Component,Vulnerability,AWS Assessment
cloud.google.com/go/storage:1.10.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Astorage_project&cpe_product=cpe%3A%2F%3Astorage_project%3Astorage&cpe_version=cpe%3A%2F%3Astorage_project%3Astorage%3A1.10.0,No exploitable issue. This finding only affects applications unpacking container Image manifests.
github.com/coreos/etcd:3.3.13+incompatible,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aetcd&cpe_product=cpe%3A%2F%3Aetcd%3Aetcd&cpe_version=cpe%3A%2F%3Aetcd%3Aetcd%3A3.3.13,"No exploitable issue. etcd is unused in Kubernetes CAPI controllers, only the Kubernetes API server interacts with an etcd database."
github.com/docker/distribution:2.7.1+incompatible,cpe:2.3:a:docker:docker:2.7.1,No exploitable issue. The Docker API and client are unused in a Kubernetes CAPI controller.
github.com/docker/go-units:0.4.0,cpe:2.3:a:docker:docker:0.4.0,"No exploitable issue. The Docker API and client are unused in a Kubernetes CAPI controller. All mentioned vulnerabilities relate to the Docker engine, not this package."
github.com/grpc-ecosystem/go-grpc-middleware:1.3.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.3.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
github.com/grpc-ecosystem/go-grpc-prometheus:1.2.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.2.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
github.com/grpc-ecosystem/grpc-gateway:1.16.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.16.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
github.com/hashicorp/consul/api:1.1.0,cpe:2.3:a:hashicorp:consul:1.1.0,No exploitable issue. Consul is unused by a Kubernetes CAPI controller.
github.com/hashicorp/consul/sdk:0.1.1,cpe:2.3:a:hashicorp:consul:0.1.1,No exploitable issue. Consul is unused by a Kubernetes CAPI controller.
github.com/matttproud/golang_protobuf_extensions:1.0.2-0.20181231171920-c182affec369,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agolang&cpe_product=cpe%3A%2F%3Agolang%3Aprotobuf&cpe_version=cpe%3A%2F%3Agolang%3Aprotobuf%3A1.0.2.0.20181231171920.c182.fec369,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
github.com/miekg/dns:1.0.14,cpe:2.3:a:miekg-dns_project:miekg-dns:1.0.14,No exploitable issue. Kubernetes controllers do not handle or programmatically craft DNS request.
github.com/prometheus/client_golang:1.11.0,cpe:2.3:a:prometheus:prometheus:1.11.0,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
github.com/prometheus/client_model:0.2.0,cpe:2.3:a:prometheus:prometheus:0.2.0,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
github.com/prometheus/common:0.32.1,cpe:2.3:a:prometheus:prometheus:0.32.1,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
github.com/prometheus/procfs:0.7.3,cpe:2.3:a:prometheus:prometheus:0.7.3,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
github.com/prometheus/tsdb:0.7.1,cpe:2.3:a:prometheus:prometheus:0.7.1,No exploitable issue. The mentioned vulnerability is related to the Prometheus UI.
github.com/tmc/grpc-websocket-proxy:0.0.0-20201229170055-e5319fda7802 ,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A0.0.0.20201229170055.e5319.fda7802,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
go.etcd.io/etcd/client/v2:2.305.0,cpe:2.3:a:etcd:etcd:2.305.0,"No exploitable issue. etcd is unused in Kubernetes CAPI controllers, only the Kubernetes API server interacts with an etcd database."
go.etcd.io/etcd:0.5.0-alpha.5.0.20200910180754-dd1b699fc489,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Aetcd&cpe_product=cpe%3A%2F%3Aetcd%3Aetcd&cpe_version=cpe%3A%2F%3Aetcd%3Aetcd%3A0.5.0.5.0.20200910180754.dd1.b699.fc489,"No exploitable issue. etcd is unused in Kubernetes CAPI controllers, only the Kubernetes API server interacts with an etcd database."
go.opentelemetry.io/contrib/instrumentation/google.golang.org/grpc/otelgrpc:0.20.0 ,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A0.20.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.
google.golang.org/grpc/cmd/protoc-gen-go-grpc:1.1.0,https://nvd.nist.gov/vuln/search/results?form_type=Advanced&results_type=overview&search_type=all&cpe_vendor=cpe%3A%2F%3Agrpc&cpe_product=cpe%3A%2F%3Agrpc%3Agrpc&cpe_version=cpe%3A%2F%3Agrpc%3Agrpc%3A1.1.0,No exploitable issue. Kubernetes controllers do not make or issue gRPC calls.