Security Bulletins
The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX airgap solution and third-party component vulnerabilities, which we have become aware of. These vulnerabilities are discovered via our Bug Bounty program, our security monitoring program, or reported to us by our supply chain.
The CVSS Severity is provided by either the third-party service provider, or NIST CVE. We do not provide the criticality score for third-party components. Previous security bulletins are available in the Security Bulletins Archive.
To fix all the vulnerabilities impacting your products, we recommends patching your instances to the latest version regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and workarounds where applicable.
Click on the CVE ID to view the full details of the vulnerability.
CVE ID | Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type | CVSS Severity | Status |
---|---|---|---|---|---|---|
CVE-2023-52425 | 02/04/2024 | 06/14/2024 | Palette 4.4.8 | Third-party component: vSphere-CSI | 7.5 | 🔍 Ongoing |
CVE-2024-21626 | 1/3/24 | 2/18/24 | Palette 4.4.8 | Third-party component: kube-proxy | 8.6 | 🔍 Ongoing |
CVE-2022-41723 | 2/28/23 | 11/25/23 | Palette 4.4.8 | Third-party component: CoreDNS | 7.5 | 🔍 Ongoing |
GHSA-m425-mq94-257g | 10/25/23 | 10/25/23 | Palette 4.4.8 | Third-party component: CoreDNS | 7.5 | 🔍 Ongoing |
CVE-2022-4450 | 2/8/23 | 2/4/24 | Palette 4.4.8 | Third-party component: OpenSSL | 7.5 | 🔍 Ongoing |
CVE-2023-45142 | 10/12/23 | 2/18/24 | Palette 4.4.8 | Third-party component: OpenTelemetry-Go | 7.5 | 🔍 Ongoing |
CVE-2023-0464 | 3/22/23 | 6/21/24 | Palette 4.4.8 | Third-party component: OpenSSL | 7.5 | 🔍 Ongoing |
CVE-2023-39325 | 10/11/23 | 4/28/24 | Palette 4.4.8 | Third-party component: Go project | 7.5 | 🔍 Ongoing |
CVE-2023-0215 | 2/28/23 | 6/21/24 | Palette 4.4.8 | Third-party component: OpenSSL | 7.5 | 🔍 Ongoing |
CVE-2023-47108 | 11/20/23 | 11/20/23 | Palette 4.4.8 | Third-party component: OpenTelemetry-Go | 7.5 | 🔍 Ongoing |
CVE-2023-0286 | 2/8/23 | 2/4/24 | Palette 4.4.8 | Third-party component: OpenSSL | 7.4 | 🔍 Ongoing |
CVE-2020-1971 | 12/8/20 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | 5.9 | 🔍 Ongoing |
CVE-2021-3449 | 3/25/21 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | 5.9 | 🔍 Ongoing |
CVE-2021-3711 | 8/24/12 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | 9.8 | 🔍 Ongoing |
CVE-2022-0778 | 3/15/22 | 6/21/24 | Palette 4.4.8 | Third-party component: Ubuntu | 7.5 | 🔍 Ongoing |
CVE-2021-45079 | 1/31/22 | 11/6/23 | Palette 4.4.8 | Third-party component: Ubuntu | 9.1 | 🔍 Ongoing |
CVE-2023-5528 | 11/14/23 | 1/19/24 | Palette 4.4.8 | Third-party component: vSphere-CSI | 8.8 | 🔍 Ongoing |
CVE-2023-44487 | 10/10/23 | 6/27/24 | Palette 4.4.8 | Third-party component: CAPI | 7.5 | 🔍 Ongoing |
CVE-2022-25883 | 6/21/23 | 11/6/24 | Palette 4.4.8 | Third-party component: CAPI | 7.5 | 🔍 Ongoing |
CVE-2015-8855 | 1/23/17 | 1/26/12 | Palette 4.4.8 | Third-party component: CAPI | 7.5 | 🔍 Ongoing |
PRISMA-2022-0227 | 9/12/23 | 9/12/23 | Palette 4.4.8 | Third-party component: vSphere-CSI | N/A | 🔍 Ongoing |