Update grpc to to the next version to address CVEs

Description

CVE-2023-1428 & CVE-2023-32731 identified as part of powered by vulnerabilities require a version bump of grpc to grpc 1.58.0 to address the issues. This task is to take care of the version bump of grpc.

Acceptance / Success Criteria

None

Linked issues

is duplicated by

NMS-16299

upgrade grpc/grpc-protobuf to newer version

Activity

Show:

Nishtha Kaura October 23, 2023 at 7:05 PM
Edited

Reviewed by Information Security

CVSS AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C/CR:H/IR:H/AR:H/MAV:X/MAC:X/MPR:X/MUI:X/MS:X/MC:X/MI:X/MA:X

CVSS score 8.1 x likelihood moderate 0.8 = 6.5 medium

Nishtha Kaura October 23, 2023 at 7:00 PM

Is there a reasoning for using Version 1.58 and not 1.59 which is the latest version that is out and has a version bump of grpc. Maybe the scanner hasn’t incorporated the latest version?

Fixed

Details
Assignee
Chandra Gorantla
Reporter
Veena Kannan
Labels
bugfixslapoweredbysecurity-medium
HB Grooming Date
Oct 12, 2023
HB Backlog Status
Refined Backlog
Sprint
None
Fix versions
Meridian-2023.1.21
Meridian-2024.1.5
33.0.9
Priority
Trivial
Parent
NMS-16177 PoweredBy-2023 vulnerabilities reported 3Q2023

PagerDuty

Created October 12, 2023 at 5:20 PM

Updated October 7, 2024 at 5:59 PM

Resolved September 26, 2024 at 6:56 PM

Configure

Update grpc to to the next version to address CVEs

Description

Acceptance / Success Criteria

Linked issues

is duplicated by

Activity

Nishtha Kaura October 23, 2023 at 7:05 PMEdited

Nishtha Kaura October 23, 2023 at 7:00 PM

Details

Assignee

Reporter

Labels

HB Grooming Date

HB Backlog Status

Sprint

Fix versions

Priority

Parent

PagerDutyPagerDuty Incident

PagerDuty

Nishtha Kaura October 23, 2023 at 7:05 PM
Edited

PagerDuty