CVE-2022-37434 & CVE-2022-0778 reported on kube-proxy container

Asking for help? Comment out what you need so we can get more information to help you!

Cluster information: Vulnerabilities reported on kube-proxy containers on etcd & master nodes.

Kubernetes version: 1.24.10
Cloud being used: (put bare-metal if not on a public cloud) AWS
Installation method: Kubeadm
Host OS: Flatcar 3374.2.4
CNI and version: calico 3.24.3
CRI and version:

Issue Description:-
Vulnerability reported [CVE-2022-37434] & [CVE-2022-0778] on kube-proxy container. Please let us know how can we remediate it…

Kube-proxy image which we are using – registry.k8s.io/kube-proxy:v1.24.10

Need to find out a way to remediate this vulnerability, as this is showing as critical.

When evaluating CVEs, you should look at whether they’re applicable even if found in the image/on the host. Neither of those vulnerabilities are applicable to kube-proxy.

If you do have to resolve them, you can either upgrade to a newer k8s version which will have an updated image base or build a new kube-proxy image.