Vulnerability Reportportworx/configmap-reload:v0.13.1

portworx/configmap-reload:v0.13.1
DIGESTsha256:17f700074823fefc3b641e234918edb124e16937b49ca7468015eecf9481743b

Executive Summary

Last scanned:

Threat Score
25/100NEEDS ATTENTION
Reputation
UNVERIFIED

This image is acceptable for production, but remediating the identified vulnerabilities is recommended to reduce the attack surface. The two highest-severity findings (CVE-2025-68121 and CVE-2025-61726) require either a non-default TLS configuration or parsing of untrusted URLs to be exploited. Disabling TLS session resumption or avoiding Config mutation eliminates CVE-2025-68121, while restricting URL input to trusted sources mitigates CVE-2025-61726. Post-exploit risks are minimal, with no severe consequences beyond the immediate findings.

Vulnerabilities

Vulnerability Log

58 total
CVE IDAdjusted SeverityPackageExploit ProbabilityRisk Context
CVE-2025-68121MEDIUM6.8
stdlib
v1.22.4
fixed in 1.24.13, 1.25.7, 1.26.0-rc.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2025-61726MEDIUM6
stdlib
v1.22.4
fixed in 1.24.12, 1.25.6
1.9%
Low-Moderate Risk
Directly ExposedContext importance: MEDIUM
CVE-2024-34158MEDIUM5.9
stdlib
v1.22.4
fixed in 1.22.7, 1.23.1
1.0%
Low-Moderate Risk
Directly Exposed
CVE-2025-4673MEDIUM5.78
stdlib
v1.22.4
fixed in 1.23.10, 1.24.4
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-47906MEDIUM5.52
stdlib
v1.22.4
fixed in 1.23.12, 1.24.6
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61727MEDIUM5.52
stdlib
v1.22.4
fixed in 1.24.11, 1.25.5
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39825MEDIUM5.52
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-32282MEDIUM5.44
stdlib
v1.22.4
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-32289MEDIUM5.18
stdlib
v1.22.4
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-61729MEDIUM5.1
stdlib
v1.22.4
fixed in 1.24.11, 1.25.5
0.5%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-25679MEDIUM5.1
stdlib
v1.22.4
fixed in 1.25.8, 1.26.1
0.7%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-27145MEDIUM5.1
stdlib
v1.22.4
fixed in 1.25.11, 1.26.4
0.9%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32280MEDIUM5.1
stdlib
v1.22.4
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32281MEDIUM5.1
stdlib
v1.22.4
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-32283MEDIUM5.1
stdlib
v1.22.4
fixed in 1.25.9, 1.26.2
0.6%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33811MEDIUM5.1
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2026-33814MEDIUM5.1
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Directly ExposedContext importance: MEDIUM
CVE-2024-34155MEDIUM5.02
stdlib
v1.22.4
fixed in 1.22.7, 1.23.1
0.8%
Theoretical Threat
Directly Exposed
CVE-2024-45336MEDIUM5.02
stdlib
v1.22.4
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2026-32288MEDIUM4.67
stdlib
v1.22.4
fixed in 1.25.9, 1.26.2
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22871MEDIUM4.59
stdlib
v1.22.4
fixed in 1.23.8, 1.24.2
0.8%
Theoretical Threat
Directly Exposed
CVE-2026-27142MEDIUM4.59
stdlib
v1.22.4
fixed in 1.25.8, 1.26.1
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39823MEDIUM4.59
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-39826MEDIUM4.59
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-22866MEDIUM4.5
stdlib
v1.22.4
fixed in 1.22.12, 1.23.6, 1.24.0-rc.3
0.3%
Theoretical Threat
Directly Exposed
CVE-2025-22873MEDIUM4.5
stdlib
v1.22.4
fixed in 1.23.9, 1.24.3
0.2%
Theoretical Threat
Directly Exposed
CVE-2025-47912MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58185MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-58187MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.9, 1.25.3
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58188MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58189MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-61723MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61724MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-61725MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.6%
Theoretical Threat
Directly Exposed
CVE-2025-61730MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.12, 1.25.6
0.3%
Theoretical Threat
Directly Exposed
CVE-2026-42505MEDIUM4.5
stdlib
v1.22.4
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.4%
Theoretical Threat
Directly Exposed
CVE-2026-42507MEDIUM4.5
stdlib
v1.22.4
fixed in 1.25.11, 1.26.4
0.4%
Theoretical Threat
Directly Exposed
CVE-2025-58186MEDIUM4.5
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2025-22870LOW3.74
stdlib
v1.22.4
fixed in 1.23.7, 1.24.1
0.4%
Theoretical Threat
Directly Exposed
CVE-2024-45341LOW3.57
stdlib
v1.22.4
fixed in 1.22.11, 1.23.5, 1.24.0-rc.2
0.5%
Theoretical Threat
Directly Exposed
CVE-2024-34156LOW2.7
stdlib
v1.22.4
fixed in 1.22.7, 1.23.1
1.1%
Low-Moderate Risk
Post-Exploit
CVE-2026-39822LOW2.39
stdlib
v1.22.4
fixed in 1.25.12, 1.26.5, 1.27.0-rc.2
0.2%
Theoretical Threat
Post-Exploit
CVE-2026-39820LOW2.29
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-39836LOW2.29
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.6%
Theoretical Threat
Post-Exploit
CVE-2026-42499LOW2.29
stdlib
v1.22.4
fixed in 1.25.10, 1.26.3
0.8%
Theoretical Threat
Post-Exploit
CVE-2026-42504LOW2.29
stdlib
v1.22.4
fixed in 1.25.11, 1.26.4
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-58183LOW2.29
stdlib
v1.22.4
fixed in 1.24.8, 1.25.2
0.4%
Theoretical Threat
Post-Exploit
CVE-2025-61728LOW2.29
stdlib
v1.22.4
fixed in 1.24.12, 1.25.6
0.6%
Theoretical Threat
Post-Exploit
CVE-2025-47907LOW2.14
stdlib
v1.22.4
fixed in 1.23.12, 1.24.6
0.4%
Theoretical Threat
Post-Exploit
CVE-2024-24791LOW2.12
stdlib
v1.22.4
fixed in 1.21.12, 1.22.5
1.4%
Low-Moderate Risk
Post-Exploit
CVE-2026-27139LOW2.12
stdlib
v1.22.4
fixed in 1.25.8, 1.26.1
0.2%
Theoretical Threat
Directly Exposed
DLA-3972-1NONE0
tzdata
2024a-0+deb11u1
fixed in 2024b-0+deb11u1
Not Applicable
DLA-4085-1NONE0
tzdata
2024a-0+deb11u1
fixed in 2025a-0+deb11u1
Not Applicable
DLA-4105-1NONE0
tzdata
2024a-0+deb11u1
fixed in 2025b-0+deb11u1
Not Applicable
DLA-4403-1NONE0
tzdata
2024a-0+deb11u1
fixed in 2025b-0+deb11u2
Not Applicable
DLA-4569-1NONE0
tzdata
2024a-0+deb11u1
fixed in 2026b-0+deb11u1
Not Applicable
CVE-2026-39824NONE0
golang.org/x/sys
v0.17.0
fixed in 0.44.0
0.1%
Theoretical Threat
Not Applicable
CVE-2025-0913NONE0
stdlib
v1.22.4
fixed in 1.23.10, 1.24.4
0.2%
Theoretical Threat
Not Applicable

Want to check another image? Run a full scan with the Docker Security Scanner.