.162458998Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "77b1d1f8-ab63-43dc-837c-e5ba9c3b0a06", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.163993959Z", - "firstOccurred": "2024-06-23T01:30:19.163993959Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "namespace_name": "openshift-kube-apiserver", - "deployments": { - "deployments": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "2e466025-09e5-46e5-aa23-6ca5669f10c8", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.174597143Z", - "firstOccurred": "2024-06-23T20:02:13.174597143Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "45419aec-7a86-4b13-964d-f880dacf5fd6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.172375969Z", - "firstOccurred": "2024-06-23T20:02:13.172375969Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "acbc3005-8499-4862-a61f-0c5f4e181d8d", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.567491688Z", - "firstOccurred": "2024-06-23T19:57:56.567491688Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "4542f8f3-b419-4ef8-8c8f-c9a7723968a6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.585861568Z", - "firstOccurred": "2024-06-23T19:57:56.585861568Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "89165cf2-e3f9-448e-8d3f-8f20ea349fd3", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.856592813Z", - "firstOccurred": "2024-06-23T19:53:57.856592813Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "602b23d4-8075-4fb1-aa18-4a84857450c5", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.876494566Z", - "firstOccurred": "2024-06-23T19:53:57.876494566Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "344a6aa2-966a-4a27-b48f-3b82a3384219", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680754395Z", - "firstOccurred": "2024-06-23T01:30:19.680754395Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "dbd5fb6d-50b4-41ad-b947-34d734f57bc2", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.676300047Z", - "firstOccurred": "2024-06-23T01:30:19.676300047Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "a6c561a8-082b-4d76-88e8-d5c1c65ba259", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680726727Z", - "firstOccurred": "2024-06-23T01:30:19.680726727Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "f0b26fc0-11fb-49fe-a42b-613564f2d1f1", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675360723Z", - "firstOccurred": "2024-06-23T01:30:19.675360723Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "43458116-1629-427c-81a2-1726c538e37d", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.677692468Z", - "firstOccurred": "2024-06-23T01:30:19.677692468Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "fe453edf-e55c-4415-b27b-6c2a6e5bcccd", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675335098Z", - "firstOccurred": "2024-06-23T01:30:19.675335098Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "namespace_name": "openshift-kube-apiserver", - "deployments": { - "deployments": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "2e466025-09e5-46e5-aa23-6ca5669f10c8", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.174597143Z", - "firstOccurred": "2024-06-23T20:02:13.174597143Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "45419aec-7a86-4b13-964d-f880dacf5fd6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.172375969Z", - "firstOccurred": "2024-06-23T20:02:13.172375969Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "acbc3005-8499-4862-a61f-0c5f4e181d8d", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.567491688Z", - "firstOccurred": "2024-06-23T19:57:56.567491688Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "4542f8f3-b419-4ef8-8c8f-c9a7723968a6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.585861568Z", - "firstOccurred": "2024-06-23T19:57:56.585861568Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "89165cf2-e3f9-448e-8d3f-8f20ea349fd3", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.856592813Z", - "firstOccurred": "2024-06-23T19:53:57.856592813Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "602b23d4-8075-4fb1-aa18-4a84857450c5", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.876494566Z", - "firstOccurred": "2024-06-23T19:53:57.876494566Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "344a6aa2-966a-4a27-b48f-3b82a3384219", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680754395Z", - "firstOccurred": "2024-06-23T01:30:19.680754395Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "dbd5fb6d-50b4-41ad-b947-34d734f57bc2", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.676300047Z", - "firstOccurred": "2024-06-23T01:30:19.676300047Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "a6c561a8-082b-4d76-88e8-d5c1c65ba259", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680726727Z", - "firstOccurred": "2024-06-23T01:30:19.680726727Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "f0b26fc0-11fb-49fe-a42b-613564f2d1f1", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675360723Z", - "firstOccurred": "2024-06-23T01:30:19.675360723Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "43458116-1629-427c-81a2-1726c538e37d", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.677692468Z", - "firstOccurred": "2024-06-23T01:30:19.677692468Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "fe453edf-e55c-4415-b27b-6c2a6e5bcccd", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675335098Z", - "firstOccurred": "2024-06-23T01:30:19.675335098Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "namespace_name": "openshift-kube-apiserver", - "deployments": { - "deployments": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "2e466025-09e5-46e5-aa23-6ca5669f10c8", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.174597143Z", - "firstOccurred": "2024-06-23T20:02:13.174597143Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "45419aec-7a86-4b13-964d-f880dacf5fd6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.172375969Z", - "firstOccurred": "2024-06-23T20:02:13.172375969Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "acbc3005-8499-4862-a61f-0c5f4e181d8d", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.567491688Z", - "firstOccurred": "2024-06-23T19:57:56.567491688Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "4542f8f3-b419-4ef8-8c8f-c9a7723968a6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.585861568Z", - "firstOccurred": "2024-06-23T19:57:56.585861568Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "89165cf2-e3f9-448e-8d3f-8f20ea349fd3", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.856592813Z", - "firstOccurred": "2024-06-23T19:53:57.856592813Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "602b23d4-8075-4fb1-aa18-4a84857450c5", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.876494566Z", - "firstOccurred": "2024-06-23T19:53:57.876494566Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "344a6aa2-966a-4a27-b48f-3b82a3384219", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680754395Z", - "firstOccurred": "2024-06-23T01:30:19.680754395Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "dbd5fb6d-50b4-41ad-b947-34d734f57bc2", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.676300047Z", - "firstOccurred": "2024-06-23T01:30:19.676300047Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "a6c561a8-082b-4d76-88e8-d5c1c65ba259", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680726727Z", - "firstOccurred": "2024-06-23T01:30:19.680726727Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "f0b26fc0-11fb-49fe-a42b-613564f2d1f1", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675360723Z", - "firstOccurred": "2024-06-23T01:30:19.675360723Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "43458116-1629-427c-81a2-1726c538e37d", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.677692468Z", - "firstOccurred": "2024-06-23T01:30:19.677692468Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "fe453edf-e55c-4415-b27b-6c2a6e5bcccd", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675335098Z", - "firstOccurred": "2024-06-23T01:30:19.675335098Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "namespace_name": "openshift-kube-apiserver", - "deployments": { - "deployments": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "2e466025-09e5-46e5-aa23-6ca5669f10c8", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.174597143Z", - "firstOccurred": "2024-06-23T20:02:13.174597143Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "45419aec-7a86-4b13-964d-f880dacf5fd6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.172375969Z", - "firstOccurred": "2024-06-23T20:02:13.172375969Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "acbc3005-8499-4862-a61f-0c5f4e181d8d", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.567491688Z", - "firstOccurred": "2024-06-23T19:57:56.567491688Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "4542f8f3-b419-4ef8-8c8f-c9a7723968a6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.585861568Z", - "firstOccurred": "2024-06-23T19:57:56.585861568Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "89165cf2-e3f9-448e-8d3f-8f20ea349fd3", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.856592813Z", - "firstOccurred": "2024-06-23T19:53:57.856592813Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "602b23d4-8075-4fb1-aa18-4a84857450c5", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.876494566Z", - "firstOccurred": "2024-06-23T19:53:57.876494566Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "344a6aa2-966a-4a27-b48f-3b82a3384219", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680754395Z", - "firstOccurred": "2024-06-23T01:30:19.680754395Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "dbd5fb6d-50b4-41ad-b947-34d734f57bc2", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.676300047Z", - "firstOccurred": "2024-06-23T01:30:19.676300047Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "a6c561a8-082b-4d76-88e8-d5c1c65ba259", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680726727Z", - "firstOccurred": "2024-06-23T01:30:19.680726727Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "f0b26fc0-11fb-49fe-a42b-613564f2d1f1", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675360723Z", - "firstOccurred": "2024-06-23T01:30:19.675360723Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "43458116-1629-427c-81a2-1726c538e37d", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.677692468Z", - "firstOccurred": "2024-06-23T01:30:19.677692468Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "fe453edf-e55c-4415-b27b-6c2a6e5bcccd", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675335098Z", - "firstOccurred": "2024-06-23T01:30:19.675335098Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "namespace_name": "openshift-apiserver", - "deployments": { - "deployments": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "ec48f9a3-9798-467b-8cf6-9601d11e0ebc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Container 'openshift-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.669437890Z", - "firstOccurred": "2024-06-23T01:30:19.669437890Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "ec48f9a3-9798-467b-8cf6-9601d11e0ebc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Container 'openshift-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.669437890Z", - "firstOccurred": "2024-06-23T01:30:19.669437890Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "3e5409da-1a7d-4f8f-bff0-c9bb76eab0ff", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Container 'openshift-apiserver' has image created at 2024-03-05 08:35:41 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'openshift-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.671786566Z", - "firstOccurred": "2024-06-23T01:30:19.671786566Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "36e6c345-bfb2-46c0-810c-9b17033c379d", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.671747470Z", - "firstOccurred": "2024-06-23T01:30:19.671747470Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "namespace_name": "openshift-kube-apiserver", - "deployments": { - "deployments": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "2e466025-09e5-46e5-aa23-6ca5669f10c8", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.174597143Z", - "firstOccurred": "2024-06-23T20:02:13.174597143Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "a3d29df4-6173-4804-8a80-2f58b5d7b434", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.160533946Z", - "firstOccurred": "2024-06-23T20:02:13.160533946Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87", - "name": "kube-apiserver-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "1666731a-d36b-4134-b420-c4965fd10e87:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "45419aec-7a86-4b13-964d-f880dacf5fd6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T20:02:13.172375969Z", - "firstOccurred": "2024-06-23T20:02:13.172375969Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "acbc3005-8499-4862-a61f-0c5f4e181d8d", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.567491688Z", - "firstOccurred": "2024-06-23T19:57:56.567491688Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "fb2fcc1f-c55b-4a9c-b60a-b968c435cc05", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.575679618Z", - "firstOccurred": "2024-06-23T19:57:56.575679618Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f", - "name": "kube-apiserver-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "45fa6c39-2137-4359-b106-783ae878c31f:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "4542f8f3-b419-4ef8-8c8f-c9a7723968a6", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:57:56.585861568Z", - "firstOccurred": "2024-06-23T19:57:56.585861568Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "89165cf2-e3f9-448e-8d3f-8f20ea349fd3", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' has image created at 2024-03-19 13:11:14 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-regeneration-controller' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-cert-syncer' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'kube-apiserver-insecure-readyz' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.856592813Z", - "firstOccurred": "2024-06-23T19:53:57.856592813Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "f9288f8c-a0a8-494c-9d09-f5bfa3d2d7fd", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'kube-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.866176824Z", - "firstOccurred": "2024-06-23T19:53:57.866176824Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48", - "name": "kube-apiserver-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver", - "image": { - "id": "sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:2bd5b85e81d6d8f0750437f0f8a18ead1a38f5c02d121e8c93402aceace951c4" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-regeneration-controller", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-regeneration-controller" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-cert-syncer", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-cert-syncer" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-check-endpoints" - }, - { - "id": "21220dca-cacc-46f5-808e-ad81b50beb48:kube-apiserver-insecure-readyz", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-apiserver-insecure-readyz" - } - ], - "riskScore": 31.187088, - "alerts": [ - { - "id": "602b23d4-8075-4fb1-aa18-4a84857450c5", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T19:53:57.876494566Z", - "firstOccurred": "2024-06-23T19:53:57.876494566Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "344a6aa2-966a-4a27-b48f-3b82a3384219", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680754395Z", - "firstOccurred": "2024-06-23T01:30:19.680754395Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "dbd5fb6d-50b4-41ad-b947-34d734f57bc2", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.676300047Z", - "firstOccurred": "2024-06-23T01:30:19.676300047Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273", - "name": "kube-apiserver-guard-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "b68259e5-2e23-4526-96e7-3dc51c86f273:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "a6c561a8-082b-4d76-88e8-d5c1c65ba259", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.680726727Z", - "firstOccurred": "2024-06-23T01:30:19.680726727Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "f0b26fc0-11fb-49fe-a42b-613564f2d1f1", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Container 'guard' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675360723Z", - "firstOccurred": "2024-06-23T01:30:19.675360723Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6", - "name": "kube-apiserver-guard-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "618a3135-f95b-4003-aa2f-c3453d3685d6:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "43458116-1629-427c-81a2-1726c538e37d", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.677692468Z", - "firstOccurred": "2024-06-23T01:30:19.677692468Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c", - "name": "kube-apiserver-guard-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "42ddb3bd-b0e9-4160-95ce-06ec7c69398c:guard", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "guard" - } - ], - "riskScore": 12.144506, - "alerts": [ - { - "id": "fe453edf-e55c-4415-b27b-6c2a6e5bcccd", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-kube-apiserver", - "namespaceId": "d1579934-87c9-415d-9f58-c24cd4ee398b", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'guard', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'guard', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.675335098Z", - "firstOccurred": "2024-06-23T01:30:19.675335098Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "namespace_name": "openshift-cluster-node-tuning-operator", - "deployments": { - "deployments": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "38841a38-82f2-4376-85d6-5c56ab9b2799", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647511249Z", - "firstOccurred": "2024-06-23T01:30:19.647511249Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "7dd50331-414d-4995-9487-b530a9c38aa5", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'cluster-node-tuning-operator' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642809082Z", - "firstOccurred": "2024-06-23T01:30:19.642809082Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "3b9d0b0d-ae3d-49f8-b3aa-b3a5b27df54f", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647484885Z", - "firstOccurred": "2024-06-23T01:30:19.647484885Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "22f12ab4-e952-4dba-a583-2df67ce15654", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642768637Z", - "firstOccurred": "2024-06-23T01:30:19.642768637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "namespace_name": "openshift-apiserver", - "deployments": { - "deployments": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "ec48f9a3-9798-467b-8cf6-9601d11e0ebc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Container 'openshift-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.669437890Z", - "firstOccurred": "2024-06-23T01:30:19.669437890Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "ec48f9a3-9798-467b-8cf6-9601d11e0ebc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Container 'openshift-apiserver' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.669437890Z", - "firstOccurred": "2024-06-23T01:30:19.669437890Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "3e5409da-1a7d-4f8f-bff0-c9bb76eab0ff", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Container 'openshift-apiserver' has image created at 2024-03-05 08:35:41 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'openshift-apiserver-check-endpoints' has image created at 2024-03-07 16:12:21 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.671786566Z", - "firstOccurred": "2024-06-23T01:30:19.671786566Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14", - "name": "apiserver", - "type": "Deployment", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver", - "image": { - "id": "sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:5b447c80652d965f461a64151b30d73fb59a6b1b2858fa1845f7ae0d2f1dfe7d" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver" - }, - { - "id": "48138acb-228d-4049-9662-eda675ba3f14:openshift-apiserver-check-endpoints", - "image": { - "id": "sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c954cd29ee3d4cf72b00672e6f9c6cb941f5f6867d276cae9a465a27643b5aa2" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "openshift-apiserver-check-endpoints" - } - ], - "riskScore": 27.505857, - "alerts": [ - { - "id": "36e6c345-bfb2-46c0-810c-9b17033c379d", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-apiserver", - "namespaceId": "f38d1aa7-6c92-4c7b-8023-bd5cb15885c0", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'openshift-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'openshift-apiserver-check-endpoints', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.671747470Z", - "firstOccurred": "2024-06-23T01:30:19.671747470Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "namespace_name": "openshift-cluster-node-tuning-operator", - "deployments": { - "deployments": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "38841a38-82f2-4376-85d6-5c56ab9b2799", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647511249Z", - "firstOccurred": "2024-06-23T01:30:19.647511249Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "7dd50331-414d-4995-9487-b530a9c38aa5", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'cluster-node-tuning-operator' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642809082Z", - "firstOccurred": "2024-06-23T01:30:19.642809082Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "3b9d0b0d-ae3d-49f8-b3aa-b3a5b27df54f", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647484885Z", - "firstOccurred": "2024-06-23T01:30:19.647484885Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "22f12ab4-e952-4dba-a583-2df67ce15654", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642768637Z", - "firstOccurred": "2024-06-23T01:30:19.642768637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "namespace_name": "openshift-cluster-node-tuning-operator", - "deployments": { - "deployments": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "38841a38-82f2-4376-85d6-5c56ab9b2799", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647511249Z", - "firstOccurred": "2024-06-23T01:30:19.647511249Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "7dd50331-414d-4995-9487-b530a9c38aa5", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'cluster-node-tuning-operator' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642809082Z", - "firstOccurred": "2024-06-23T01:30:19.642809082Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "3b9d0b0d-ae3d-49f8-b3aa-b3a5b27df54f", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647484885Z", - "firstOccurred": "2024-06-23T01:30:19.647484885Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "22f12ab4-e952-4dba-a583-2df67ce15654", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642768637Z", - "firstOccurred": "2024-06-23T01:30:19.642768637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "7e1dc65a-b5c3-4210-905f-9e9f6270d9d6", - "namespace_name": "openshift-cluster-storage-operator", - "deployments": { - "deployments": [ - { - "id": "9af08e8b-fa76-4ff3-b1bd-0ae8a24d7dd9", - "name": "cluster-storage-operator", - "type": "Deployment", - "namespace": "openshift-cluster-storage-operator", - "namespaceId": "7e1dc65a-b5c3-4210-905f-9e9f6270d9d6", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9af08e8b-fa76-4ff3-b1bd-0ae8a24d7dd9:cluster-storage-operator", - "image": { - "id": "sha256:c492f02a09ea036ea3c2d024be6e5283914558a01b69b0b433a66b360cc0baff", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c492f02a09ea036ea3c2d024be6e5283914558a01b69b0b433a66b360cc0baff" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-storage-operator" - } - ], - "riskScore": 12.118738, - "alerts": [ - { - "id": "0bb59eb9-7142-44e6-a546-6e27f2993272", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-storage-operator", - "namespaceId": "7e1dc65a-b5c3-4210-905f-9e9f6270d9d6", - "violations": [ - { - "message": "Container 'cluster-storage-operator' has image created at 2024-03-05 08:07:20 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.556066047Z", - "firstOccurred": "2024-06-23T01:30:19.556066047Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9af08e8b-fa76-4ff3-b1bd-0ae8a24d7dd9", - "name": "cluster-storage-operator", - "type": "Deployment", - "namespace": "openshift-cluster-storage-operator", - "namespaceId": "7e1dc65a-b5c3-4210-905f-9e9f6270d9d6", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9af08e8b-fa76-4ff3-b1bd-0ae8a24d7dd9:cluster-storage-operator", - "image": { - "id": "sha256:c492f02a09ea036ea3c2d024be6e5283914558a01b69b0b433a66b360cc0baff", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:c492f02a09ea036ea3c2d024be6e5283914558a01b69b0b433a66b360cc0baff" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-storage-operator" - } - ], - "riskScore": 12.118738, - "alerts": [ - { - "id": "63b143cf-e7d0-48d2-9bcf-abed0a5afb83", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-storage-operator", - "namespaceId": "7e1dc65a-b5c3-4210-905f-9e9f6270d9d6", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-storage-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'cluster-storage-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-storage-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-storage-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-storage-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-storage-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-storage-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.556036739Z", - "firstOccurred": "2024-06-23T01:30:19.556036739Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "namespace_name": "openshift-cluster-node-tuning-operator", - "deployments": { - "deployments": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "ebd8c4c4-aa69-4e18-8131-1de1b93799e2", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.645618354Z", - "firstOccurred": "2024-06-23T01:30:19.645618354Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "38841a38-82f2-4376-85d6-5c56ab9b2799", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'tuned' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647511249Z", - "firstOccurred": "2024-06-23T01:30:19.647511249Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "7dd50331-414d-4995-9487-b530a9c38aa5", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Container 'cluster-node-tuning-operator' has image created at 2024-03-19 23:12:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642809082Z", - "firstOccurred": "2024-06-23T01:30:19.642809082Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6", - "name": "tuned", - "type": "DaemonSet", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "23701fec-5b07-456f-ba3c-014ee69e4aa6:tuned", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "tuned" - } - ], - "riskScore": 22.194225, - "alerts": [ - { - "id": "3b9d0b0d-ae3d-49f8-b3aa-b3a5b27df54f", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'tuned', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'tuned', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.647484885Z", - "firstOccurred": "2024-06-23T01:30:19.647484885Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c", - "name": "cluster-node-tuning-operator", - "type": "Deployment", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "fa45b8b4-a553-4070-bd10-6e0610dec60c:cluster-node-tuning-operator", - "image": { - "id": "sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:e7e5ed01e1b823219f88bdece8314d102f8b5929b35d789a29e61d88de035280" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "cluster-node-tuning-operator" - } - ], - "riskScore": 18.253195, - "alerts": [ - { - "id": "22f12ab4-e952-4dba-a583-2df67ce15654", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-cluster-node-tuning-operator", - "namespaceId": "bfa5f74d-362b-4d37-b504-ae8f6f0a35fd", - "violations": [ - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-11.el9_2.2.noarch) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:1803 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-11.el9_2.2.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-11.el9_2.4", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:3411 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.34-60.el9_2.12.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:2.34-60.el9_2.14", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.642768637Z", - "firstOccurred": "2024-06-23T01:30:19.642768637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "namespace_name": "openshift-machine-config-operator", - "deployments": { - "deployments": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "7f0268b2-64c1-413f-9395-278b4b235bfd", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173612973Z", - "firstOccurred": "2024-06-23T01:30:19.173612973Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "de5022d6-5a08-4969-a137-a8faa02985a3", - "policy": { - "id": "f2183906-4577-47de-9bf4-270d09e0a93c", - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:35.033827963Z", - "firstOccurred": "2024-06-23T19:52:30.450849668Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "3372f523-1247-46a1-b028-ed5ccb20d2a4", - "policy": { - "id": "ddb7af9c-5ec1-45e1-a0cf-c36e3ef2b2ce", - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:32.122444217Z", - "firstOccurred": "2024-06-23T19:52:30.629709852Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "2be1762a-1973-4692-ac96-c1a353d94a22", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168712637Z", - "firstOccurred": "2024-06-23T01:30:19.168712637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c9f12575-ab66-4ef4-94a1-ae6b36232456", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.164036130Z", - "firstOccurred": "2024-06-23T01:30:19.164036130Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "12941439-ca17-4f3b-a7f3-a6c74b20df58", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.158422479Z", - "firstOccurred": "2024-06-23T01:30:19.158422479Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a2cf650d-4c6e-479c-bb01-20b29fda91aa", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.153981050Z", - "firstOccurred": "2024-06-23T01:30:19.153981050Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "9237163b-63f5-4510-b232-67610879335b", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.149920685Z", - "firstOccurred": "2024-06-23T01:30:19.149920685Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "211bae2f-9772-4b88-bf1e-b85a6052b334", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-daemon' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617616105Z", - "firstOccurred": "2024-06-23T01:30:26.617616105Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "abe33912-6b31-405a-9fea-d3f2708ad1b9", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-operator' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609554001Z", - "firstOccurred": "2024-06-23T01:30:26.609554001Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "58efe7a3-7d1e-46e2-993f-bda30d926bad", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617586689Z", - "firstOccurred": "2024-06-23T01:30:26.617586689Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "3f7f83bb-9485-45e8-bc4d-df5a63707f3b", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-server' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605861471Z", - "firstOccurred": "2024-06-23T01:30:26.605861471Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "8f4df61c-fceb-485d-b0ce-1b4c598b4c2c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609517267Z", - "firstOccurred": "2024-06-23T01:30:26.609517267Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "dd7d9628-8139-4d8c-8d98-cade9737cc61", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-controller' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603369663Z", - "firstOccurred": "2024-06-23T01:30:26.603369663Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "29276278-e012-45a5-9e0d-3b6fb36be208", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605838360Z", - "firstOccurred": "2024-06-23T01:30:26.605838360Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "50c9da01-5be3-4ac6-b15d-ce3c93b7480c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603303310Z", - "firstOccurred": "2024-06-23T01:30:26.603303310Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "55d0fd31-1040-4b55-932a-459737a7ccd7", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173578195Z", - "firstOccurred": "2024-06-23T01:30:19.173578195Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "d5a0c7de-b731-4208-917a-77e1549198cb", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173551817Z", - "firstOccurred": "2024-06-23T01:30:19.173551817Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "81f49857-2dc0-4200-9c1d-6790f38e4fee", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166973711Z", - "firstOccurred": "2024-06-23T01:30:19.166973711Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fddefc54-09b9-40e1-89d2-87cab9b72054", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168672097Z", - "firstOccurred": "2024-06-23T01:30:19.168672097Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c0b0e4bd-ea48-4a45-95f3-ffa2b423cf7e", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162458998Z", - "firstOccurred": "2024-06-23T01:30:19.162458998Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "77b1d1f8-ab63-43dc-837c-e5ba9c3b0a06", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.163993959Z", - "firstOccurred": "2024-06-23T01:30:19.163993959Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "namespace_name": "openshift-machine-config-operator", - "deployments": { - "deployments": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "7f0268b2-64c1-413f-9395-278b4b235bfd", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173612973Z", - "firstOccurred": "2024-06-23T01:30:19.173612973Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "de5022d6-5a08-4969-a137-a8faa02985a3", - "policy": { - "id": "f2183906-4577-47de-9bf4-270d09e0a93c", - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:35.033827963Z", - "firstOccurred": "2024-06-23T19:52:30.450849668Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "3372f523-1247-46a1-b028-ed5ccb20d2a4", - "policy": { - "id": "ddb7af9c-5ec1-45e1-a0cf-c36e3ef2b2ce", - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:32.122444217Z", - "firstOccurred": "2024-06-23T19:52:30.629709852Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "2be1762a-1973-4692-ac96-c1a353d94a22", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168712637Z", - "firstOccurred": "2024-06-23T01:30:19.168712637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c9f12575-ab66-4ef4-94a1-ae6b36232456", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.164036130Z", - "firstOccurred": "2024-06-23T01:30:19.164036130Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "12941439-ca17-4f3b-a7f3-a6c74b20df58", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.158422479Z", - "firstOccurred": "2024-06-23T01:30:19.158422479Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a2cf650d-4c6e-479c-bb01-20b29fda91aa", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.153981050Z", - "firstOccurred": "2024-06-23T01:30:19.153981050Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "9237163b-63f5-4510-b232-67610879335b", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.149920685Z", - "firstOccurred": "2024-06-23T01:30:19.149920685Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "211bae2f-9772-4b88-bf1e-b85a6052b334", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-daemon' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617616105Z", - "firstOccurred": "2024-06-23T01:30:26.617616105Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "abe33912-6b31-405a-9fea-d3f2708ad1b9", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-operator' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609554001Z", - "firstOccurred": "2024-06-23T01:30:26.609554001Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "58efe7a3-7d1e-46e2-993f-bda30d926bad", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617586689Z", - "firstOccurred": "2024-06-23T01:30:26.617586689Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "3f7f83bb-9485-45e8-bc4d-df5a63707f3b", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-server' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605861471Z", - "firstOccurred": "2024-06-23T01:30:26.605861471Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "8f4df61c-fceb-485d-b0ce-1b4c598b4c2c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609517267Z", - "firstOccurred": "2024-06-23T01:30:26.609517267Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "dd7d9628-8139-4d8c-8d98-cade9737cc61", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-controller' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603369663Z", - "firstOccurred": "2024-06-23T01:30:26.603369663Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "29276278-e012-45a5-9e0d-3b6fb36be208", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605838360Z", - "firstOccurred": "2024-06-23T01:30:26.605838360Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "50c9da01-5be3-4ac6-b15d-ce3c93b7480c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603303310Z", - "firstOccurred": "2024-06-23T01:30:26.603303310Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "55d0fd31-1040-4b55-932a-459737a7ccd7", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173578195Z", - "firstOccurred": "2024-06-23T01:30:19.173578195Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "d5a0c7de-b731-4208-917a-77e1549198cb", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173551817Z", - "firstOccurred": "2024-06-23T01:30:19.173551817Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "81f49857-2dc0-4200-9c1d-6790f38e4fee", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166973711Z", - "firstOccurred": "2024-06-23T01:30:19.166973711Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fddefc54-09b9-40e1-89d2-87cab9b72054", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168672097Z", - "firstOccurred": "2024-06-23T01:30:19.168672097Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c0b0e4bd-ea48-4a45-95f3-ffa2b423cf7e", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162458998Z", - "firstOccurred": "2024-06-23T01:30:19.162458998Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "77b1d1f8-ab63-43dc-837c-e5ba9c3b0a06", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.163993959Z", - "firstOccurred": "2024-06-23T01:30:19.163993959Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "namespace_name": "openshift-machine-config-operator", - "deployments": { - "deployments": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "7f0268b2-64c1-413f-9395-278b4b235bfd", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173612973Z", - "firstOccurred": "2024-06-23T01:30:19.173612973Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "de5022d6-5a08-4969-a137-a8faa02985a3", - "policy": { - "id": "f2183906-4577-47de-9bf4-270d09e0a93c", - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:35.033827963Z", - "firstOccurred": "2024-06-23T19:52:30.450849668Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "3372f523-1247-46a1-b028-ed5ccb20d2a4", - "policy": { - "id": "ddb7af9c-5ec1-45e1-a0cf-c36e3ef2b2ce", - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:32.122444217Z", - "firstOccurred": "2024-06-23T19:52:30.629709852Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "2be1762a-1973-4692-ac96-c1a353d94a22", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168712637Z", - "firstOccurred": "2024-06-23T01:30:19.168712637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c9f12575-ab66-4ef4-94a1-ae6b36232456", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.164036130Z", - "firstOccurred": "2024-06-23T01:30:19.164036130Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "12941439-ca17-4f3b-a7f3-a6c74b20df58", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.158422479Z", - "firstOccurred": "2024-06-23T01:30:19.158422479Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a2cf650d-4c6e-479c-bb01-20b29fda91aa", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.153981050Z", - "firstOccurred": "2024-06-23T01:30:19.153981050Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "9237163b-63f5-4510-b232-67610879335b", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.149920685Z", - "firstOccurred": "2024-06-23T01:30:19.149920685Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "211bae2f-9772-4b88-bf1e-b85a6052b334", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-daemon' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617616105Z", - "firstOccurred": "2024-06-23T01:30:26.617616105Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "abe33912-6b31-405a-9fea-d3f2708ad1b9", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-operator' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609554001Z", - "firstOccurred": "2024-06-23T01:30:26.609554001Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "58efe7a3-7d1e-46e2-993f-bda30d926bad", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617586689Z", - "firstOccurred": "2024-06-23T01:30:26.617586689Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "3f7f83bb-9485-45e8-bc4d-df5a63707f3b", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-server' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605861471Z", - "firstOccurred": "2024-06-23T01:30:26.605861471Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "8f4df61c-fceb-485d-b0ce-1b4c598b4c2c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609517267Z", - "firstOccurred": "2024-06-23T01:30:26.609517267Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "dd7d9628-8139-4d8c-8d98-cade9737cc61", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-controller' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603369663Z", - "firstOccurred": "2024-06-23T01:30:26.603369663Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "29276278-e012-45a5-9e0d-3b6fb36be208", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605838360Z", - "firstOccurred": "2024-06-23T01:30:26.605838360Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "50c9da01-5be3-4ac6-b15d-ce3c93b7480c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603303310Z", - "firstOccurred": "2024-06-23T01:30:26.603303310Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "55d0fd31-1040-4b55-932a-459737a7ccd7", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173578195Z", - "firstOccurred": "2024-06-23T01:30:19.173578195Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "d5a0c7de-b731-4208-917a-77e1549198cb", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173551817Z", - "firstOccurred": "2024-06-23T01:30:19.173551817Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "81f49857-2dc0-4200-9c1d-6790f38e4fee", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166973711Z", - "firstOccurred": "2024-06-23T01:30:19.166973711Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fddefc54-09b9-40e1-89d2-87cab9b72054", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168672097Z", - "firstOccurred": "2024-06-23T01:30:19.168672097Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c0b0e4bd-ea48-4a45-95f3-ffa2b423cf7e", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162458998Z", - "firstOccurred": "2024-06-23T01:30:19.162458998Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "77b1d1f8-ab63-43dc-837c-e5ba9c3b0a06", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.163993959Z", - "firstOccurred": "2024-06-23T01:30:19.163993959Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "namespace_name": "openshift-machine-config-operator", - "deployments": { - "deployments": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "7f0268b2-64c1-413f-9395-278b4b235bfd", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173612973Z", - "firstOccurred": "2024-06-23T01:30:19.173612973Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "de5022d6-5a08-4969-a137-a8faa02985a3", - "policy": { - "id": "f2183906-4577-47de-9bf4-270d09e0a93c", - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:35.033827963Z", - "firstOccurred": "2024-06-23T19:52:30.450849668Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "3372f523-1247-46a1-b028-ed5ccb20d2a4", - "policy": { - "id": "ddb7af9c-5ec1-45e1-a0cf-c36e3ef2b2ce", - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:32.122444217Z", - "firstOccurred": "2024-06-23T19:52:30.629709852Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "2be1762a-1973-4692-ac96-c1a353d94a22", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168712637Z", - "firstOccurred": "2024-06-23T01:30:19.168712637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c9f12575-ab66-4ef4-94a1-ae6b36232456", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.164036130Z", - "firstOccurred": "2024-06-23T01:30:19.164036130Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "12941439-ca17-4f3b-a7f3-a6c74b20df58", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.158422479Z", - "firstOccurred": "2024-06-23T01:30:19.158422479Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a2cf650d-4c6e-479c-bb01-20b29fda91aa", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.153981050Z", - "firstOccurred": "2024-06-23T01:30:19.153981050Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "9237163b-63f5-4510-b232-67610879335b", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.149920685Z", - "firstOccurred": "2024-06-23T01:30:19.149920685Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "211bae2f-9772-4b88-bf1e-b85a6052b334", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-daemon' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617616105Z", - "firstOccurred": "2024-06-23T01:30:26.617616105Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "abe33912-6b31-405a-9fea-d3f2708ad1b9", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-operator' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609554001Z", - "firstOccurred": "2024-06-23T01:30:26.609554001Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "58efe7a3-7d1e-46e2-993f-bda30d926bad", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617586689Z", - "firstOccurred": "2024-06-23T01:30:26.617586689Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "3f7f83bb-9485-45e8-bc4d-df5a63707f3b", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-server' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605861471Z", - "firstOccurred": "2024-06-23T01:30:26.605861471Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "8f4df61c-fceb-485d-b0ce-1b4c598b4c2c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609517267Z", - "firstOccurred": "2024-06-23T01:30:26.609517267Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "dd7d9628-8139-4d8c-8d98-cade9737cc61", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-controller' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603369663Z", - "firstOccurred": "2024-06-23T01:30:26.603369663Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "29276278-e012-45a5-9e0d-3b6fb36be208", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605838360Z", - "firstOccurred": "2024-06-23T01:30:26.605838360Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "50c9da01-5be3-4ac6-b15d-ce3c93b7480c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603303310Z", - "firstOccurred": "2024-06-23T01:30:26.603303310Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "55d0fd31-1040-4b55-932a-459737a7ccd7", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173578195Z", - "firstOccurred": "2024-06-23T01:30:19.173578195Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "d5a0c7de-b731-4208-917a-77e1549198cb", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173551817Z", - "firstOccurred": "2024-06-23T01:30:19.173551817Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "81f49857-2dc0-4200-9c1d-6790f38e4fee", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166973711Z", - "firstOccurred": "2024-06-23T01:30:19.166973711Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fddefc54-09b9-40e1-89d2-87cab9b72054", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168672097Z", - "firstOccurred": "2024-06-23T01:30:19.168672097Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c0b0e4bd-ea48-4a45-95f3-ffa2b423cf7e", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162458998Z", - "firstOccurred": "2024-06-23T01:30:19.162458998Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "77b1d1f8-ab63-43dc-837c-e5ba9c3b0a06", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.163993959Z", - "firstOccurred": "2024-06-23T01:30:19.163993959Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "namespace_name": "openshift-machine-config-operator", - "deployments": { - "deployments": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "7f0268b2-64c1-413f-9395-278b4b235bfd", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173612973Z", - "firstOccurred": "2024-06-23T01:30:19.173612973Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "de5022d6-5a08-4969-a137-a8faa02985a3", - "policy": { - "id": "f2183906-4577-47de-9bf4-270d09e0a93c", - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:35.033827963Z", - "firstOccurred": "2024-06-23T19:52:30.450849668Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "3372f523-1247-46a1-b028-ed5ccb20d2a4", - "policy": { - "id": "ddb7af9c-5ec1-45e1-a0cf-c36e3ef2b2ce", - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:32.122444217Z", - "firstOccurred": "2024-06-23T19:52:30.629709852Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "2be1762a-1973-4692-ac96-c1a353d94a22", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168712637Z", - "firstOccurred": "2024-06-23T01:30:19.168712637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c9f12575-ab66-4ef4-94a1-ae6b36232456", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.164036130Z", - "firstOccurred": "2024-06-23T01:30:19.164036130Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "12941439-ca17-4f3b-a7f3-a6c74b20df58", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.158422479Z", - "firstOccurred": "2024-06-23T01:30:19.158422479Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a2cf650d-4c6e-479c-bb01-20b29fda91aa", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.153981050Z", - "firstOccurred": "2024-06-23T01:30:19.153981050Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "9237163b-63f5-4510-b232-67610879335b", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.149920685Z", - "firstOccurred": "2024-06-23T01:30:19.149920685Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "211bae2f-9772-4b88-bf1e-b85a6052b334", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-daemon' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617616105Z", - "firstOccurred": "2024-06-23T01:30:26.617616105Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "abe33912-6b31-405a-9fea-d3f2708ad1b9", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-operator' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609554001Z", - "firstOccurred": "2024-06-23T01:30:26.609554001Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "58efe7a3-7d1e-46e2-993f-bda30d926bad", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617586689Z", - "firstOccurred": "2024-06-23T01:30:26.617586689Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "3f7f83bb-9485-45e8-bc4d-df5a63707f3b", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-server' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605861471Z", - "firstOccurred": "2024-06-23T01:30:26.605861471Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "8f4df61c-fceb-485d-b0ce-1b4c598b4c2c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609517267Z", - "firstOccurred": "2024-06-23T01:30:26.609517267Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "dd7d9628-8139-4d8c-8d98-cade9737cc61", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-controller' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603369663Z", - "firstOccurred": "2024-06-23T01:30:26.603369663Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "29276278-e012-45a5-9e0d-3b6fb36be208", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605838360Z", - "firstOccurred": "2024-06-23T01:30:26.605838360Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "50c9da01-5be3-4ac6-b15d-ce3c93b7480c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603303310Z", - "firstOccurred": "2024-06-23T01:30:26.603303310Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "55d0fd31-1040-4b55-932a-459737a7ccd7", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173578195Z", - "firstOccurred": "2024-06-23T01:30:19.173578195Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "d5a0c7de-b731-4208-917a-77e1549198cb", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173551817Z", - "firstOccurred": "2024-06-23T01:30:19.173551817Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "81f49857-2dc0-4200-9c1d-6790f38e4fee", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166973711Z", - "firstOccurred": "2024-06-23T01:30:19.166973711Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fddefc54-09b9-40e1-89d2-87cab9b72054", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168672097Z", - "firstOccurred": "2024-06-23T01:30:19.168672097Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c0b0e4bd-ea48-4a45-95f3-ffa2b423cf7e", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162458998Z", - "firstOccurred": "2024-06-23T01:30:19.162458998Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "77b1d1f8-ab63-43dc-837c-e5ba9c3b0a06", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.163993959Z", - "firstOccurred": "2024-06-23T01:30:19.163993959Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } - }, - { - "namespace_id": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "namespace_name": "openshift-machine-config-operator", - "deployments": { - "deployments": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "7f0268b2-64c1-413f-9395-278b4b235bfd", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173612973Z", - "firstOccurred": "2024-06-23T01:30:19.173612973Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "de5022d6-5a08-4969-a137-a8faa02985a3", - "policy": { - "id": "f2183906-4577-47de-9bf4-270d09e0a93c", - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:35.033827963Z", - "firstOccurred": "2024-06-23T19:52:30.450849668Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "3372f523-1247-46a1-b028-ed5ccb20d2a4", - "policy": { - "id": "ddb7af9c-5ec1-45e1-a0cf-c36e3ef2b2ce", - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "isDefault": true, - "violation_count": 1 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [], - "time": "2024-06-23T19:52:32.122444217Z", - "firstOccurred": "2024-06-23T19:52:30.629709852Z", - "lifecycleStage": "RUNTIME", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "2be1762a-1973-4692-ac96-c1a353d94a22", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168712637Z", - "firstOccurred": "2024-06-23T01:30:19.168712637Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c9f12575-ab66-4ef4-94a1-ae6b36232456", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.164036130Z", - "firstOccurred": "2024-06-23T01:30:19.164036130Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "12941439-ca17-4f3b-a7f3-a6c74b20df58", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.158422479Z", - "firstOccurred": "2024-06-23T01:30:19.158422479Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a2cf650d-4c6e-479c-bb01-20b29fda91aa", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.153981050Z", - "firstOccurred": "2024-06-23T01:30:19.153981050Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "9237163b-63f5-4510-b232-67610879335b", - "policy": { - "id": "fb8f8732-c31d-496b-8fb1-d5abe6056e27", - "name": "Pod Service Account Token Automatically Mounted", - "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 6 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Deployment mounts the service account tokens.", - "type": "GENERIC" - }, - { - "message": "Namespace has name 'openshift-machine-config-operator'", - "type": "GENERIC" - }, - { - "message": "Service Account is set to 'default'", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.149920685Z", - "firstOccurred": "2024-06-23T01:30:19.149920685Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "fd0a5ca3-660b-4764-90a1-436b2f6f60ca", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-daemon' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.615273118Z", - "firstOccurred": "2024-06-23T01:30:26.615273118Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "3892b7fd-6a22-43c7-8d1b-115fc62fbacc", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.171902123Z", - "firstOccurred": "2024-06-23T01:30:19.171902123Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "ea5ed9c0-443f-44ef-9685-2b819db62e8e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166616258Z", - "firstOccurred": "2024-06-23T01:30:19.166616258Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "b92974d1-d100-4b2c-ab03-8e951a76c4ea", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162109780Z", - "firstOccurred": "2024-06-23T01:30:19.162109780Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f", - "name": "kube-rbac-proxy-crio-ip-10-0-55-250.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "bd185f0d-fc70-4baf-b8c2-11767eb7313f:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "a8cd05bc-8bb2-4200-9556-070e90bcd47e", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.156688222Z", - "firstOccurred": "2024-06-23T01:30:19.156688222Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215", - "name": "kube-rbac-proxy-crio-ip-10-0-92-41.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "1dd2c8f9-894b-4d03-a71f-123557a9d215:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "18057b6a-3e88-462b-accf-a267488186be", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.152580653Z", - "firstOccurred": "2024-06-23T01:30:19.152580653Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 23 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298", - "name": "kube-rbac-proxy-crio-ip-10-0-83-140.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "d8c12f54-5cb9-4ca4-a396-3edb37051298:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fc8a44f0-f932-401b-97e7-45ac03998f87", - "policy": { - "id": "b1df1abb-e5a5-4ff7-98fe-1d28a22b55d8", - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "categories": [ - "Privileges", - "Vulnerability Management" - ], - "severity": "HIGH_SEVERITY", - "SORTName": "Privileged Containers with Important and Critical Fixable CVEs", - "SORTLifecycleStage": "DEPLOY", - "policyVersion": "1.1", - "policySections": [ - { - "sectionName": "", - "policyGroups": [ - { - "fieldName": "Privileged Container", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": "true" - } - ] - }, - { - "fieldName": "Fixed By", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ".*" - } - ] - }, - { - "fieldName": "Severity", - "booleanOperator": "OR", - "negate": false, - "values": [ - { - "value": ">= IMPORTANT" - } - ] - } - ] - } - ], - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "rationale": "Known vulnerabilities make it easier for adversaries to exploit your application, and highly-privileged containers pose greater risk. You can fix these high-severity vulnerabilities by updating to a newer version of the affected component(s).", - "remediation": "Use your package manager to update to a fixed version in future builds, run your container with lower privileges, or speak with your security team to mitigate the vulnerabilities.", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "exclusions": [ - { - "name": "Don't alert on kube-system namespace", - "deployment": { - "name": "", - "scope": { - "cluster": "", - "namespace": "kube-system", - "label": null - } - }, - "image": null, - "expiration": null - } - ], - "scope": [], - "enforcementActions": [], - "mitreAttackVectors": [], - "criteriaLocked": true, - "mitreVectorsLocked": true, - "isDefault": true - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' is privileged", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.148158953Z", - "firstOccurred": "2024-06-23T01:30:19.148158953Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "211bae2f-9772-4b88-bf1e-b85a6052b334", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-daemon' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617616105Z", - "firstOccurred": "2024-06-23T01:30:26.617616105Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "abe33912-6b31-405a-9fea-d3f2708ad1b9", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-operator' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609554001Z", - "firstOccurred": "2024-06-23T01:30:26.609554001Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2", - "name": "machine-config-daemon", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 6, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "85a3ba7d-faad-4512-8699-71e62ecc5fd2:machine-config-daemon", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-daemon" - } - ], - "riskScore": 117.284706, - "alerts": [ - { - "id": "58efe7a3-7d1e-46e2-993f-bda30d926bad", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-daemon', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-daemon', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.617586689Z", - "firstOccurred": "2024-06-23T01:30:26.617586689Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "3f7f83bb-9485-45e8-bc4d-df5a63707f3b", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'machine-config-server' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605861471Z", - "firstOccurred": "2024-06-23T01:30:26.605861471Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f", - "name": "machine-config-operator", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "380b3962-94d4-4e83-ba29-62ad7c06a43f:machine-config-operator", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-operator" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "8f4df61c-fceb-485d-b0ce-1b4c598b4c2c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-operator', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-operator', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.609517267Z", - "firstOccurred": "2024-06-23T01:30:26.609517267Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "dd7d9628-8139-4d8c-8d98-cade9737cc61", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - }, - { - "message": "Container 'machine-config-controller' has image created at 2024-03-19 13:00:35 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603369663Z", - "firstOccurred": "2024-06-23T01:30:26.603369663Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554", - "name": "machine-config-server", - "type": "DaemonSet", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 3, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "9365bbaf-b3b8-40fd-84d0-23dd1bb27554:machine-config-server", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-server" - } - ], - "riskScore": 12.98153, - "alerts": [ - { - "id": "29276278-e012-45a5-9e0d-3b6fb36be208", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-server', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-server', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.605838360Z", - "firstOccurred": "2024-06-23T01:30:26.605838360Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9", - "name": "machine-config-controller", - "type": "Deployment", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 1, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:kube-rbac-proxy", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy" - }, - { - "id": "a34332b1-814d-4e8c-bc25-b89ce14dafa9:machine-config-controller", - "image": { - "id": "sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b4e5d596785f09a1eb040ece189e0263648afe09e1c3cdc6ac7d2d1fa66ab306" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "machine-config-controller" - } - ], - "riskScore": 16.31014, - "alerts": [ - { - "id": "50c9da01-5be3-4ac6-b15d-ce3c93b7480c", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'machine-config-controller', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'machine-config-controller', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:26.603303310Z", - "firstOccurred": "2024-06-23T01:30:26.603303310Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "55d0fd31-1040-4b55-932a-459737a7ccd7", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173578195Z", - "firstOccurred": "2024-06-23T01:30:19.173578195Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2", - "name": "kube-rbac-proxy-crio-ip-10-0-3-116.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "477f6a67-b7b4-422c-935a-91a45e1c92c2:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "d5a0c7de-b731-4208-917a-77e1549198cb", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.173551817Z", - "firstOccurred": "2024-06-23T01:30:19.173551817Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "81f49857-2dc0-4200-9c1d-6790f38e4fee", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.166973711Z", - "firstOccurred": "2024-06-23T01:30:19.166973711Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726", - "name": "kube-rbac-proxy-crio-ip-10-0-33-93.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "204c37bc-e6c6-47f4-a3c3-ee1d061e1726:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "fddefc54-09b9-40e1-89d2-87cab9b72054", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.168672097Z", - "firstOccurred": "2024-06-23T01:30:19.168672097Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "c0b0e4bd-ea48-4a45-95f3-ffa2b423cf7e", - "policy": { - "id": "2db9a279-2aec-4618-a85d-7f1bdf4911b1", - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Container 'kube-rbac-proxy-crio' has image created at 2024-03-05 17:38:24 (UTC)", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.162458998Z", - "firstOccurred": "2024-06-23T01:30:19.162458998Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - }, - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e", - "name": "kube-rbac-proxy-crio-ip-10-0-1-69.us-east-2.compute.internal", - "type": "Pod", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "orchestratorComponent": true, - "replicas": 0, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "containers": [ - { - "id": "0925a8c6-3729-409c-8695-4cb531ec653e:kube-rbac-proxy-crio", - "image": { - "id": "sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc", - "name": { - "registry": "quay.io", - "remote": "openshift-release-dev/ocp-v4.0-art-dev", - "tag": "", - "fullName": "quay.io/openshift-release-dev/ocp-v4.0-art-dev@sha256:b80e10f210ad89505ef974a5060b6f25f89a40907b5cd0eafb9695ca3b78e9fc" - }, - "notPullable": false, - "isClusterLocal": false - }, - "name": "kube-rbac-proxy-crio" - } - ], - "riskScore": 28.87299, - "alerts": [ - { - "id": "77b1d1f8-ab63-43dc-837c-e5ba9c3b0a06", - "policy": { - "id": "a919ccaf-6b43-4160-ac5d-a405e1440a41", - "name": "Fixable Severity at least Important", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "isDefault": true, - "violation_count": 120 - }, - "clusterId": "cc636516-5157-4127-a24d-a933a76afd85", - "clusterName": "cluster-main", - "namespace": "openshift-machine-config-operator", - "namespaceId": "e011979d-c308-4fba-915c-da1c5a3b76aa", - "violations": [ - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-3.el8_6.5.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2720 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-3.el8_6.5.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.11.36-3.el8_6.7", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-common' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-gconv-extra' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-langpack-en' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - }, - { - "message": "Fixable RHSA-2024:2799 (CVSS 8.8) (severity Important) found in component 'glibc-minimal-langpack' (version 2.28-189.8.el8_6.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:2.28-189.10.el8_6", - "type": "GENERIC" - } - ], - "time": "2024-06-23T01:30:19.163993959Z", - "firstOccurred": "2024-06-23T01:30:19.163993959Z", - "lifecycleStage": "DEPLOY", - "state": "ACTIVE" - } - ] - } - ] - } + "cluster_id": "e326422b-33f9-4348-801c-a82aa3fc8f4b", + "cluster_name": "local-cluster", + "deployments": { + "deployments": [ + { + "name": "nmstate-metrics", + "namespace": "openshift-nmstate", + "riskScore": 5.874, + "alerts": [ + { + "id": "19132fd2-eee5-48f8-be71-9dd88367eafd", + "violations": [ + { + "message": "Container 'nmstate-metrics' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master02", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "e98bd919-83ba-4f9a-baf0-ab59afa89fb8", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "collector", + "namespace": "rhacs-operator", + "riskScore": 21.185999, + "alerts": [ + { + "id": "a2237c4f-82a4-4361-b788-bccdce83af8e", + "violations": [ + { + "message": "Container 'collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "1edef97c-25e6-435c-a7d2-817c36abab7e", + "violations": [ + { + "message": "Container 'coredns' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'coredns-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-b", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "52efe1ea-ee83-4e58-861b-f8baa6de2459", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mgr', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mgr', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'watch-active', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "community-operators-4rh2m", + "namespace": "openshift-marketplace", + "riskScore": 8.910374, + "alerts": [ + { + "id": "491c64a6-ebb9-427c-8595-f6dfffa07daa", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'registry-server', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "5d85b478-9acd-402e-b750-acdc927b1dd6", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "collector", + "namespace": "rhacs-operator", + "riskScore": 21.185999, + "alerts": [ + { + "id": "1b082771-74e0-4d04-83fe-1a7e303b49bb", + "violations": [ + { + "message": "Container 'node-inventory' includes component 'rpm' (version 4.14.3-32.el8_10.x86_64)", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master01", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "f3881f3c-b403-45be-82a6-ba6a2460a4b1", + "violations": [ + { + "message": "Container 'coredns' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'coredns-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "central-db", + "namespace": "rhacs-operator", + "riskScore": 14.674274, + "alerts": [ + { + "id": "cac18067-6d81-4b12-81db-d32d8efc7a7f", + "violations": [ + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-16.el8_10.2.x86_64) in container 'central-db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-16.el8_10.2.x86_64) in container 'central-db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-16.el8_10.2.noarch) in container 'central-db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-16.el8_10.2.x86_64) in container 'central-db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-16.el8_10.2.noarch) in container 'central-db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'central-db', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql-contrib' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'central-db', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql-server' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'central-db', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql-upgrade' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'central-db', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1737 (CVSS 8.1) (severity Important) found in component 'libpq' (version 13.11-1.el8.x86_64) in container 'central-db', resolved by version 0:13.20-1.el8_10", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-b", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "52efe1ea-ee83-4e58-861b-f8baa6de2459", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mgr', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mgr', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'watch-active', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "008c8e88-892d-4eb1-8086-68e6c2e007db", + "violations": [] + } + ] + }, + { + "name": "coredns-master02", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "84b981b2-e720-4e9e-bf23-ee56b780932e", + "violations": [ + { + "message": "Container 'coredns' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'coredns-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-b", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "66d6d2fc-655b-4073-985a-30fa131fec25", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "noobaa-db-pg", + "namespace": "openshift-storage", + "riskScore": 16.7706, + "alerts": [ + { + "id": "d7d1ff25-ace1-453d-9956-597c83c18661", + "violations": [ + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'db', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'db', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'db', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-24.el9_5.x86_64) in container 'db', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-24.el9_5.noarch) in container 'db', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-24.el9_5.x86_64) in container 'db', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1741 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 15.10-1.module+el9.5.0+22558+abb1a50b.x86_64) in container 'db', resolved by version 0:15.12-1.module+el9.5.0+22866+495a739a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1741 (CVSS 8.1) (severity Important) found in component 'postgresql-contrib' (version 15.10-1.module+el9.5.0+22558+abb1a50b.x86_64) in container 'db', resolved by version 0:15.12-1.module+el9.5.0+22866+495a739a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1741 (CVSS 8.1) (severity Important) found in component 'postgresql-private-libs' (version 15.10-1.module+el9.5.0+22558+abb1a50b.x86_64) in container 'db', resolved by version 0:15.12-1.module+el9.5.0+22866+495a739a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1741 (CVSS 8.1) (severity Important) found in component 'postgresql-server' (version 15.10-1.module+el9.5.0+22558+abb1a50b.x86_64) in container 'db', resolved by version 0:15.12-1.module+el9.5.0+22866+495a739a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1741 (CVSS 8.1) (severity Important) found in component 'postgresql-upgrade' (version 15.10-1.module+el9.5.0+22558+abb1a50b.x86_64) in container 'db', resolved by version 0:15.12-1.module+el9.5.0+22866+495a739a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-manager", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "db4079a3-5754-47f3-96e5-ae28c2d8ea86", + "violations": [ + { + "message": "Deployment uses the host's process ID namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master02", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "0bca4945-80a7-4046-92d5-68d9b67956ae", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "f4d55083-3c67-4ea9-9ec4-67e665146b78", + "violations": [] + } + ] + }, + { + "name": "coredns-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "1e51d55e-c567-4c77-98ca-d40122a78e59", + "violations": [ + { + "message": "Container 'coredns' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'coredns-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "scanner-db", + "namespace": "rhacs-operator", + "riskScore": 14.674274, + "alerts": [ + { + "id": "95767638-68b5-4559-9db6-66b2591c1a26", + "violations": [ + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.11.36-16.el8_10.2.x86_64) in container 'db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-libs-lite' (version 32:9.11.36-16.el8_10.2.x86_64) in container 'db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.11.36-16.el8_10.2.noarch) in container 'db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.11.36-16.el8_10.2.x86_64) in container 'db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1675 (CVSS 7.5) (severity Important) found in component 'python3-bind' (version 32:9.11.36-16.el8_10.2.noarch) in container 'db', resolved by version 32:9.11.36-16.el8_10.4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1739 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 15.10-1.module+el8.10.0+22550+22c7d5ca.x86_64) in container 'db', resolved by version 0:15.12-1.module+el8.10.0+22871+d29fc53a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1739 (CVSS 8.1) (severity Important) found in component 'postgresql-contrib' (version 15.10-1.module+el8.10.0+22550+22c7d5ca.x86_64) in container 'db', resolved by version 0:15.12-1.module+el8.10.0+22871+d29fc53a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1739 (CVSS 8.1) (severity Important) found in component 'postgresql-private-libs' (version 15.10-1.module+el8.10.0+22550+22c7d5ca.x86_64) in container 'db', resolved by version 0:15.12-1.module+el8.10.0+22871+d29fc53a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1739 (CVSS 8.1) (severity Important) found in component 'postgresql-server' (version 15.10-1.module+el8.10.0+22550+22c7d5ca.x86_64) in container 'db', resolved by version 0:15.12-1.module+el8.10.0+22871+d29fc53a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1739 (CVSS 8.1) (severity Important) found in component 'postgresql-upgrade' (version 15.10-1.module+el8.10.0+22550+22c7d5ca.x86_64) in container 'db', resolved by version 0:15.12-1.module+el8.10.0+22871+d29fc53a", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-discovery", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "328ebead-8fd9-4a8f-aba9-25f5d2f083e2", + "violations": [ + { + "message": "Deployment uses the host's process ID namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-a", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "42099264-6ced-4fc4-bd3d-beae14ebdb27", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "3e2d0072-74cc-4d27-9af3-5f610b109687", + "violations": [] + } + ] + }, + { + "name": "rook-ceph-mgr-b", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "cad03234-5ecf-4917-b22e-8182b26eaeca", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "collector", + "namespace": "rhacs-operator", + "riskScore": 21.185999, + "alerts": [ + { + "id": "c607f1d2-fe8e-42fe-88e2-e38cc3df1163", + "violations": [ + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'compliance', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1737 (CVSS 8.1) (severity Important) found in component 'libpq' (version 13.11-1.el8.x86_64) in container 'compliance', resolved by version 0:13.20-1.el8_10", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "iptables-alerter", + "namespace": "openshift-network-operator", + "riskScore": 16.537315, + "alerts": [ + { + "id": "53f67d65-20e3-4216-8738-09b34190a419", + "violations": [ + { + "message": "Deployment uses the host's process ID namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-a", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "5fac9b4d-27a1-4dd5-b4e7-db23866a441a", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mgr', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mgr', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'watch-active', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "20f79440-9f21-4d55-a188-0082d68410a5", + "violations": [] + } + ] + }, + { + "name": "rook-ceph-operator", + "namespace": "openshift-storage", + "riskScore": 13.200001, + "alerts": [ + { + "id": "75df5492-a10b-41b2-839d-00612970299e", + "violations": [ + { + "message": "Container 'rook-ceph-operator' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "config-controller", + "namespace": "rhacs-operator", + "riskScore": 10.914749, + "alerts": [ + { + "id": "4bd7a572-b18f-4f7f-8574-6996ba0155b6", + "violations": [ + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'manager', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1737 (CVSS 8.1) (severity Important) found in component 'libpq' (version 13.11-1.el8.x86_64) in container 'manager', resolved by version 0:13.20-1.el8_10", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "fa3c13dc-659b-4e00-8b31-2b427d9b22c8", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-a", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "5fac9b4d-27a1-4dd5-b4e7-db23866a441a", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mgr', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mgr', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'watch-active', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master00", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "5f841b19-2171-47f7-aed1-8855a23c635b", + "violations": [] + } + ] + }, + { + "name": "rook-ceph-mgr-a", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "0af78460-b8b4-4b14-aa0a-1b93cab1f105", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "sensor", + "namespace": "rhacs-operator", + "riskScore": 17.342323, + "alerts": [ + { + "id": "c4f34672-896d-4662-a282-086ac71d4a91", + "violations": [ + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'sensor', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1737 (CVSS 8.1) (severity Important) found in component 'libpq' (version 13.11-1.el8.x86_64) in container 'sensor', resolved by version 0:13.20-1.el8_10", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "1caa44ad-3ab0-4fae-be69-29879368c9e5", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-discovery", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "8704eef1-1bfb-4161-9bde-b776e6a95537", + "violations": [ + { + "message": "Container 'diskmaker-discovery' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-discovery", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "8704eef1-1bfb-4161-9bde-b776e6a95537", + "violations": [ + { + "message": "Container 'diskmaker-discovery' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "cbd07a3b-6cfd-4c7b-9fd2-7e6527b17af5", + "violations": [] + } + ] + }, + { + "name": "ux-backend-server", + "namespace": "openshift-storage", + "riskScore": 12.296793, + "alerts": [ + { + "id": "a764a3f6-087b-415c-a69c-6c84e02479e6", + "violations": [ + { + "message": "Container 'oauth-proxy' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "central", + "namespace": "rhacs-operator", + "riskScore": 14.5529995, + "alerts": [ + { + "id": "329fabc9-1ef9-40d4-87f0-16788a65a214", + "violations": [ + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'central', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1737 (CVSS 8.1) (severity Important) found in component 'libpq' (version 13.11-1.el8.x86_64) in container 'central', resolved by version 0:13.20-1.el8_10", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-manager", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "d67ed016-733c-4f2c-b034-1177ed6421f1", + "violations": [ + { + "message": "Container 'diskmaker-manager' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master00", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "d863a372-114b-48d4-afa3-2c72897bf33a", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "3f142980-1982-474a-aab7-0ef3cb5af9ae", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker03", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "58f05293-caae-4b46-8cce-f74ff5aff17c", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ocs-client-operator-controller-manager", + "namespace": "openshift-storage", + "riskScore": 15.370989, + "alerts": [ + { + "id": "4c41a895-1347-4233-ba30-c81fe6579ceb", + "violations": [ + { + "message": "Container 'manager' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "628db326-7c46-4340-8a47-1e8418be281c", + "violations": [] + } + ] + }, + { + "name": "admission-control", + "namespace": "rhacs-operator", + "riskScore": 14.674274, + "alerts": [ + { + "id": "5eff09a3-5c95-4a47-8173-111ba3b9acbb", + "violations": [ + { + "message": "Fixable RHSA-2025:1736 (CVSS 8.1) (severity Important) found in component 'postgresql' (version 13.18-1.module+el8.10.0+22549+cf2ec3d9.x86_64) in container 'admission-control', resolved by version 0:13.20-1.module+el8.10.0+22878+46d41b73", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1737 (CVSS 8.1) (severity Important) found in component 'libpq' (version 13.11-1.el8.x86_64) in container 'admission-control', resolved by version 0:13.20-1.el8_10", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-handler", + "namespace": "openshift-nmstate", + "riskScore": 14.317877, + "alerts": [ + { + "id": "e7cddb70-e3c0-4a8d-ae8b-aa9f26bf8f81", + "violations": [ + { + "message": "Container 'nmstate-handler' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "10f06b3d-b02e-469b-8c8f-144a32747fb2", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker03", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "832d0209-033a-4f9a-9e0b-be6c5665dce5", + "violations": [ + { + "message": "Container 'ceph-crash' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker00", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "b2fbdba2-a60f-45e7-8d17-d82d98c96d52", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "certified-operators-jwzls", + "namespace": "openshift-marketplace", + "riskScore": 8.910374, + "alerts": [ + { + "id": "20ea1aac-5be1-47f4-aff3-0a0ad7d1d821", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'registry-server', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "7b1fbf68-743a-4f94-affc-657a30a32913", + "violations": [] + } + ] + }, + { + "name": "diskmaker-manager", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "d67ed016-733c-4f2c-b034-1177ed6421f1", + "violations": [ + { + "message": "Container 'diskmaker-manager' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "8b7dbdc3-118d-4386-86b2-ed66b65a15c8", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker00", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "3abdac9f-9437-41d5-82c7-fffd4b193a6b", + "violations": [ + { + "message": "Container 'ceph-exporter' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker05", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "7a0005ff-bdfd-4a4f-ac69-53ea71ab22c1", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "redhat-operators-z497r", + "namespace": "openshift-marketplace", + "riskScore": 8.910374, + "alerts": [ + { + "id": "c9504803-033f-4c33-85db-fae23b30fcba", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'registry-server', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "751c1617-7e8c-46fe-8952-f53c05b8bb15", + "violations": [] + } + ] + }, + { + "name": "keepalived-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "c14cf9e5-c657-4307-897b-aa98a9275aca", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker05", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "ffaee2cd-54a7-4924-a3f8-ec4be097d69e", + "violations": [ + { + "message": "Container 'ceph-crash' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker05", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "77dab01e-4ab7-43f7-b763-cb9c49555fcc", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-b", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "ced55547-1ebc-4ad8-8d9f-ba20e2ee6624", + "violations": [ + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mgr', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mgr', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'watch-active', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "da407056-27bd-4fb9-bfb2-94d49705bfd5", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-handler", + "namespace": "openshift-nmstate", + "riskScore": 14.317877, + "alerts": [ + { + "id": "e7cddb70-e3c0-4a8d-ae8b-aa9f26bf8f81", + "violations": [ + { + "message": "Container 'nmstate-handler' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ovnkube-node", + "namespace": "openshift-ovn-kubernetes", + "riskScore": 32.760002, + "alerts": [ + { + "id": "10782156-f64d-4260-bbd0-728afc366595", + "violations": [ + { + "message": "Container 'ovn-controller' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'ovnkube-controller' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-controller', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-controller', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-controller', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-controller', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovn-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovnkube-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker05", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "747544e3-a23e-4cac-bcac-73c5ac22a641", + "violations": [ + { + "message": "Container 'ceph-exporter' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-b", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "0a715b5a-9e1a-4e07-b165-d6e6d313d865", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "1d32e2b7-6016-415b-8e75-46dfa1582bbb", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-a", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "821e9d54-c0b2-4a2b-869b-f7c766a2e6c3", + "violations": [ + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mgr', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mgr', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'watch-active', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mgr', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'watch-active', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "multus", + "namespace": "openshift-multus", + "riskScore": 13.128862, + "alerts": [ + { + "id": "3d3b69af-4efc-41b4-9b8f-681f76e4285c", + "violations": [ + { + "message": "Container 'kube-multus' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-multus', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "0fb2b4fa-0593-4c64-882f-f8903e573f66", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-b", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "b7ffdda9-357e-450e-a5ae-8dce6b0a1d92", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ovnkube-node", + "namespace": "openshift-ovn-kubernetes", + "riskScore": 32.760002, + "alerts": [ + { + "id": "10782156-f64d-4260-bbd0-728afc366595", + "violations": [ + { + "message": "Container 'ovn-controller' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'ovnkube-controller' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-controller', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-controller', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-controller', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-controller', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovn-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovnkube-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-a", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "9841d0e0-4fe5-49fc-af89-9b60ce396d43", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ceph-csi-controller-manager", + "namespace": "openshift-storage", + "riskScore": 9.315751, + "alerts": [ + { + "id": "f770b1c2-6e69-43f2-a67d-4dd23309d758", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'manager', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'manager', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "multus-additional-cni-plugins", + "namespace": "openshift-multus", + "riskScore": 10.940718, + "alerts": [ + { + "id": "329c40aa-2e36-430a-8200-d210484be6a1", + "violations": [ + { + "message": "Container 'kube-multus-additional-cni-plugins' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-a", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "49803eb0-11bb-49a4-a6e9-d2802dd347e1", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master00", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "3951230a-d5ba-4022-a62f-1757b3a9e31e", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker03", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "50411957-50b7-4cda-8251-fc7be3aeb353", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ocs-client-operator-console", + "namespace": "openshift-storage", + "riskScore": 13.86, + "alerts": [ + { + "id": "7348241f-e7a9-4143-9878-60537a1abec4", + "violations": [ + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ocs-client-operator-console', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ocs-client-operator-console', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ocs-client-operator-console', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-24.el9_5.x86_64) in container 'ocs-client-operator-console', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-24.el9_5.noarch) in container 'ocs-client-operator-console', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-24.el9_5.x86_64) in container 'ocs-client-operator-console', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "multus", + "namespace": "openshift-multus", + "riskScore": 13.128862, + "alerts": [ + { + "id": "3d3b69af-4efc-41b4-9b8f-681f76e4285c", + "violations": [ + { + "message": "Container 'kube-multus' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-multus', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker03", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "af7c6d91-9430-4644-9094-9e14e094b88c", + "violations": [ + { + "message": "Container 'ceph-exporter' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "601c170f-ef62-4ddb-bb1b-074c95a7fa39", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "5d3ff639-862f-4d3d-910f-16b7aba20aa9", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-2", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "4974ed6a-06a4-45e1-a322-83110ca6b750", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'ocs-deviceset-lvs-odf-0-data-0l79xv-bridge' has source '/var/lib/rook/openshift-storage/ocs-deviceset-lvs-odf-0-data-0l79xv', destination '/var/lib/ceph/osd/ceph-2', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "odf-console", + "namespace": "openshift-storage", + "riskScore": 15.246, + "alerts": [ + { + "id": "29bc8549-3aad-4027-87b8-66d3a58618e0", + "violations": [ + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'odf-console', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'odf-console', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'odf-console', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-24.el9_5.x86_64) in container 'odf-console', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-24.el9_5.noarch) in container 'odf-console', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1681 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-24.el9_5.x86_64) in container 'odf-console', resolved by version 32:9.16.23-24.el9_5.3", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-2", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "f7004409-56fb-4425-b39d-cb42678982a4", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master01", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "14746f38-03e1-4a50-b7f5-27492bb1974e", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "metal3-image-customization", + "namespace": "openshift-machine-api", + "riskScore": 16.108105, + "alerts": [ + { + "id": "d6dd2849-5e28-4f52-9b38-60f28e74ad9e", + "violations": [ + { + "message": "Container 'machine-image-customization-controller' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-image-customization-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-a", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "9b5335a3-7512-4d9d-bd8e-7042b38bc137", + "violations": [ + { + "message": "Writable volume 'ceph-daemon-data' has source '/var/lib/rook/mon-a/data', destination '/var/lib/ceph/mon/ceph-a', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "local-storage-operator", + "namespace": "openshift-local-storage", + "riskScore": 6.0075, + "alerts": [ + { + "id": "c83072be-06e7-4eb6-a432-a33850b07bc6", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'local-storage-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'local-storage-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'local-storage-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "multus-additional-cni-plugins", + "namespace": "openshift-multus", + "riskScore": 10.940718, + "alerts": [ + { + "id": "329c40aa-2e36-430a-8200-d210484be6a1", + "violations": [ + { + "message": "Container 'kube-multus-additional-cni-plugins' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-a", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "7d7be5e3-8de5-4a72-9227-436a36cc9bce", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "2c28501c-eabb-4e5a-a895-3fb1b764e42d", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "0bde22ea-1420-4d01-a5f3-fb5b93742f9b", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-config-daemon", + "namespace": "openshift-machine-config-operator", + "riskScore": 32.760002, + "alerts": [ + { + "id": "efad5864-3295-4e34-aee9-6d0ff96915f3", + "violations": [ + { + "message": "Container 'machine-config-daemon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-config-daemon', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1188 (CVSS 8.6) (severity Important) found in component 'buildah' (version 2:1.33.11-1.el9_4.x86_64) in container 'machine-config-daemon', resolved by version 2:1.33.12-2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-discovery", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "42ac95f4-1221-493a-a07b-85dd45eee1f0", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-discovery', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-rgw-ocs-storagecluster-cephobjectstore-a", + "namespace": "openshift-storage", + "riskScore": 111.24188, + "alerts": [ + { + "id": "67c30945-7891-4fa0-b344-f4f6e5554302", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "metal3-image-customization", + "namespace": "openshift-machine-api", + "riskScore": 16.108105, + "alerts": [ + { + "id": "d6dd2849-5e28-4f52-9b38-60f28e74ad9e", + "violations": [ + { + "message": "Container 'machine-image-customization-controller' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-image-customization-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-rgw-ocs-storagecluster-cephobjectstore-a", + "namespace": "openshift-storage", + "riskScore": 111.24188, + "alerts": [ + { + "id": "c0a01a80-4a55-40ae-ad39-2ec17234b6e4", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'rgw' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "00f19d6c-eaa5-4788-9f55-3b94e2e2454c", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-manager", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "1daf2970-7cae-4ab5-b54d-f1773487497c", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'diskmaker-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "tuned", + "namespace": "openshift-cluster-node-tuning-operator", + "riskScore": 23.4, + "alerts": [ + { + "id": "72c5e7f2-9e6e-401f-8fd9-3edcb5d1d736", + "violations": [ + { + "message": "Container 'tuned' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'tuned', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-atomic' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-cpu-partitioning' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-mssql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-guest' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-host' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-openshift' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-oracle' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-postgresql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-realtime' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap-hana' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-spectrumscale' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1270 (CVSS 7.3) (severity Important) found in component 'python3-perf' (version 5.14.0-427.50.1.el9_4.x86_64) in container 'tuned', resolved by version 0:5.14.0-427.50.2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "cddafa75-8818-4ee8-9d3f-72161727cab6", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-b", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "0d814a50-e613-47ed-a8e9-19cab45bb135", + "violations": [ + { + "message": "Writable volume 'ceph-daemon-data' has source '/var/lib/rook/mon-b/data', destination '/var/lib/ceph/mon/ceph-b', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-b", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "fdd9ca75-4278-4e9c-8cb2-93c026b163ca", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-config-daemon", + "namespace": "openshift-machine-config-operator", + "riskScore": 32.760002, + "alerts": [ + { + "id": "efad5864-3295-4e34-aee9-6d0ff96915f3", + "violations": [ + { + "message": "Container 'machine-config-daemon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-config-daemon', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1188 (CVSS 8.6) (severity Important) found in component 'buildah' (version 2:1.33.11-1.el9_4.x86_64) in container 'machine-config-daemon', resolved by version 2:1.33.12-2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-console-plugin", + "namespace": "openshift-nmstate", + "riskScore": 8.168531, + "alerts": [ + { + "id": "2fce27f5-3df8-4b19-b68e-ef8bd501def6", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-console-plugin', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nmstate-console-plugin', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-console-plugin', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "40c22d6b-8e84-425f-85c8-6583a9ef0d89", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "4ea7a5e2-f9c0-4977-8805-2eb2709625b3", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-c", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "416b0cf0-25e0-4cc9-a234-f55638c84e61", + "violations": [ + { + "message": "Writable volume 'ceph-daemon-data' has source '/var/lib/rook/mon-c/data', destination '/var/lib/ceph/mon/ceph-c', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-c", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "94b172cd-14de-4703-be91-04ce7f18ee06", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "tuned", + "namespace": "openshift-cluster-node-tuning-operator", + "riskScore": 23.4, + "alerts": [ + { + "id": "72c5e7f2-9e6e-401f-8fd9-3edcb5d1d736", + "violations": [ + { + "message": "Container 'tuned' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'tuned', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-atomic' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-cpu-partitioning' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-mssql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-guest' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-host' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-openshift' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-oracle' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-postgresql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-realtime' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap-hana' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-spectrumscale' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1270 (CVSS 7.3) (severity Important) found in component 'python3-perf' (version 5.14.0-427.50.1.el9_4.x86_64) in container 'tuned', resolved by version 0:5.14.0-427.50.2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-webhook", + "namespace": "openshift-nmstate", + "riskScore": 7.3424997, + "alerts": [ + { + "id": "f763b788-550d-45b5-9da4-62bdb41df06d", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nmstate-webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "8b118b9e-0fb9-4b0b-bad2-41059af9b273", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "cccbf0c3-334b-414c-addb-d48ce85e2976", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-0", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "58fd35d4-596d-440a-beb0-9fe7c9992dd8", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'ocs-deviceset-lvs-odf-0-data-16s2st-bridge' has source '/var/lib/rook/openshift-storage/ocs-deviceset-lvs-odf-0-data-16s2st', destination '/var/lib/ceph/osd/ceph-0', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-0", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "b2751830-fedf-4cec-9b9b-b1c1cc2e6af4", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-metrics", + "namespace": "openshift-nmstate", + "riskScore": 5.874, + "alerts": [ + { + "id": "989b2bc0-a29b-4398-8312-f10fd6d796f3", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nmstate-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "node-ca", + "namespace": "openshift-image-registry", + "riskScore": 13.128862, + "alerts": [ + { + "id": "8bfed11d-d42c-46d8-b80d-e3855304d80d", + "violations": [ + { + "message": "Container 'node-ca' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'node-ca', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master01", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "3165b3de-eea8-4471-9f14-64e99ac3f8c5", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-handler", + "namespace": "openshift-nmstate", + "riskScore": 14.317877, + "alerts": [ + { + "id": "87e467ef-ff46-42a3-801e-f8d5c963c32f", + "violations": [ + { + "message": "Deployment uses the host's network namespace", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-1", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "d78c153d-f267-4124-bcff-5600a1a710b2", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'ocs-deviceset-lvs-odf-0-data-2ncctr-bridge' has source '/var/lib/rook/openshift-storage/ocs-deviceset-lvs-odf-0-data-2ncctr', destination '/var/lib/ceph/osd/ceph-1', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-1", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "39f4a2f2-d97c-4d36-984c-83d1319c1678", + "violations": [ + { + "message": "Container 'log-collector' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-handler", + "namespace": "openshift-nmstate", + "riskScore": 14.317877, + "alerts": [ + { + "id": "e1fde366-5086-4728-b125-3430da5d452f", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-handler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "755afb1f-9a3c-40a3-98a7-df2841d0d3d8", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master00", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "87218147-a285-4da4-abee-1926f2e1030d", + "violations": [ + { + "message": "Container 'etcd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-metrics' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-readyz' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker00", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "78e793b4-8e89-4fc9-9d47-837d1ddec073", + "violations": [ + { + "message": "Writable volume 'ceph-daemons-sock-dir' has source '/var/lib/rook/exporter', destination '/run/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-crash' has source '/var/lib/rook/openshift-storage/crash', destination '/var/lib/ceph/crash', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'rook-ceph-log' has source '/var/lib/rook/openshift-storage/log', destination '/var/log/ceph', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "node-ca", + "namespace": "openshift-image-registry", + "riskScore": 13.128862, + "alerts": [ + { + "id": "8bfed11d-d42c-46d8-b80d-e3855304d80d", + "violations": [ + { + "message": "Container 'node-ca' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'node-ca', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker00", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "eb5bddd6-1438-41c9-b607-d4c3e6124822", + "violations": [ + { + "message": "Container 'ceph-crash' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ovnkube-node", + "namespace": "openshift-ovn-kubernetes", + "riskScore": 32.760002, + "alerts": [ + { + "id": "20c9414f-f237-4b7c-a2be-85202e09e1c1", + "violations": [ + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'nbdb', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'northd', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-acl-logging', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-controller', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-controller', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'sbdb', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'nbdb', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'northd', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-acl-logging', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovn-controller', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-controller', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'sbdb', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-node', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-ovn-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'nbdb', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'northd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovn-acl-logging', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovn-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovnkube-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'sbdb', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'nbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'northd', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-acl-logging', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'sbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'nbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'northd', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-acl-logging', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'sbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'nbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'northd', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-acl-logging', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'sbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'nbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'northd', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-acl-logging', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovn-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-controller', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'sbdb', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-node', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-ovn-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nbdb', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'northd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-acl-logging', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'sbdb', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-node', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-ovn-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nbdb', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'northd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovn-acl-logging', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'sbdb', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-node', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-ovn-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nbdb', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'northd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-acl-logging', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovn-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'sbdb', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "855bd233-24f5-4e0c-b01b-43fadbe0859d", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master02", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "608aa008-4289-4a88-865b-219430fcce31", + "violations": [ + { + "message": "Container 'etcd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-metrics' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-readyz' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master02", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "de8bce21-2f7f-44c3-b75f-070f0bb50ac1", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/coredns', destination '/etc/coredns', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfig' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'nm-resolv' has source '/var/run/NetworkManager', destination '/var/run/NetworkManager', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/coredns', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master00", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "87218147-a285-4da4-abee-1926f2e1030d", + "violations": [ + { + "message": "Container 'etcd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-metrics' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-readyz' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "48513bb1-84e0-4a9e-90fb-d50e1d2daec0", + "violations": [ + { + "message": "Container 'keepalived' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'keepalived-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ovnkube-control-plane", + "namespace": "openshift-ovn-kubernetes", + "riskScore": 17.469376, + "alerts": [ + { + "id": "52eb7d82-a271-4b5f-86d5-b648daad3dd9", + "violations": [ + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-cluster-manager', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'ovnkube-cluster-manager', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'ovnkube-cluster-manager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-cluster-manager', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-cluster-manager', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-cluster-manager', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'ovnkube-cluster-manager', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-cluster-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'ovnkube-cluster-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'ovnkube-cluster-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "0ccc8ff0-1b68-4000-ab20-ae0ef20fdf64", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "68e503b9-fd67-4fe1-8af6-4c6e0247fc17", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/keepalived', destination '/etc/keepalived', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/keepalived', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master02", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "608aa008-4289-4a88-865b-219430fcce31", + "violations": [ + { + "message": "Container 'etcd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-metrics' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-readyz' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "b0d2b669-3add-4161-8e9a-5059109caeba", + "violations": [ + { + "message": "Container 'keepalived' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'keepalived-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "network-node-identity", + "namespace": "openshift-network-node-identity", + "riskScore": 15.881249, + "alerts": [ + { + "id": "f53f0cd9-cab2-4da4-8c69-c7da0d755236", + "violations": [ + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'approver', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:2120 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'webhook', resolved by version 0:4.6-3.el9_1.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'approver', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2023:3148 (CVSS 7.5) (severity Important) found in component 'libreswan' (version 4.6-3.el9_0.3.x86_64) in container 'webhook', resolved by version 0:4.9-4.el9_2", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'approver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'webhook', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'approver', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03' (version 24.03.2-32.el9fdp.x86_64) in container 'webhook', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'approver', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-central' (version 24.03.2-32.el9fdp.x86_64) in container 'webhook', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'approver', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-host' (version 24.03.2-32.el9fdp.x86_64) in container 'webhook', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'approver', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1096 (CVSS 8.1) (severity Important) found in component 'ovn24.03-vtep' (version 24.03.2-32.el9fdp.x86_64) in container 'webhook', resolved by version 0:24.03.4-53.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'approver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'approver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'approver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "e7d4409c-c00e-45b2-bbc7-693eafa50225", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-kni-infra'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "03473a29-4a63-4bf1-ad8b-fed57f73296f", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/keepalived', destination '/etc/keepalived', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/keepalived', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master01", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "3f7721b3-3372-4ce3-9cc9-f78fd541c714", + "violations": [ + { + "message": "Container 'etcd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-metrics' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-readyz' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master01", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "3f7721b3-3372-4ce3-9cc9-f78fd541c714", + "violations": [ + { + "message": "Container 'etcd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-metrics' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'etcd-readyz' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "cfa861a7-163e-4bc5-99d5-b16a6e10f9ae", + "violations": [ + { + "message": "Container 'keepalived' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'keepalived-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-operator", + "namespace": "openshift-nmstate", + "riskScore": 5.34, + "alerts": [ + { + "id": "2b293a9e-446f-4095-a4ed-667379da216c", + "violations": [ + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'nmstate-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'nmstate-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "d3c998cb-34a5-4781-b702-32824399aefe", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/keepalived', destination '/etc/keepalived', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/keepalived', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-console-plugin", + "namespace": "openshift-nmstate", + "riskScore": 8.168531, + "alerts": [ + { + "id": "554c2caa-5a4a-4062-b3fc-461abf4cb279", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-nmstate'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "apiserver", + "namespace": "openshift-oauth-apiserver", + "riskScore": 16.848705, + "alerts": [ + { + "id": "8767cdb5-d7a6-4012-b292-9bf00b33bcab", + "violations": [ + { + "message": "Container 'oauth-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'oauth-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master00", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "04502a3a-c152-4c07-8872-88bfbe9515f7", + "violations": [ + { + "message": "Container 'haproxy-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "multus", + "namespace": "openshift-multus", + "riskScore": 13.128862, + "alerts": [ + { + "id": "8edeb318-3215-4d05-beee-2cafe14ba455", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-multus', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master00", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "3d861be0-9875-417a-a7bd-29336f1caa40", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/haproxy', destination '/etc/haproxy', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/haproxy', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master02", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "7f8bb033-ab99-4492-a340-eea35a0b1c9a", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-machine-config-operator'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "apiserver", + "namespace": "openshift-oauth-apiserver", + "riskScore": 16.848705, + "alerts": [ + { + "id": "8767cdb5-d7a6-4012-b292-9bf00b33bcab", + "violations": [ + { + "message": "Container 'oauth-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'oauth-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "02359a73-039b-4981-ae6a-19a8945d6214", + "violations": [ + { + "message": "Container 'keepalived' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'keepalived-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "multus-additional-cni-plugins", + "namespace": "openshift-multus", + "riskScore": 10.940718, + "alerts": [ + { + "id": "0031d424-dc79-4511-aa68-04f63fee9612", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-multus-additional-cni-plugins', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "c037f043-8d50-4a2d-9ade-80334a489dba", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/keepalived', destination '/etc/keepalived', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/keepalived', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master00", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "73e86814-fdb6-4922-985c-0a2f1fa25d16", + "violations": [ + { + "message": "Container 'kube-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master01", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "36dee493-1c3f-4df1-bea0-434dc42e6b1a", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-machine-config-operator'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "1e6befb9-f9a3-46d6-a119-2356d26ca1c6", + "violations": [ + { + "message": "Container 'keepalived' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'keepalived-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "metal3-image-customization", + "namespace": "openshift-machine-api", + "riskScore": 16.108105, + "alerts": [ + { + "id": "e9d2bba5-c75c-46cb-9ec2-e6e6aab1a94d", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-image-customization-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-image-customization-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "76747b10-ba0b-4dba-810f-c0d88cacc1ae", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/keepalived', destination '/etc/keepalived', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/keepalived', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master00", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "73e86814-fdb6-4922-985c-0a2f1fa25d16", + "violations": [ + { + "message": "Container 'kube-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master02", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "2849755f-f6c7-4b75-9bc9-30299171afd5", + "violations": [ + { + "message": "Container 'kube-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker03", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "d3b4057b-5c04-4984-9bf6-34981ebb706d", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-machine-config-operator'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "downloads", + "namespace": "openshift-console", + "riskScore": 7.1283, + "alerts": [ + { + "id": "1d950133-35ec-4f7b-b2ab-995138c12fc1", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'download-server', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'download-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'download-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'download-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "5ae8a794-d2c3-4312-b428-3f1ac898bb9e", + "violations": [ + { + "message": "Container 'keepalived' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'keepalived-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "0db680c9-c651-434e-a501-af99e7c84f85", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/keepalived', destination '/etc/keepalived', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/keepalived', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master02", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "2849755f-f6c7-4b75-9bc9-30299171afd5", + "violations": [ + { + "message": "Container 'kube-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master01", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "9634e240-f095-478f-af1b-faf03e2d2e55", + "violations": [ + { + "message": "Container 'kube-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "cluster-image-registry-operator", + "namespace": "openshift-image-registry", + "riskScore": 9.801413, + "alerts": [ + { + "id": "0ddc1900-90f3-4e33-92c6-4de93f20ff94", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'cluster-image-registry-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-image-registry-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'cluster-image-registry-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-image-registry-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker05", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "bea51a99-f05d-463b-a30e-bddcc5fbfab8", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-machine-config-operator'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "b8e43843-211d-4f79-9efd-3757658e77a2", + "violations": [ + { + "message": "Container 'haproxy-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "8e4d17b0-a071-40a7-8a1c-7034d5e7b9ed", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/haproxy', destination '/etc/haproxy', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/haproxy', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master02", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "dd510068-b043-42a5-9f87-6c0f917ef55f", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "cluster-version-operator", + "namespace": "openshift-cluster-version", + "riskScore": 8.910374, + "alerts": [ + { + "id": "f99aff8e-86d5-4835-87d0-49b2e63f3d8c", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'cluster-version-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-version-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'cluster-version-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-version-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "26a7f2ed-f2a6-4276-ab82-6f0821a073c2", + "violations": [ + { + "message": "Container 'haproxy-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master00", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "445076ee-5ae6-4336-8e1f-fb8d5f562794", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-machine-config-operator'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "5c6ad1ea-1ba1-4a0e-8a21-37ef967262fe", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/haproxy', destination '/etc/haproxy', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfigvarlib' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/haproxy', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master01", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "9634e240-f095-478f-af1b-faf03e2d2e55", + "violations": [ + { + "message": "Container 'kube-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker03", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "5cd787b3-63b2-4bc3-a6ba-18d1821417b5", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "redhat-marketplace-spb4n", + "namespace": "openshift-marketplace", + "riskScore": 8.910374, + "alerts": [ + { + "id": "88ebe7e1-6860-47dc-a1b6-ee5e45dbe31a", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'registry-server', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'registry-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "c163a65f-dc2a-46b6-b3b4-f94c7bf615cc", + "violations": [ + { + "message": "Container 'coredns' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'coredns-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker00", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "7de9a32e-c121-4e04-bbe7-1f097830a081", + "violations": [ + { + "message": "Deployment mounts the service account tokens.", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Namespace has name 'openshift-machine-config-operator'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Service Account is set to 'default'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master01", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "ca79c022-dcb9-4e36-8f06-f9b1c8ac1fe7", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/coredns', destination '/etc/coredns', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfig' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'nm-resolv' has source '/var/run/NetworkManager', destination '/var/run/NetworkManager', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/coredns', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master02", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "dd510068-b043-42a5-9f87-6c0f917ef55f", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker05", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "2e09c88b-895a-468e-aafd-1f287b702172", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-config-controller", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.469376, + "alerts": [ + { + "id": "8106aa25-2f4d-4c15-944b-8dc8c3ccc919", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-config-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1188 (CVSS 8.6) (severity Important) found in component 'buildah' (version 2:1.33.11-1.el9_4.x86_64) in container 'machine-config-controller', resolved by version 2:1.33.12-2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-config-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "78912ae0-edd7-4701-9cbe-b7e008d076f4", + "violations": [ + { + "message": "Container 'coredns' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'coredns-monitor' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "c2fdf844-36aa-4e02-b917-3ce160795235", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/coredns', destination '/etc/coredns', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfig' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'nm-resolv' has source '/var/run/NetworkManager', destination '/var/run/NetworkManager', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/coredns', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker03", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "5cd787b3-63b2-4bc3-a6ba-18d1821417b5", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-config-operator", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.469376, + "alerts": [ + { + "id": "746ac8ad-4cde-47e3-bed9-2328dc6d7800", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-config-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1188 (CVSS 8.6) (severity Important) found in component 'buildah' (version 2:1.33.11-1.el9_4.x86_64) in container 'machine-config-operator', resolved by version 2:1.33.12-2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-config-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master00", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "9909c212-1dd1-410a-a2c0-459078fd67ba", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "odf-operator-controller-manager", + "namespace": "openshift-storage", + "riskScore": 10.247326, + "alerts": [ + { + "id": "25633189-6aa8-47bd-a97a-2173a04ec8b7", + "violations": [ + { + "message": "Container 'manager' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "df5b50be-b91c-4319-8d4d-488ee82e4c98", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/coredns', destination '/etc/coredns', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfig' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'nm-resolv' has source '/var/run/NetworkManager', destination '/var/run/NetworkManager', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/coredns', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker05", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "2e09c88b-895a-468e-aafd-1f287b702172", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-config-daemon", + "namespace": "openshift-machine-config-operator", + "riskScore": 32.760002, + "alerts": [ + { + "id": "47847742-8af4-463c-ac4b-16a81ca8341c", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-config-daemon', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1188 (CVSS 8.6) (severity Important) found in component 'buildah' (version 2:1.33.11-1.el9_4.x86_64) in container 'machine-config-daemon', resolved by version 2:1.33.12-2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master01", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "034762b1-5d2e-4a14-8fb6-e5799bbe0d2e", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-webhook", + "namespace": "openshift-nmstate", + "riskScore": 7.3424997, + "alerts": [ + { + "id": "0aa68fff-0d10-439f-a55b-33d9c38be9d7", + "violations": [ + { + "message": "Container 'nmstate-webhook' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "97b98aa4-a9df-4646-a505-c8bcbb577e44", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/coredns', destination '/etc/coredns', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfig' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'nm-resolv' has source '/var/run/NetworkManager', destination '/var/run/NetworkManager', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/coredns', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-config-server", + "namespace": "openshift-machine-config-operator", + "riskScore": 14.4375, + "alerts": [ + { + "id": "b0666722-02a4-4188-8a96-89e068c45b9a", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-config-server', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1188 (CVSS 8.6) (severity Important) found in component 'buildah' (version 2:1.33.11-1.el9_4.x86_64) in container 'machine-config-server', resolved by version 2:1.33.12-2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-config-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-config-server', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master00", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "9909c212-1dd1-410a-a2c0-459078fd67ba", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker00", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "45a219a4-e38c-45b9-bc2e-fe6892bf5746", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-handler", + "namespace": "openshift-nmstate", + "riskScore": 14.317877, + "alerts": [ + { + "id": "52bdf742-df51-43b6-b98c-ad8582b77c11", + "violations": [ + { + "message": "Container 'nmstate-handler' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "9d00af59-cb61-4430-8e94-ed309a91b806", + "violations": [ + { + "message": "Writable volume 'conf-dir' has source '/etc/coredns', destination '/etc/coredns', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'kubeconfig' has source '/var/lib/kubelet', destination '/var/lib/kubelet', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'nm-resolv' has source '/var/run/NetworkManager', destination '/var/run/NetworkManager', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Writable volume 'resource-dir' has source '/etc/kubernetes/static-pod-resources/coredns', destination '/config', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "network-operator", + "namespace": "openshift-network-operator", + "riskScore": 9.720408, + "alerts": [ + { + "id": "80baefcd-96b7-44c0-be56-1d385d79cde6", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'network-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'network-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'network-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'network-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-master01", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "034762b1-5d2e-4a14-8fb6-e5799bbe0d2e", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "node-resolver", + "namespace": "openshift-dns", + "riskScore": 13.12886, + "alerts": [ + { + "id": "6b2032c2-f2a5-4b04-88a7-06d58b1ff3c4", + "violations": [ + { + "message": "Container 'dns-node-resolver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'dns-node-resolver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns-node-resolver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'dns-node-resolver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns-node-resolver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ceph-csi-controller-manager", + "namespace": "openshift-storage", + "riskScore": 9.315751, + "alerts": [ + { + "id": "a0d425eb-9b87-4ec1-a993-d2f512469e9b", + "violations": [ + { + "message": "Container 'manager' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-handler", + "namespace": "openshift-nmstate", + "riskScore": 14.317877, + "alerts": [ + { + "id": "837658ac-e293-4e44-b975-a03942199ef3", + "violations": [ + { + "message": "Writable volume 'nmstate-lock' has source '/var/k8s_nmstate', destination '/var/k8s_nmstate', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "network-check-source", + "namespace": "openshift-network-diagnostics", + "riskScore": 7.1282997, + "alerts": [ + { + "id": "a480bf19-aef7-4d8f-9062-3463712ba297", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'check-endpoints', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "iptables-alerter", + "namespace": "openshift-network-operator", + "riskScore": 16.537315, + "alerts": [ + { + "id": "2be72f2f-f82c-459a-9448-ad3cfe53a406", + "violations": [ + { + "message": "Container 'iptables-alerter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'iptables-alerter', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'iptables-alerter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'iptables-alerter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'iptables-alerter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-rbac-proxy-crio-worker00", + "namespace": "openshift-machine-config-operator", + "riskScore": 17.572477, + "alerts": [ + { + "id": "45a219a4-e38c-45b9-bc2e-fe6892bf5746", + "violations": [ + { + "message": "Container 'kube-rbac-proxy-crio' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-crio', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "csi-addons-controller-manager", + "namespace": "openshift-storage", + "riskScore": 11.528242, + "alerts": [ + { + "id": "f37cf1a3-b301-4749-a0f9-c9734c14fa08", + "violations": [ + { + "message": "Container 'manager' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "collector", + "namespace": "rhacs-operator", + "riskScore": 21.185999, + "alerts": [ + { + "id": "e806b746-2c2f-4fc9-b135-064237fbd307", + "violations": [ + { + "message": "Read-only volume 'sys-ro' has source '/sys/', destination '/host/sys', and type 'HostPath'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "network-check-target", + "namespace": "openshift-network-diagnostics", + "riskScore": 7.1282997, + "alerts": [ + { + "id": "a116eaf4-defd-4784-aa97-6a986ada8739", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'network-check-target-container', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'network-check-target-container', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'network-check-target-container', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'network-check-target-container', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "oauth-openshift", + "namespace": "openshift-authentication", + "riskScore": 16.848705, + "alerts": [ + { + "id": "1d1c60f1-d2e4-47a5-b06f-74e02e490d57", + "violations": [ + { + "message": "Container 'oauth-openshift' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'oauth-openshift', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-openshift', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'oauth-openshift', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-openshift', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "node-resolver", + "namespace": "openshift-dns", + "riskScore": 13.12886, + "alerts": [ + { + "id": "6b2032c2-f2a5-4b04-88a7-06d58b1ff3c4", + "violations": [ + { + "message": "Container 'dns-node-resolver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'dns-node-resolver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns-node-resolver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'dns-node-resolver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns-node-resolver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "iptables-alerter", + "namespace": "openshift-network-operator", + "riskScore": 16.537315, + "alerts": [ + { + "id": "b95822b5-0c06-43ee-9a6a-695e78e1eac6", + "violations": [ + { + "message": "Container 'iptables-alerter' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "c0ef72df-3a5b-496c-ab5a-208383e2a02a", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "apiserver", + "namespace": "openshift-apiserver", + "riskScore": 18.380405, + "alerts": [ + { + "id": "fc2bf6db-e13e-4f0b-abb8-0aafd2ae46d3", + "violations": [ + { + "message": "Container 'openshift-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'openshift-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "iptables-alerter", + "namespace": "openshift-network-operator", + "riskScore": 16.537315, + "alerts": [ + { + "id": "2be72f2f-f82c-459a-9448-ad3cfe53a406", + "violations": [ + { + "message": "Container 'iptables-alerter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'iptables-alerter', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'iptables-alerter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'iptables-alerter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'iptables-alerter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-operator", + "namespace": "openshift-nmstate", + "riskScore": 5.34, + "alerts": [ + { + "id": "a2b1a903-29e9-417b-a8ce-fb9f0732cece", + "violations": [ + { + "message": "Container 'nmstate-operator' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "cc29d5b9-3396-4aed-8f37-2f68e3015579", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker03", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "9dd98183-f09e-4e56-b584-05ba3d889b7b", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-crash', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-crash', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "oauth-openshift", + "namespace": "openshift-authentication", + "riskScore": 16.848705, + "alerts": [ + { + "id": "1d1c60f1-d2e4-47a5-b06f-74e02e490d57", + "violations": [ + { + "message": "Container 'oauth-openshift' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'oauth-openshift', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-openshift', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'oauth-openshift', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-openshift', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-manager", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "d3eb2704-c0c6-447f-b39e-9a54bbd71756", + "violations": [ + { + "message": "Container 'diskmaker-manager' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "28ba9494-97ff-46a9-b98b-ac13ea66b0f4", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker00", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "baca9055-8eb6-4d3b-82b4-9a360c856698", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-exporter', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-exporter', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "apiserver", + "namespace": "openshift-apiserver", + "riskScore": 18.380405, + "alerts": [ + { + "id": "fc2bf6db-e13e-4f0b-abb8-0aafd2ae46d3", + "violations": [ + { + "message": "Container 'openshift-apiserver' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'openshift-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'openshift-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'openshift-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-discovery", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "1476fa2a-be4c-4a27-aa0e-d7c912c1bdb3", + "violations": [ + { + "message": "Container 'diskmaker-discovery' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "0dc45331-b45f-407f-acec-37842683fa4f", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'haproxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'haproxy-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker05", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "a59fd744-be6d-45b7-8554-1512128ed7e0", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-crash', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-crash', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "metal3-image-customization", + "namespace": "openshift-machine-api", + "riskScore": 16.108105, + "alerts": [ + { + "id": "23fccff7-6772-4e4a-bcca-11a4f6cfde92", + "violations": [ + { + "message": "Container 'machine-image-customization-controller' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "local-storage-operator", + "namespace": "openshift-local-storage", + "riskScore": 6.0075, + "alerts": [ + { + "id": "6704e3f5-b637-430c-b995-6adef30f6801", + "violations": [ + { + "message": "Container 'local-storage-operator' has image with user 'root'", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master00", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "8bf8e49e-5c58-4380-806e-45553e153cab", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'haproxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'haproxy-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker05", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "8bfb49b4-e641-48d6-823c-bc7b18709f76", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-exporter', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-exporter', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-b", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "24abfa11-755e-4c91-9074-9820cdfacdae", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker00", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "632582ff-112d-4943-94d8-c0707446ef78", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-b", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "a8153d78-6ade-4f7f-a1f8-cf01cad05e9f", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mds', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mds', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mgr-a", + "namespace": "openshift-storage", + "riskScore": 101.971725, + "alerts": [ + { + "id": "2e607e51-ef5f-47cc-9c51-f507c850da17", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mgr' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'watch-active' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "b3e2a5bb-894f-4352-8ea2-89f2897992a5", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-a", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "c44c6e46-6b35-41c7-9baf-9dd394d58bac", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mds', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mds', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker03", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "9dd98183-f09e-4e56-b584-05ba3d889b7b", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-crash', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-crash', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master01", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "17aabdb6-695f-460d-9349-337263513066", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker03", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "c6b14233-fe19-4f34-a7d6-e7c48e106d99", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 26.476542, + "alerts": [ + { + "id": "426985fa-499e-4e25-a325-990b29b07f5f", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker03", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "fb114b40-b762-40f1-a1d3-40f6f52a495a", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-exporter', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-exporter', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker00", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "7c9991ca-7dd5-4438-b053-964b0d6c2246", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker05", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "85845d0d-070d-4bfb-ad92-9d1d0642c773", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-2", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "d24932af-a8bc-40c9-8feb-69e3031bc4a5", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'osd', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'osd', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker00", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "baca9055-8eb6-4d3b-82b4-9a360c856698", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-exporter', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-exporter', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master02", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "0f800c86-3e32-4bbe-974b-4afcdde3a0ef", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-a", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "6b19a927-1e34-43c8-8a4e-5dbe8204372e", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mon', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mon', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "keepalived-master02", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "ccfd32a5-8b6e-441f-89bd-e7dfe40366f3", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'keepalived-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'keepalived-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker05", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "a59fd744-be6d-45b7-8554-1512128ed7e0", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-crash', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-crash', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "haproxy-master01", + "namespace": "openshift-kni-infra", + "riskScore": 16.54784, + "alerts": [ + { + "id": "ac8112dc-631e-4742-8872-0ef031d221c0", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'haproxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'haproxy-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'haproxy-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-rgw-ocs-storagecluster-cephobjectstore-a", + "namespace": "openshift-storage", + "riskScore": 111.24188, + "alerts": [ + { + "id": "58846513-e968-4676-8f4d-b86e083d7f95", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'rgw' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'rgw', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'rgw', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'rgw', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'rgw', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker05", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "e84ef990-9fd4-4be3-a9b8-ebf6e3bf2e57", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-master00", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "3c136497-6ce9-469c-8fdd-4b2be834f274", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker05", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "c45cbfe6-882f-4657-8238-864cabd4c79d", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-b", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "37ec8b4f-b3a8-4d95-8b5f-5fa02b2050ef", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mon', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mon', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "coredns-worker03", + "namespace": "openshift-kni-infra", + "riskScore": 12.203108, + "alerts": [ + { + "id": "1bc1cd39-f5f6-4179-8bc3-540fed699571", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'coredns-monitor', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'coredns-monitor', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker05", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "8bfb49b4-e641-48d6-823c-bc7b18709f76", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-exporter', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-exporter', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-c", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "c2597047-8ef0-4d26-8a52-e8eac4682c7d", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mon', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mon', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "dns-default", + "namespace": "openshift-dns", + "riskScore": 10.530442, + "alerts": [ + { + "id": "1810b52e-611d-46f9-a9fa-019c60467715", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'dns', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'dns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-b", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "bb964013-8f9b-4b34-a09d-46a8eec76345", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-controller-manager-master02", + "namespace": "openshift-kube-controller-manager", + "riskScore": 11.340477, + "alerts": [ + { + "id": "4f6f89f7-b99a-4e2d-927b-2e3b99de07d0", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'cluster-policy-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-0", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "60bf253b-308a-42db-bafc-69972bf4f888", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'osd', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'osd', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-b", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "a8153d78-6ade-4f7f-a1f8-cf01cad05e9f", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mds', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mds', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-controller-manager-guard-master01", + "namespace": "openshift-kube-controller-manager", + "riskScore": 7.2903056, + "alerts": [ + { + "id": "c2c43257-118c-408b-b6a2-1212e697199b", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'guard', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-1", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "96d9566d-2719-4f83-b9f4-47c2834a5e41", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'osd', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'osd', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-a", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "100cccf8-7878-4e52-ba24-14eda898d05c", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-controller-manager-guard-master02", + "namespace": "openshift-kube-controller-manager", + "riskScore": 8.10034, + "alerts": [ + { + "id": "4a23cff1-2d92-4933-b639-2e2f19c0876e", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'guard', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker00", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "5d9d09a5-8eff-4f47-9cca-8b5d7ea54cf2", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-crash', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-crash', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mds-ocs-storagecluster-cephfilesystem-a", + "namespace": "openshift-storage", + "riskScore": 92.70156, + "alerts": [ + { + "id": "c44c6e46-6b35-41c7-9baf-9dd394d58bac", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mds' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mds', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mds', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mds', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-controller-manager-master01", + "namespace": "openshift-kube-controller-manager", + "riskScore": 11.340477, + "alerts": [ + { + "id": "f00bf8cd-8830-456e-8936-855e3e52db67", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'cluster-policy-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker03", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "2249aafd-4e89-4cad-9e9d-0d020563e64a", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-controller-manager-master00", + "namespace": "openshift-kube-controller-manager", + "riskScore": 11.340477, + "alerts": [ + { + "id": "0328651a-49be-42ee-9273-e8366ad587c5", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'cluster-policy-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-policy-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-exporter-worker03", + "namespace": "openshift-storage", + "riskScore": 33.2871, + "alerts": [ + { + "id": "fb114b40-b762-40f1-a1d3-40f6f52a495a", + "violations": [ + { + "message": "Container 'ceph-exporter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-exporter', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-exporter', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-exporter', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-controller-manager-operator", + "namespace": "openshift-kube-controller-manager-operator", + "riskScore": 8.910374, + "alerts": [ + { + "id": "ba105181-515d-4c6b-8735-767ce2e86771", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-controller-manager-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-controller-manager-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-controller-manager-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-2", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "d24932af-a8bc-40c9-8feb-69e3031bc4a5", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'osd', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'osd', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-controller-manager-guard-master00", + "namespace": "openshift-kube-controller-manager", + "riskScore": 7.2903056, + "alerts": [ + { + "id": "68050161-18d6-4a13-8d50-b42667d12e5a", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'guard', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'guard', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-2", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "59444d55-b7b6-444a-9d22-3d610275d344", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "service-ca", + "namespace": "openshift-service-ca", + "riskScore": 8.910373, + "alerts": [ + { + "id": "286e0d3d-d64d-4275-835f-72f7f8c2965d", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'service-ca-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'service-ca-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'service-ca-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'service-ca-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-a", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "32a415c1-a821-4fd6-aa5b-da07fc6f938d", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "service-ca-operator", + "namespace": "openshift-service-ca-operator", + "riskScore": 8.910374, + "alerts": [ + { + "id": "9e0c834b-1e78-4bbb-ad74-65d2f4ae436f", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'service-ca-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'service-ca-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'service-ca-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'service-ca-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-a", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "6b19a927-1e34-43c8-8a4e-5dbe8204372e", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mon', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mon', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "controller-manager", + "namespace": "openshift-controller-manager", + "riskScore": 8.910374, + "alerts": [ + { + "id": "47e92430-ac13-4a6e-a6e0-f5df556ac975", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'controller-manager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-rgw-ocs-storagecluster-cephobjectstore-a", + "namespace": "openshift-storage", + "riskScore": 111.24188, + "alerts": [ + { + "id": "e266edd8-a6a6-4b10-a619-67a7c9efeb5f", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'rgw' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "network-metrics-daemon", + "namespace": "openshift-multus", + "riskScore": 8.910374, + "alerts": [ + { + "id": "1b9db8a1-865c-462b-88f2-dc323ab5eeb3", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'network-metrics-daemon', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'network-metrics-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'network-metrics-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'network-metrics-daemon', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-rgw-ocs-storagecluster-cephobjectstore-a", + "namespace": "openshift-storage", + "riskScore": 111.24188, + "alerts": [ + { + "id": "58846513-e968-4676-8f4d-b86e083d7f95", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'rgw' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'rgw', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'rgw', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'rgw', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'rgw', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ux-backend-server", + "namespace": "openshift-storage", + "riskScore": 12.296793, + "alerts": [ + { + "id": "4c8f720f-68f2-4ad5-97eb-134d04bc95dd", + "violations": [ + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ux-backend-server', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ux-backend-server', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-b", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "1a89cdf2-65fd-496b-8dca-fa812d696c36", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "prometheus-operator-admission-webhook", + "namespace": "openshift-monitoring", + "riskScore": 8.910374, + "alerts": [ + { + "id": "31c623ef-afe1-42c3-b61e-e36fd7c0ad45", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'prometheus-operator-admission-webhook', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prometheus-operator-admission-webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'prometheus-operator-admission-webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prometheus-operator-admission-webhook', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-b", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "37ec8b4f-b3a8-4d95-8b5f-5fa02b2050ef", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mon', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mon', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "cluster-node-tuning-operator", + "namespace": "openshift-cluster-node-tuning-operator", + "riskScore": 19.057499, + "alerts": [ + { + "id": "0b4336d2-f43c-42cc-8afd-867b2745e9da", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-atomic' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-cpu-partitioning' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-mssql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-guest' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-host' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-openshift' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-oracle' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-postgresql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-realtime' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap-hana' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-spectrumscale' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'cluster-node-tuning-operator', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1270 (CVSS 7.3) (severity Important) found in component 'python3-perf' (version 5.14.0-427.50.1.el9_4.x86_64) in container 'cluster-node-tuning-operator', resolved by version 0:5.14.0-427.50.2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-node-tuning-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-c", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "c254c7a0-79fc-4245-9ba6-7134529df5d4", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "tuned", + "namespace": "openshift-cluster-node-tuning-operator", + "riskScore": 23.4, + "alerts": [ + { + "id": "44d67334-31ab-4c13-b53c-47befbc438a3", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'tuned', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-atomic' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-cpu-partitioning' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-mssql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-guest' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-nfv-host' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-openshift' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-oracle' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-postgresql' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-realtime' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-sap-hana' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0879 (CVSS 7.8) (severity Important) found in component 'tuned-profiles-spectrumscale' (version 2.24.0-1.2.20240819gitc082797f.el9fdp.noarch) in container 'tuned', resolved by version 0:2.24.0-2.1.20240819gitc082797f.el9fdp", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1270 (CVSS 7.3) (severity Important) found in component 'python3-perf' (version 5.14.0-427.50.1.el9_4.x86_64) in container 'tuned', resolved by version 0:5.14.0-427.50.2.el9_4", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'tuned', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-mon-c", + "namespace": "openshift-storage", + "riskScore": 133.1484, + "alerts": [ + { + "id": "c2597047-8ef0-4d26-8a52-e8eac4682c7d", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'mon' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'mon', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'mon', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'mon', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "openshift-state-metrics", + "namespace": "openshift-monitoring", + "riskScore": 9.720408, + "alerts": [ + { + "id": "12b5a2e0-9b09-451f-9600-469b8598c32a", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-main', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-self', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'openshift-state-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-main', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-self', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'openshift-state-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-main', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-self', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'openshift-state-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-main', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-self', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'openshift-state-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-0", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "472bafec-2c90-424f-9b5c-4c0774170f07", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "node-ca", + "namespace": "openshift-image-registry", + "riskScore": 13.128862, + "alerts": [ + { + "id": "77a0ffa3-6622-47a2-bf2e-264b52e3a532", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'node-ca', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-ca', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-0", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "60bf253b-308a-42db-bafc-69972bf4f888", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'osd', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'osd', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "route-controller-manager", + "namespace": "openshift-route-controller-manager", + "riskScore": 8.910374, + "alerts": [ + { + "id": "7220dc77-75da-46e2-bc00-914af1483a18", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'route-controller-manager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'route-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'route-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'route-controller-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-1", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "eb029fd3-bf9c-407d-ba6d-3fc36ac906cc", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "multus-admission-controller", + "namespace": "openshift-multus", + "riskScore": 9.720408, + "alerts": [ + { + "id": "a1252e84-73fc-4a62-bb5d-f73ec1837550", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'multus-admission-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'multus-admission-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'multus-admission-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'multus-admission-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-osd-1", + "namespace": "openshift-storage", + "riskScore": 121.044, + "alerts": [ + { + "id": "96d9566d-2719-4f83-b9f4-47c2834a5e41", + "violations": [ + { + "message": "Container 'log-collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'osd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'log-collector', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'osd', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'log-collector', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'osd', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'log-collector', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'osd', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "networking-console-plugin", + "namespace": "openshift-network-console", + "riskScore": 8.019337, + "alerts": [ + { + "id": "cbfce528-ee05-4a21-a9e6-6cc14dba4c8e", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'networking-console-plugin', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'networking-console-plugin', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'networking-console-plugin', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'networking-console-plugin', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker00", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "490463c8-7ed6-47e1-834d-99a276bbc676", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "prometheus-operator", + "namespace": "openshift-monitoring", + "riskScore": 8.019337, + "alerts": [ + { + "id": "5d73b2c9-3a1c-4525-bedf-c90327b33a70", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'prometheus-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prometheus-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'prometheus-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prometheus-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "rook-ceph-crashcollector-worker00", + "namespace": "openshift-storage", + "riskScore": 30.261, + "alerts": [ + { + "id": "5d9d09a5-8eff-4f47-9cca-8b5d7ea54cf2", + "violations": [ + { + "message": "Container 'ceph-crash' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0667 (CVSS 6.3) (severity Important) found in component 'python3-jinja2' (version 2.11.3-6.el9.noarch) in container 'ceph-crash', resolved by version 0:2.11.3-7.el9_5", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'ceph-crash', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'ceph-crash', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "prometheus-operator", + "namespace": "openshift-storage", + "riskScore": 7.2903056, + "alerts": [ + { + "id": "73e0381b-9fa5-4cbd-ab69-cd7e2be07291", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'prometheus-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prometheus-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'prometheus-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prometheus-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "nmstate-handler", + "namespace": "openshift-nmstate", + "riskScore": 14.317877, + "alerts": [ + { + "id": "c4bb23a1-15c7-48c0-b70a-55f5bb57e451", + "violations": [ + { + "message": "Container 'nmstate-handler' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master00", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "ab4dee89-c8c9-4f46-a0a9-685a66fd725e", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcdctl', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-manager", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "92494c97-c0ab-4760-9d91-a3574e8b3a73", + "violations": [ + { + "message": "Container 'diskmaker-manager' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master02", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "3fe7443f-9fbc-4335-b423-c3b373ef731d", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcdctl', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "diskmaker-discovery", + "namespace": "openshift-local-storage", + "riskScore": 16.832684, + "alerts": [ + { + "id": "09b8114e-c1be-4754-b2a4-fed70a20ebbf", + "violations": [ + { + "message": "Container 'diskmaker-discovery' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "etcd-master01", + "namespace": "openshift-etcd", + "riskScore": 18.380407, + "alerts": [ + { + "id": "97910b39-7007-4e9a-91d2-a2d1e26cd02d", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcd-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'etcdctl', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcd-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'etcdctl', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "metal3", + "namespace": "openshift-machine-api", + "riskScore": 8.880236, + "alerts": [ + { + "id": "9f83419d-0e37-4c06-a04a-c9b5410bd2bf", + "violations": [ + { + "message": "Container 'metal3-httpd' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'metal3-ironic' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "apiserver", + "namespace": "openshift-oauth-apiserver", + "riskScore": 16.848705, + "alerts": [ + { + "id": "b6fd8160-7d05-4d24-a1ed-13de3e40d16d", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'oauth-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'oauth-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "collector", + "namespace": "rhacs-operator", + "riskScore": 21.185999, + "alerts": [ + { + "id": "b9497763-1c51-4259-8a79-d8270b7102c7", + "violations": [ + { + "message": "Container 'collector' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Container 'node-inventory' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master00", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "d3fa6725-398c-48ef-b145-2fe7ca2ee926", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "iptables-alerter", + "namespace": "openshift-network-operator", + "riskScore": 16.537315, + "alerts": [ + { + "id": "c09f83c0-60f5-4ba9-8f04-b84d81578387", + "violations": [ + { + "message": "Container 'iptables-alerter' is privileged", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master02", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "dce2a85f-7e36-49ce-9400-8c13dd3e1dbc", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "openshift-kube-scheduler-master01", + "namespace": "openshift-kube-scheduler", + "riskScore": 9.720409, + "alerts": [ + { + "id": "7ddf47fc-4f04-449b-bb98-c99c7582ae9d", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "openshift-kube-scheduler-master02", + "namespace": "openshift-kube-scheduler", + "riskScore": 9.720409, + "alerts": [ + { + "id": "e50290f2-1ec0-463d-a758-fbcaf5d25433", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "openshift-kube-scheduler-master00", + "namespace": "openshift-kube-scheduler", + "riskScore": 9.720409, + "alerts": [ + { + "id": "407e414b-d4a6-49ca-92df-4cdea9a2b641", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-scheduler-recovery-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "kube-apiserver-master01", + "namespace": "openshift-kube-apiserver", + "riskScore": 21.006182, + "alerts": [ + { + "id": "24c1bdba-9827-4fad-a267-8360f7177e55", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-regeneration-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-cert-syncer', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-check-endpoints', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-apiserver-insecure-readyz', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "ocs-client-operator-controller-manager", + "namespace": "openshift-storage", + "riskScore": 15.370989, + "alerts": [ + { + "id": "d092e2fc-7943-4e6c-bde2-072136df4a30", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'manager', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'manager', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "odf-operator-controller-manager", + "namespace": "openshift-storage", + "riskScore": 10.247326, + "alerts": [ + { + "id": "fdf44f98-69f7-4658-8415-6236dd7e8e18", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1330 (CVSS 7.4) (severity Important) found in component 'openssl-libs' (version 1:3.2.2-6.el9_5.x86_64) in container 'manager', resolved by version 1:3.2.2-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1350 (CVSS 5.9) (severity Important) found in component 'libxml2' (version 2.9.13-6.el9_4.x86_64) in container 'manager', resolved by version 0:2.9.13-6.el9_5.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "alertmanager-main", + "namespace": "openshift-monitoring", + "riskScore": 12.15051, + "alerts": [ + { + "id": "c6bf537e-f0fb-41ba-9108-78bd5373fee4", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'alertmanager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'config-reloader', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-metric', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-web', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'prom-label-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'alertmanager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'config-reloader', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-metric', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-web', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prom-label-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'alertmanager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'config-reloader', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-metric', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-web', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'prom-label-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'alertmanager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'config-reloader', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-metric', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-web', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prom-label-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "cluster-baremetal-operator", + "namespace": "openshift-machine-api", + "riskScore": 10.69245, + "alerts": [ + { + "id": "d0c914cf-4073-452c-a7ad-1ee5b4ddb388", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'baremetal-kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'cluster-baremetal-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'baremetal-kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-baremetal-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'baremetal-kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'cluster-baremetal-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'baremetal-kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'cluster-baremetal-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "package-server-manager", + "namespace": "openshift-operator-lifecycle-manager", + "riskScore": 8.019337, + "alerts": [ + { + "id": "14155df0-d510-43d0-8f46-e5109d0b8701", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'package-server-manager', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'package-server-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'package-server-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'package-server-manager', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-approver", + "namespace": "openshift-cluster-machine-approver", + "riskScore": 10.69245, + "alerts": [ + { + "id": "67b651f2-5f8f-4c95-8a09-e2648a0c7e83", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-approver-controller', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-approver-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-approver-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-approver-controller', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "machine-api-operator", + "namespace": "openshift-machine-api", + "riskScore": 9.801413, + "alerts": [ + { + "id": "66e7ce7d-24ae-4708-ba6f-48c698ff5da0", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'machine-api-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-api-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'machine-api-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'machine-api-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "telemeter-client", + "namespace": "openshift-monitoring", + "riskScore": 9.801413, + "alerts": [ + { + "id": "596dc342-b9e1-4c14-83ea-98a4cf593a33", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'reload', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'telemeter-client', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'reload', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'telemeter-client', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'reload', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'telemeter-client', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'reload', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'telemeter-client', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "node-exporter", + "namespace": "openshift-monitoring", + "riskScore": 9.720408, + "alerts": [ + { + "id": "9a66da27-8ed1-49d3-a83e-dcf5bfe0f821", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'node-exporter', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-exporter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'node-exporter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'node-exporter', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "dns-operator", + "namespace": "openshift-dns-operator", + "riskScore": 8.019337, + "alerts": [ + { + "id": "69686232-8419-47d8-b37c-e298149cd084", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'dns-operator', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'dns-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'dns-operator', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] + }, + { + "name": "thanos-querier", + "namespace": "openshift-monitoring", + "riskScore": 10.206428, + "alerts": [ + { + "id": "d803b532-b47a-423d-baa0-56f2ecb1b49d", + "violations": [ + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-metrics', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-rules', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'kube-rbac-proxy-web', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'prom-label-proxy', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:0637 (CVSS 7.5) (severity Important) found in component 'rsync' (version 3.2.3-19.el9.x86_64) in container 'thanos-query', resolved by version 0:3.2.3-19.el9_4.1", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-rules', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-web', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prom-label-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-libs' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'thanos-query', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-rules', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'kube-rbac-proxy-web', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'prom-label-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-license' (version 32:9.16.23-18.el9_4.7.noarch) in container 'thanos-query', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-metrics', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-rules', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'kube-rbac-proxy-web', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'prom-label-proxy', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + }, + { + "message": "Fixable RHSA-2025:1669 (CVSS 7.5) (severity Important) found in component 'bind-utils' (version 32:9.16.23-18.el9_4.7.x86_64) in container 'thanos-query', resolved by version 32:9.16.23-18.el9_4.9", + "keyValueAttrs": null, + "type": "GENERIC", + "time": null + } + ] + } + ] } ] } diff --git a/util-scripts/acs-correlation-example/output/sample_endpoint_policy_alert_count_output_file.json b/util-scripts/acs-correlation-example/output/sample_endpoint_policy_alert_count_output_file.json index 1b7def8..c09df9a 100644 --- a/util-scripts/acs-correlation-example/output/sample_endpoint_policy_alert_count_output_file.json +++ b/util-scripts/acs-correlation-example/output/sample_endpoint_policy_alert_count_output_file.json @@ -1,25 +1,24 @@ -//reduced size { "endpoints": [ { "endpoint_name": "ACS_Demo_Environment", - "endpoint_url": "https://central-rhacs-operator.apps.cluster11.sandbox2585.opentlc.com", + "endpoint_url": "https://central-rhacs-operator.apps.cluster2.tide.lan", "policies": { "policies": [ { - "name": "OpenShift: Central Admin Secret Accessed", + "name": "30-Day Scan Age", "severity": "MEDIUM_SEVERITY", - "description": "Alert when the Central secret is accessed.", + "description": "Alert on deployments with images that haven't been scanned in 30 days", "disabled": false, - "eventSource": "AUDIT_LOG_EVENT", - "violation_count": 1 + "eventSource": "NOT_APPLICABLE", + "violation_count": 0 }, { - "name": "OpenShift: Kubeadmin Secret Accessed", - "severity": "HIGH_SEVERITY", - "description": "Alert when the kubeadmin secret is accessed", + "name": "90-Day Image Age", + "severity": "LOW_SEVERITY", + "description": "Alert on deployments with images that haven't been updated in 90 days", "disabled": false, - "eventSource": "AUDIT_LOG_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { @@ -31,67 +30,83 @@ "violation_count": null }, { - "name": "Emergency Deployment Annotation", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments that use the emergency annotation (e.g. \"admission.stackrox.io/break-glass\": \"ticket-1234\") to circumvent StackRox Admission Controller checks", + "name": "Alpine Linux Package Manager (apk) in Image", + "severity": "LOW_SEVERITY", + "description": "Alert on deployments with the Alpine Linux package manager (apk) present", "disabled": false, "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Alpine Linux Package Manager (apk) in Image", + "name": "Alpine Linux Package Manager Execution", "severity": "LOW_SEVERITY", - "description": "Alert on deployments with the Alpine Linux package manager (apk) present", + "description": "Alert when the Alpine Linux package manager (apk) is executed at runtime", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Ubuntu Package Manager in Image", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with components of the Debian/Ubuntu package management system in the image.", + "name": "Apache Struts: CVE-2017-5638", + "severity": "CRITICAL_SEVERITY", + "description": "Alert on deployments with images containing Apache Struts vulnerability CVE-2017-5638", "disabled": false, "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Pod Service Account Token Automatically Mounted", + "name": "CAP_SYS_ADMIN capability added", "severity": "MEDIUM_SEVERITY", - "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", + "description": "Alert on deployments with containers escalating with CAP_SYS_ADMIN", "disabled": false, "eventSource": "NOT_APPLICABLE", - "violation_count": 6 + "violation_count": 0 }, { - "name": "crontab Execution", - "severity": "MEDIUM_SEVERITY", - "description": "Detects the usage of the crontab scheduled jobs editor", + "name": "chkconfig Execution", + "severity": "LOW_SEVERITY", + "description": "Detected usage of the chkconfig service manager; typically this is not used within a container", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Unauthorized Process Execution", - "severity": "HIGH_SEVERITY", - "description": "This policy generates a violation for any process execution that is not explicitly allowed by a locked process baseline for a given container specification within a Kubernetes deployment.", + "name": "Compiler Tool Execution", + "severity": "LOW_SEVERITY", + "description": "Alert when binaries used to compile software are executed at runtime", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "CAP_SYS_ADMIN capability added", + "name": "Container using read-write root filesystem", "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments with containers escalating with CAP_SYS_ADMIN", + "description": "Alert on deployments with containers with read-write root filesystem", + "disabled": true, + "eventSource": "NOT_APPLICABLE", + "violation_count": null + }, + { + "name": "Container with privilege escalation allowed", + "severity": "MEDIUM_SEVERITY", + "description": "Alerts if a deployment has containers with allowPrivilegeEscalation set to true in its security context.", "disabled": false, "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Secure Shell (ssh) Port Exposed", + "name": "crontab Execution", + "severity": "MEDIUM_SEVERITY", + "description": "Detects the usage of the crontab scheduled jobs editor", + "disabled": false, + "eventSource": "DEPLOYMENT_EVENT", + "violation_count": 0 + }, + { + "name": "Cryptocurrency Mining Process Execution", "severity": "HIGH_SEVERITY", - "description": "Alert on deployments exposing port 22, commonly reserved for SSH access.", + "description": "Cryptocurrency mining process spawned", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { @@ -103,116 +118,180 @@ "violation_count": null }, { - "name": "Fixable CVSS >= 6 and Privileged", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments running in privileged mode with fixable vulnerabilities with a CVSS of at least 6", + "name": "Deployments should have at least one ingress Network Policy", + "severity": "MEDIUM_SEVERITY", + "description": "Alerts if deployments are missing an ingress Network Policy", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Fixable CVSS >= 7", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a CVSS of at least 7", + "name": "Deployments with externally exposed endpoints", + "severity": "MEDIUM_SEVERITY", + "description": "Deployments with externally exposed endpoints represent a higher risk", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Deployments should have at least one ingress Network Policy", + "name": "Docker CIS 4.1: Ensure That a User for the Container Has Been Created", + "severity": "LOW_SEVERITY", + "description": "Containers should run as a non-root user", + "disabled": false, + "eventSource": "NOT_APPLICABLE", + "violation_count": 47 + }, + { + "name": "Docker CIS 4.4: Ensure images are scanned and rebuilt to include security patches", "severity": "MEDIUM_SEVERITY", - "description": "Alerts if deployments are missing an ingress Network Policy", + "description": "Images should be scanned frequently for any vulnerabilities. You should rebuild all images to include these patches and then instantiate new containers from them.", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Red Hat Package Manager in Image", + "name": "Docker CIS 4.7: Alert on Update Instruction", "severity": "LOW_SEVERITY", - "description": "Alert on deployments with components of the Red Hat/Fedora/CentOS package management system.", + "description": "Ensure update instructions are not used alone in the Dockerfile", "disabled": false, "eventSource": "NOT_APPLICABLE", - "violation_count": 1 + "violation_count": 0 }, { - "name": "Netcat Execution Detected", + "name": "Docker CIS 5.15: Ensure that the host's process namespace is not shared", "severity": "MEDIUM_SEVERITY", - "description": "Detects execution of netcat in a container", + "description": "The Process ID (PID) namespace isolates the process ID space, meaning that processes in different PID namespaces can have the same PID. This creates process level isolation between the containers and the host.", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", + "violation_count": 3 + }, + { + "name": "Docker CIS 5.16: Ensure that the host's IPC namespace is not shared", + "severity": "MEDIUM_SEVERITY", + "description": "IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues. The IPC namespace on the host should therefore not be shared with containers and should remain isolated.", + "disabled": false, + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Mount Container Runtime Socket", + "name": "Docker CIS 5.19: Ensure mount propagation mode is not enabled", "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments with a volume mount on the container runtime socket", + "description": "Mount propagation mode allows mounting container volumes in Bidirectional, Host to Container, and None modes. Do not use Bidirectional mount propagation mode unless explicitly needed.", "disabled": false, "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Drop All Capabilities", - "severity": "LOW_SEVERITY", - "description": "Alert when a deployment does not drop all capabilities.", + "name": "Docker CIS 5.1 Ensure that, if applicable, an AppArmor Profile is enabled", + "severity": "MEDIUM_SEVERITY", + "description": "AppArmor is an effective and easy-to-use Linux application security system. It is available on some Linux distributions by default, for example, on Debian and Ubuntu.", + "disabled": false, + "eventSource": "NOT_APPLICABLE", + "violation_count": 0 + }, + { + "name": "Docker CIS 5.21: Ensure the default seccomp profile is not disabled", + "severity": "MEDIUM_SEVERITY", + "description": "Seccomp filtering provides a means to filter incoming system calls. The default seccomp profile uses an allow list to permit a large number of common system calls, and block all others.", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Required Annotation: Email", + "name": "Docker CIS 5.7: Ensure privileged ports are not mapped within containers", + "severity": "MEDIUM_SEVERITY", + "description": "The TCP/IP port numbers below 1024 are considered privileged ports. Normal users and processes are not allowed to use them for various security reasons. Containers are, however, allowed to map their ports to privileged ports.", + "disabled": false, + "eventSource": "NOT_APPLICABLE", + "violation_count": 0 + }, + { + "name": "Docker CIS 5.9 and 5.20: Ensure that the host's network namespace is not shared", + "severity": "MEDIUM_SEVERITY", + "description": "When HostNetwork is enabled the container is not placed inside a separate network stack. The container's networking is not containerized when this option is applied. The consequence of this is that the container has full access to the host's network interfaces. It also enables a shared UTS namespace. The UTS namespace provides isolation between two system identifiers: the hostname and the NIS domain name. It is used to set the hostname and the domain which are visible to running processes in that namespace. Processes running within containers do not typically require to know either the hostname or the domain name. The UTS namespace should therefore not be shared with the host.", + "disabled": false, + "eventSource": "NOT_APPLICABLE", + "violation_count": 16 + }, + { + "name": "Drop All Capabilities", "severity": "LOW_SEVERITY", - "description": "Alert on deployments missing the 'email' annotation", + "description": "Alert when a deployment does not drop all capabilities.", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Linux Group Add Execution", + "name": "Emergency Deployment Annotation", "severity": "HIGH_SEVERITY", - "description": "Detects when the 'addgroup' or 'groupadd' binary is executed, which can be used to add a new linux group.", + "description": "Alert on deployments that use the emergency annotation (e.g. \"admission.stackrox.io/break-glass\": \"ticket-1234\") to circumvent StackRox Admission Controller checks", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Linux User Add Execution", + "name": "Environment Variable Contains Secret", "severity": "HIGH_SEVERITY", - "description": "Detects when the 'useradd', 'adduser' or 'usermod' binary is executed, which can be used to add a new linux user.", + "description": "Alert on deployments with environment variables that contain 'SECRET'", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Alpine Linux Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when the Alpine Linux package manager (apk) is executed at runtime", + "name": "Fixable CVSS >= 6 and Privileged", + "severity": "HIGH_SEVERITY", + "description": "Alert on deployments running in privileged mode with fixable vulnerabilities with a CVSS of at least 6", + "disabled": true, + "eventSource": "NOT_APPLICABLE", + "violation_count": null + }, + { + "name": "Fixable CVSS >= 7", + "severity": "HIGH_SEVERITY", + "description": "Alert on deployments with fixable vulnerabilities with a CVSS of at least 7", + "disabled": true, + "eventSource": "NOT_APPLICABLE", + "violation_count": null + }, + { + "name": "Fixable Severity at least Important", + "severity": "HIGH_SEVERITY", + "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "violation_count": 0 + "eventSource": "NOT_APPLICABLE", + "violation_count": 177 }, { - "name": "Ubuntu Package Manager Execution", + "name": "Images with no scans", + "severity": "MEDIUM_SEVERITY", + "description": "Alert on deployments with images that have not been scanned", + "disabled": true, + "eventSource": "NOT_APPLICABLE", + "violation_count": null + }, + { + "name": "Improper Usage of Orchestrator Secrets Volume", "severity": "LOW_SEVERITY", - "description": "Alert when Debian/Ubuntu package manager programs are executed at runtime", + "description": "Alert on deployments that use a Dockerfile with 'VOLUME /run/secrets'", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "chkconfig Execution", + "name": "Insecure specified in CMD", "severity": "LOW_SEVERITY", - "description": "Detected usage of the chkconfig service manager; typically this is not used within a container", + "description": "Alert on deployments using 'insecure' in the command", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Red Hat Package Manager Execution", - "severity": "LOW_SEVERITY", - "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", + "name": "iptables Execution", + "severity": "HIGH_SEVERITY", + "description": "Detects execution of iptables; iptables is a deprecated way of managing network state in containers", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", - "violation_count": 1 + "violation_count": 9 }, { "name": "Iptables or nftables Executed in Privileged Container", @@ -223,265 +302,257 @@ "violation_count": 0 }, { - "name": "iptables Execution", + "name": "Kubernetes Actions: Exec into Pod", "severity": "HIGH_SEVERITY", - "description": "Detects execution of iptables; iptables is a deprecated way of managing network state in containers", + "description": "Alerts when Kubernetes API receives request to execute command in container", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Shell Spawned by Java Application", - "severity": "HIGH_SEVERITY", - "description": "Detects execution of shell (bash/csh/sh/zsh) as a subprocess of a java application", + "name": "Kubernetes Actions: Port Forward to Pod", + "severity": "MEDIUM_SEVERITY", + "description": "Alerts when Kubernetes API receives port forward request", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Compiler Tool Execution", + "name": "Kubernetes Dashboard Deployed", "severity": "LOW_SEVERITY", - "description": "Alert when binaries used to compile software are executed at runtime", + "description": "Alert on the presence of the Kubernetes dashboard service", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Cryptocurrency Mining Process Execution", - "severity": "HIGH_SEVERITY", - "description": "Cryptocurrency mining process spawned", + "name": "Latest tag", + "severity": "LOW_SEVERITY", + "description": "Alert on deployments with images using tag 'latest'", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Network Management Execution", + "name": "Linux Group Add Execution", "severity": "HIGH_SEVERITY", - "description": "Detects execution of binaries that can be used to manipulate network configuration and management.", + "description": "Detects when the 'addgroup' or 'groupadd' binary is executed, which can be used to add a new linux group.", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "nmap Execution", + "name": "Linux User Add Execution", "severity": "HIGH_SEVERITY", - "description": "Alerts when the nmap process launches in a container during run time", + "description": "Detects when the 'useradd', 'adduser' or 'usermod' binary is executed, which can be used to add a new linux user.", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Remote File Copy Binary Execution", - "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments that execute a remote file copy tool", - "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "name": "Log4Shell: log4j Remote Code Execution vulnerability", + "severity": "CRITICAL_SEVERITY", + "description": "Alert on deployments with images containing the Log4Shell vulnerabilities (CVE-2021-44228 and CVE-2021-45046). There are flaws in the Java logging library Apache Log4j in versions from 2.0-beta9 to 2.15.0, excluding 2.12.2.", + "disabled": false, + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Secure Shell Server (sshd) Execution", + "name": "Login Binaries", "severity": "HIGH_SEVERITY", - "description": "Detects container running the SSH daemon", - "disabled": false, + "description": "Processes that indicate login attempts", + "disabled": true, "eventSource": "DEPLOYMENT_EVENT", - "violation_count": 0 + "violation_count": null }, { - "name": "systemctl Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemctl service manager", + "name": "Mount Container Runtime Socket", + "severity": "MEDIUM_SEVERITY", + "description": "Alert on deployments with a volume mount on the container runtime socket", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "violation_count": 1 + "eventSource": "NOT_APPLICABLE", + "violation_count": 0 }, { - "name": "systemd Execution", - "severity": "LOW_SEVERITY", - "description": "Detected usage of the systemd service manager", + "name": "Mounting Sensitive Host Directories", + "severity": "MEDIUM_SEVERITY", + "description": "Alert on deployments mounting sensitive host directories", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", - "violation_count": 0 + "eventSource": "NOT_APPLICABLE", + "violation_count": 34 }, { - "name": "Process Targeting Cluster Kubelet Endpoint", - "severity": "HIGH_SEVERITY", - "description": "Detects misuse of the healthz/kubelet API/heapster endpoint", + "name": "Netcat Execution Detected", + "severity": "MEDIUM_SEVERITY", + "description": "Detects execution of netcat in a container", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Process Targeting Cluster Kubernetes Docker Stats Endpoint", + "name": "Network Management Execution", "severity": "HIGH_SEVERITY", - "description": "Detects misuse of the Kubernetes docker stats endpoint", + "description": "Detects execution of binaries that can be used to manipulate network configuration and management.", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Process Targeting Kubernetes Service Endpoint", + "name": "nmap Execution", "severity": "HIGH_SEVERITY", - "description": "Detects misuse of the Kubernetes Service API endpoint", + "description": "Alerts when the nmap process launches in a container during run time", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Deployments with externally exposed endpoints", - "severity": "MEDIUM_SEVERITY", - "description": "Deployments with externally exposed endpoints represent a higher risk", - "disabled": true, - "eventSource": "NOT_APPLICABLE", - "violation_count": null - }, - { - "name": "Docker CIS 4.4: Ensure images are scanned and rebuilt to include security patches", + "name": "No CPU request or memory limit specified", "severity": "MEDIUM_SEVERITY", - "description": "Images should be scanned frequently for any vulnerabilities. You should rebuild all images to include these patches and then instantiate new containers from them.", - "disabled": true, + "description": "Alert on deployments that have containers without CPU request or memory limit", + "disabled": false, "eventSource": "NOT_APPLICABLE", - "violation_count": null + "violation_count": 0 }, { - "name": "Docker CIS 5.16: Ensure that the host's IPC namespace is not shared", + "name": "OpenShift: Central Admin Secret Accessed", "severity": "MEDIUM_SEVERITY", - "description": "IPC (POSIX/SysV IPC) namespace provides separation of named shared memory segments, semaphores and message queues. The IPC namespace on the host should therefore not be shared with containers and should remain isolated.", + "description": "Alert when the Central secret is accessed.", "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 0 + "eventSource": "AUDIT_LOG_EVENT", + "violation_count": 1 }, { - "name": "Docker CIS 5.9 and 5.20: Ensure that the host's network namespace is not shared", - "severity": "MEDIUM_SEVERITY", - "description": "When HostNetwork is enabled the container is not placed inside a separate network stack. The container's networking is not containerized when this option is applied. The consequence of this is that the container has full access to the host's network interfaces. It also enables a shared UTS namespace. The UTS namespace provides isolation between two system identifiers: the hostname and the NIS domain name. It is used to set the hostname and the domain which are visible to running processes in that namespace. Processes running within containers do not typically require to know either the hostname or the domain name. The UTS namespace should therefore not be shared with the host.", + "name": "OpenShift: Kubeadmin Secret Accessed", + "severity": "HIGH_SEVERITY", + "description": "Alert when the kubeadmin secret is accessed", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "AUDIT_LOG_EVENT", "violation_count": 0 }, { - "name": "Docker CIS 5.15: Ensure that the host's process namespace is not shared", + "name": "OpenShift: Kubernetes Secret Accessed by an Impersonated User", "severity": "MEDIUM_SEVERITY", - "description": "The Process ID (PID) namespace isolates the process ID space, meaning that processes in different PID namespaces can have the same PID. This creates process level isolation between the containers and the host.", + "description": "Alert when user impersonation is used to access a secret within the cluster.", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "AUDIT_LOG_EVENT", "violation_count": 0 }, { - "name": "90-Day Image Age", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images that haven't been updated in 90 days", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 120 + "name": "Password Binaries", + "severity": "HIGH_SEVERITY", + "description": "Processes that indicate attempts to change passwd", + "disabled": true, + "eventSource": "DEPLOYMENT_EVENT", + "violation_count": null }, { - "name": "Secure Shell (ssh) Port Exposed in Image", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments exposing port 22, commonly reserved for SSH access.", + "name": "Pod Service Account Token Automatically Mounted", + "severity": "MEDIUM_SEVERITY", + "description": "Protect pod default service account tokens from compromise by minimizing the mounting of the default service account token to only those pods whose application requires interaction with the Kubernetes API.", "disabled": false, "eventSource": "NOT_APPLICABLE", - "violation_count": 0 + "violation_count": 22 }, { - "name": "OpenShift: Kubernetes Secret Accessed by an Impersonated User", + "name": "Privileged Container", "severity": "MEDIUM_SEVERITY", - "description": "Alert when user impersonation is used to access a secret within the cluster.", + "description": "Alert on deployments with containers running in privileged mode", "disabled": false, - "eventSource": "AUDIT_LOG_EVENT", - "violation_count": 1 + "eventSource": "NOT_APPLICABLE", + "violation_count": 68 }, { - "name": "Insecure specified in CMD", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments using 'insecure' in the command", + "name": "Privileged Containers with Important and Critical Fixable CVEs", + "severity": "HIGH_SEVERITY", + "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", "disabled": false, "eventSource": "NOT_APPLICABLE", - "violation_count": 0 + "violation_count": 44 }, { - "name": "Kubernetes Dashboard Deployed", - "severity": "LOW_SEVERITY", - "description": "Alert on the presence of the Kubernetes dashboard service", + "name": "Process Targeting Cluster Kubelet Endpoint", + "severity": "HIGH_SEVERITY", + "description": "Detects misuse of the healthz/kubelet API/heapster endpoint", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Latest tag", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images using tag 'latest'", + "name": "Process Targeting Cluster Kubernetes Docker Stats Endpoint", + "severity": "HIGH_SEVERITY", + "description": "Detects misuse of the Kubernetes docker stats endpoint", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Log4Shell: log4j Remote Code Execution vulnerability", - "severity": "CRITICAL_SEVERITY", - "description": "Alert on deployments with images containing the Log4Shell vulnerabilities (CVE-2021-44228 and CVE-2021-45046). There are flaws in the Java logging library Apache Log4j in versions from 2.0-beta9 to 2.15.0, excluding 2.12.2.", + "name": "Process Targeting Kubernetes Service Endpoint", + "severity": "HIGH_SEVERITY", + "description": "Detects misuse of the Kubernetes Service API endpoint", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Login Binaries", + "name": "Process with UID 0", "severity": "HIGH_SEVERITY", - "description": "Processes that indicate login attempts", + "description": "Alert on deployments that contain processes running with UID 0", "disabled": true, "eventSource": "DEPLOYMENT_EVENT", "violation_count": null }, { - "name": "Docker CIS 5.19: Ensure mount propagation mode is not enabled", - "severity": "MEDIUM_SEVERITY", - "description": "Mount propagation mode allows mounting container volumes in Bidirectional, Host to Container, and None modes. Do not use Bidirectional mount propagation mode unless explicitly needed.", - "disabled": false, + "name": "Rapid Reset: Denial of Service Vulnerability in HTTP/2 Protocol", + "severity": "HIGH_SEVERITY", + "description": "Alert on deployments with images containing components that are susceptible to a Denial of Service (DoS) vulnerability for HTTP/2 servers.", + "disabled": true, "eventSource": "NOT_APPLICABLE", - "violation_count": 0 + "violation_count": null }, { - "name": "Unauthorized Network Flow", - "severity": "HIGH_SEVERITY", - "description": "This policy generates a violation for the network flows that fall outside baselines for which 'alert on anomalous violations' is set.", + "name": "Red Hat Package Manager Execution", + "severity": "LOW_SEVERITY", + "description": "Alert when Red Hat/Fedora/CentOS package manager programs are executed at runtime.", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Docker CIS 5.1 Ensure that, if applicable, an AppArmor Profile is enabled", - "severity": "MEDIUM_SEVERITY", - "description": "AppArmor is an effective and easy-to-use Linux application security system. It is available on some Linux distributions by default, for example, on Debian and Ubuntu.", + "name": "Red Hat Package Manager in Image", + "severity": "LOW_SEVERITY", + "description": "Alert on deployments with components of the Red Hat/Fedora/CentOS package management system.", "disabled": false, "eventSource": "NOT_APPLICABLE", - "violation_count": 0 + "violation_count": 1 }, { - "name": "No CPU request or memory limit specified", + "name": "Remote File Copy Binary Execution", "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments that have containers without CPU request or memory limit", + "description": "Alert on deployments that execute a remote file copy tool", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Images with no scans", - "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments with images that have not been scanned", + "name": "Required Annotation: Email", + "severity": "LOW_SEVERITY", + "description": "Alert on deployments missing the 'email' annotation", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Docker CIS 5.21: Ensure the default seccomp profile is not disabled", - "severity": "MEDIUM_SEVERITY", - "description": "Seccomp filtering provides a means to filter incoming system calls. The default seccomp profile uses an allow list to permit a large number of common system calls, and block all others.", + "name": "Required Annotation: Owner/Team", + "severity": "LOW_SEVERITY", + "description": "Alert on deployments missing the 'owner' or 'team' annotation", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Required Annotation: Owner/Team", + "name": "Required Image Label", "severity": "LOW_SEVERITY", - "description": "Alert on deployments missing the 'owner' or 'team' annotation", + "description": "Alert on deployments with images missing the specified label.", "disabled": true, "eventSource": "NOT_APPLICABLE", "violation_count": null @@ -495,49 +566,49 @@ "violation_count": null }, { - "name": "Password Binaries", + "name": "Secret Mounted as Environment Variable", "severity": "HIGH_SEVERITY", - "description": "Processes that indicate attempts to change passwd", + "description": "Alert on deployments with Kubernetes secret mounted as environment variable", "disabled": true, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": null }, { - "name": "Kubernetes Actions: Exec into Pod", + "name": "Secure Shell Server (sshd) Execution", "severity": "HIGH_SEVERITY", - "description": "Alerts when Kubernetes API receives request to execute command in container", + "description": "Detects container running the SSH daemon", "disabled": false, "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Kubernetes Actions: Port Forward to Pod", - "severity": "MEDIUM_SEVERITY", - "description": "Alerts when Kubernetes API receives port forward request", + "name": "Secure Shell (ssh) Port Exposed", + "severity": "HIGH_SEVERITY", + "description": "Alert on deployments exposing port 22, commonly reserved for SSH access.", "disabled": false, - "eventSource": "DEPLOYMENT_EVENT", + "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Container with privilege escalation allowed", - "severity": "MEDIUM_SEVERITY", - "description": "Alerts if a deployment has containers with allowPrivilegeEscalation set to true in its security context.", + "name": "Secure Shell (ssh) Port Exposed in Image", + "severity": "HIGH_SEVERITY", + "description": "Alert on deployments exposing port 22, commonly reserved for SSH access.", "disabled": false, "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Privileged Container", - "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments with containers running in privileged mode", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 24 + "name": "SetUID Processes", + "severity": "HIGH_SEVERITY", + "description": "Processes that are known to use setuid binaries", + "disabled": true, + "eventSource": "DEPLOYMENT_EVENT", + "violation_count": null }, { - "name": "Process with UID 0", + "name": "Shadow File Modification", "severity": "HIGH_SEVERITY", - "description": "Alert on deployments that contain processes running with UID 0", + "description": "Processes that indicate attempts to modify shadow files", "disabled": true, "eventSource": "DEPLOYMENT_EVENT", "violation_count": null @@ -551,139 +622,67 @@ "violation_count": null }, { - "name": "Rapid Reset: Denial of Service Vulnerability in HTTP/2 Protocol", - "severity": "CRITICAL_SEVERITY", - "description": "Alert on deployments with images containing components that are susceptible to a Denial of Service (DoS) vulnerability for HTTP/2 servers.", + "name": "Shell Spawned by Java Application", + "severity": "HIGH_SEVERITY", + "description": "Detects execution of shell (bash/csh/sh/zsh) as a subprocess of a java application", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Container using read-write root filesystem", - "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments with containers with read-write root filesystem", - "disabled": true, - "eventSource": "NOT_APPLICABLE", - "violation_count": null - }, - { - "name": "Required Image Label", - "severity": "LOW_SEVERITY", - "description": "Alert on deployments with images missing the specified label.", - "disabled": true, - "eventSource": "NOT_APPLICABLE", - "violation_count": null - }, - { - "name": "Docker CIS 5.7: Ensure privileged ports are not mapped within containers", - "severity": "MEDIUM_SEVERITY", - "description": "The TCP/IP port numbers below 1024 are considered privileged ports. Normal users and processes are not allowed to use them for various security reasons. Containers are, however, allowed to map their ports to privileged ports.", + "name": "Spring4Shell (Spring Framework Remote Code Execution) and Spring Cloud Function vulnerabilities", + "severity": "CRITICAL_SEVERITY", + "description": "Alert on deployments with images containing Spring4Shell vulnerability CVE-2022-22965 which affects the Spring MVC component and vulnerability CVE-2022-22963 which affects the Spring Cloud component. There are flaws in Spring Cloud Function (versions 3.1.6, 3.2.2 and older unsupported versions) and in Spring Framework (5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and older unsupported versions).", "disabled": false, "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Docker CIS 4.1: Ensure That a User for the Container Has Been Created", + "name": "systemctl Execution", "severity": "LOW_SEVERITY", - "description": "Containers should run as a non-root user", + "description": "Detected usage of the systemctl service manager", "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 1 + "eventSource": "DEPLOYMENT_EVENT", + "violation_count": 0 }, { - "name": "Improper Usage of Orchestrator Secrets Volume", + "name": "systemd Execution", "severity": "LOW_SEVERITY", - "description": "Alert on deployments that use a Dockerfile with 'VOLUME /run/secrets'", + "description": "Detected usage of the systemd service manager", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "30-Day Scan Age", - "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments with images that haven't been scanned in 30 days", + "name": "Ubuntu Package Manager Execution", + "severity": "LOW_SEVERITY", + "description": "Alert when Debian/Ubuntu package manager programs are executed at runtime", "disabled": false, - "eventSource": "NOT_APPLICABLE", + "eventSource": "DEPLOYMENT_EVENT", "violation_count": 0 }, { - "name": "Environment Variable Contains Secret", - "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with environment variables that contain 'SECRET'", + "name": "Ubuntu Package Manager in Image", + "severity": "LOW_SEVERITY", + "description": "Alert on deployments with components of the Debian/Ubuntu package management system in the image.", "disabled": false, "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, { - "name": "Secret Mounted as Environment Variable", + "name": "Unauthorized Network Flow", "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with Kubernetes secret mounted as environment variable", - "disabled": true, - "eventSource": "NOT_APPLICABLE", - "violation_count": null - }, - { - "name": "Mounting Sensitive Host Directories", - "severity": "MEDIUM_SEVERITY", - "description": "Alert on deployments mounting sensitive host directories", + "description": "This policy generates a violation for the network flows that fall outside baselines for which 'alert on anomalous violations' is set.", "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 1 - }, - { - "name": "SetUID Processes", - "severity": "HIGH_SEVERITY", - "description": "Processes that are known to use setuid binaries", - "disabled": true, "eventSource": "DEPLOYMENT_EVENT", - "violation_count": null - }, - { - "name": "Privileged Containers with Important and Critical Fixable CVEs", - "severity": "HIGH_SEVERITY", - "description": "Alert on containers running in privileged mode with important or critical fixable vulnerabilities", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 23 + "violation_count": 0 }, { - "name": "Fixable Severity at least Important", + "name": "Unauthorized Process Execution", "severity": "HIGH_SEVERITY", - "description": "Alert on deployments with fixable vulnerabilities with a Severity Rating at least Important", + "description": "This policy generates a violation for any process execution that is not explicitly allowed by a locked process baseline for a given container specification within a Kubernetes deployment.", "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 120 - }, - { - "name": "Shadow File Modification", - "severity": "HIGH_SEVERITY", - "description": "Processes that indicate attempts to modify shadow files", - "disabled": true, "eventSource": "DEPLOYMENT_EVENT", - "violation_count": null - }, - { - "name": "Spring4Shell (Spring Framework Remote Code Execution) and Spring Cloud Function vulnerabilities", - "severity": "CRITICAL_SEVERITY", - "description": "Alert on deployments with images containing Spring4Shell vulnerability CVE-2022-22965 which affects the Spring MVC component and vulnerability CVE-2022-22963 which affects the Spring Cloud component. There are flaws in Spring Cloud Function (versions 3.1.6, 3.2.2 and older unsupported versions) and in Spring Framework (5.3.0 to 5.3.17, 5.2.0 to 5.2.19 and older unsupported versions).", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 0 - }, - { - "name": "Apache Struts: CVE-2017-5638", - "severity": "CRITICAL_SEVERITY", - "description": "Alert on deployments with images containing Apache Struts vulnerability CVE-2017-5638", - "disabled": false, - "eventSource": "NOT_APPLICABLE", - "violation_count": 0 - }, - { - "name": "Docker CIS 4.7: Alert on Update Instruction", - "severity": "LOW_SEVERITY", - "description": "Ensure update instructions are not used alone in the Dockerfile", - "disabled": false, - "eventSource": "NOT_APPLICABLE", "violation_count": 0 }, {