From 79ee1282cff6e4fba54fc8e92503e0199fffe010 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 18 Jun 2024 10:44:54 -0700
Subject: [PATCH 01/19] docs: DOC-1241

---
 .../security-bulletins/security-bulletins.md  | 28 +++++++++----------
 1 file changed, 14 insertions(+), 14 deletions(-)

diff --git a/docs/docs-content/security-bulletins/security-bulletins.md b/docs/docs-content/security-bulletins/security-bulletins.md
index b005bae912..049799fdd4 100644
--- a/docs/docs-content/security-bulletins/security-bulletins.md
+++ b/docs/docs-content/security-bulletins/security-bulletins.md
@@ -9,26 +9,26 @@ sidebar_custom_props:
 tags: ["security", "cve"]
 ---
 
-The following are security advisories for Palette and other Spectro Cloud-related resources.
+We aim to provide you with the most up-to-date information about the security of our products and services. No matter
+how carefully engineered the services are, from time to time, it may be necessary to notify you of security and privacy
+events with our services, including the security notifications we receive related to the third-party components we
+utilize in our products and services.
 
-Our security advisories follow the
-[CVSS standards](https://www.first.org/cvss/v3.1/specification-document#Qualitative-Severity-Rating-Scale).
+## Security Bulletins
 
-| Rating   | CVSS Score |
-| -------- | ---------- |
-| None     | 0.0        |
-| Low      | 0.1 - 3.9  |
-| Medium   | 4.0 - 6.9  |
-| High     | 7.0 - 8.9  |
-| Critical | 9.0 - 10.0 |
+We release security bulletins on a monthly and ad-hoc basis addressing security vulnerabilities in our software or
+related third-party components, describing their remediation when available, and providing links to the applicable
+updates for affected software when available.
 
-You can review Common Vulnerabilities and Exposures (CVE) for Palette in [CVE Reports](cve-reports.md). An index of all
-Palette-related CVEs is availaable in the [CVE Index](cve-index.md).
+## Security Advisories
+
+Security Advisories are a supplement to the Security Bulletins. They address security changes that may not require a
+security bulletin but may still affect our customers' overall security. Security Advisories are a way for us to
+communicate security information to you about issues that may not be classified as vulnerabilities and may not require a
+security bulletin.
 
 ## Resources
 
 - [CVE Reports](cve-reports.md)
 
 - [CVE Index](cve-index.md)
-
-<br />

From 5582ec56646146af21f6b7ef846c86aa4d3c101f Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Thu, 20 Jun 2024 14:32:28 -0700
Subject: [PATCH 02/19] docs: draft

---
 .../registries-and-packs}/cve-index.md        |    0
 .../security-bulletins/cve-reports.md         | 1024 +---------------
 .../security-bulletins/security-bulletins.md  |    4 +-
 docs/docs-content/unlisted/cve-reports.md     | 1027 +++++++++++++++++
 redirects.js                                  |    4 +
 5 files changed, 1047 insertions(+), 1012 deletions(-)
 rename docs/{docs-content/security-bulletins => deprecated/registries-and-packs}/cve-index.md (100%)
 create mode 100644 docs/docs-content/unlisted/cve-reports.md

diff --git a/docs/docs-content/security-bulletins/cve-index.md b/docs/deprecated/registries-and-packs/cve-index.md
similarity index 100%
rename from docs/docs-content/security-bulletins/cve-index.md
rename to docs/deprecated/registries-and-packs/cve-index.md
diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 1cf4a5b55c..620f808cef 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -11,1016 +11,22 @@ tags: ["security", "cve"]
 
 # Security Bulletins
 
-<!-- COPY THIS SECTION AND FILL OUT THE TEMPLATE. DO NOT REPLACE THIS SECTION.
-                  NEW CONTENT GOES AT THE TOP OF THE FILE
+This page lists the security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette and VerteX.
 
-## Title
-_Include the datea and the CVE description and score.
-Example: March 20, 2023 - CVE-2023-22809 Sudo Vulnerability in Palette - 7.8 CVSS
+:::info
 
-### Impact
-_What kind of vulnerability is it? Who is impacted?_ What Palette versions are affected?
+Previous security bulletins are available in the [Security Bulletins Archive](../unlisted/cve-reports.md).
 
-### Patches
-_Has the problem been patched? What versions should users upgrade to?_
+:::
 
-### Workarounds
-_Is there a way for users to fix or remediate the vulnerability without upgrading?_
-
-### References
-_Are there any links users can visit to find out more?_
-
--->
-
-## June 3, 2024 - CVE-2024-23652 BuildKit Vulnerable to Possible Host System Access from Mount Stub Cleaner - 9.1 CVSS
-
-A vulnerability found in BuildKit can potentially allow malicious BuildKit frontends and Dockerfiles to remove files
-from the host system outside the container by using the `RUN --mount` command.
-
-### Impact
-
-No impact. Palette and VerteX do not use the impacted symbol.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2024-23652](https://nvd.nist.gov/vuln/detail/CVE-2024-23652)
-- [GO-2024-2494](https://pkg.go.dev/vuln/GO-2024-2494)
-
-<br />
-
-## June 3, 2024 - CVE-2024-23653 BuildKit Interactive Container API Does Not Validate Privileges - 9.8 CVSS
-
-A vulnerability was found in the BuildKit API for running interactive containers. In addition to running containers as
-build steps, the API allowed running containers with elevated privileges.
-
-### Impact
-
-No impact. Palette and VerteX do not use the impacted symbol.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2024-23653](https://nvd.nist.gov/vuln/detail/CVE-2024-23653)
-- [GO-2024-2497](https://pkg.go.dev/vuln/GO-2024-2497)
-
-<br />
-
-## June 3, 2024 - CVE-2023-49569 Path Traversal and RCE Vulnerability in Go-Git Versions Before v5.11 - 9.8 CVSS
-
-A path traversal vulnerability discovered in Go-Git can allow attackers to create and amend files across the file system
-and, potentially, remotely execute malicious code. Only those applications that use
-[ChrootOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS) are affected.
-
-This is a Go-Git implementation vulnerability, and it does not affect the upstream git CLI.
-
-### Impact
-
-No impact. Palette and VerteX do not use the impacted symbols.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-49569](https://nvd.nist.gov/vuln/detail/CVE-2023-49569)
-- [GO-2024-2456](https://pkg.go.dev/vuln/GO-2024-2456)
-
-<br />
-
-## April 14, 2024 - CVE-2023-24534 HTTP and MIME Header Parsing Can Allocate Large Amounts of Memory - 7.5 CVSS
-
-HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading
-to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME
-headers to allocate substantially more memory than required to hold the parsed headers.
-
-An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request,
-potentially leading to memory exhaustion and a denial of service. With the fix, header parsing now correctly allocates
-only the memory required to hold parsed headers.
-
-### Impact
-
-Low.
-
-### Patches
-
-Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534)
-
-<br />
-
-## April 14, 2024 - CVE-2023-24536 MIME/Multipart Form Parsing Can Consume Large Amounts of CPU and Memory - 7.5 CVSS
-
-Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing large numbers
-of parts. This can be caused by several reasons:
-
-- `mime/multipart.Reader.ReadForm` limits the total memory a parsed multipart form can consume. `ReadForm` can
-  undercount the amount of memory consumed, leading it to accept larger inputs than intended.
-- Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small
-  allocations in forms with many parts.
-- `ReadForm` can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector.
-
-The combination of these factors can allow an attacker to cause a program that parses multipart forms to consume large
-amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use
-`mime/multipart.Reader.ReadForm` and form parsing in the `net/http` package with the request methods `FormFile`,
-`FormValue`, `ParseMultipartForm`, and `PostFormValue`. With the fix, `ReadForm` now better estimates the memory
-consumption of parsed forms and performs fewer short-lived allocations. In addition, the fixed `mime/multipart.Reader`
-imposes the following limits on the size of parsed forms:
-
-- Forms parsed with `ReadForm` may contain no more than 1000 parts. This limit can be adjusted with the environment
-  variable `GODEBUG=multipartmaxparts=`.
-- Form parts parsed with `NextPart` and `NextRawPart` may contain no more than 10,000 header fields. In addition, forms
-  parsed with `ReadForm` may contain no more than 10,000 header fields across all parts. This limit may be adjusted with
-  the environment variable `GODEBUG=multipartmaxheaders=`.
-
-### Impact
-
-Low.
-
-### Patches
-
-Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536)
-
-<br />
-
-## April 14, 2024 - CVE-2023-26159 Improper Input Validation Due to Improper Handling of URLs - 6.1 CVSS
-
-Versions of the `follow-redirects` package prior to 1.15.4 are vulnerable to Improper Input Validation due to the
-improper handling of URLs by the `url.parse()` function. When `new URL()` throws an error, it can be manipulated to
-misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially
-leading to information disclosure, phishing attacks, or other security breaches.
-
-### Impact
-
-Low impact. The Palette management platform's MongoDB service sidecar is not exposed publicly and does not accept user
-input.
-
-### Patches
-
-Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-26159](https://nvd.nist.gov/vuln/detail/CVE-2023-26159)
-
-<br />
-
-## April 14, 2024 - CVE-2023-5764 Ansible Template Injection Vulnerability - 7.8 CVSS
-
-A template injection flaw was found in Ansible. It occurs when internal templating operations of a user's controller
-remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to
-introduce code injection when supplying templating data.
-
-### Impact
-
-No impact. The Palette node agent service does not accept or parse any provided user data.
-
-### Patches
-
-Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-5764](https://nvd.nist.gov/vuln/detail/CVE-2023-5764)
-
-<br />
-
-## April 14, 2024 - CVE-2023-42282 SSRF Vulnerability in Node.js - 9.8 CVSS
-
-Node.js IP packages before version 1.1.9 may allow Server-Side Request Forgery (SSRF). This might happen because certain
-IP addresses, such as `0x7f.1`, are improperly categorized as globally routable by the `isPublic` function.
-
-### Impact
-
-Low impact. The Palette management platform's MongoDB service sidecar is not exposed publicly and does not accept user
-input.
-
-### Patches
-
-Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-42282](https://nvd.nist.gov/vuln/detail/CVE-2023-42282)
-
-<br />
-
-## April 2, 2024 - CVE-2024-3094 Malicious Code in XZ Utility - 10 CVSS
-
-Malicious code was discovered in the upstream tarballs of the XZ utility, starting with version 5.6.0, contain malicious
-code. This code is hidden within a test file in the source code and is extracted by the liblzma build process. The code
-then modifies specific functions in the liblzma library, resulting in a modified version of the library. Any software
-that links against this modified library may have its data interaction intercepted and modified. You can learn more
-about the vulnerability in the [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094) reference page.
-
-#### Impact
-
-No impact. None of the OS distributions supported by Palette use the impacted versions of the XZ utils package. Below
-are the links to the security advisories for all the Palette supported OS distributions:
-
-- [Ubuntu 20.04, 22.04, 23.10](https://ubuntu.com/security/CVE-2024-3094)
-- [RHEL 8](https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users)
-- [OpenSUSE Leap](https://www.suse.com/c/suse-addresses-supply-chain-attack-against-xz-compression-library/)
-- [SLE Micro](https://www.suse.com/c/suse-addresses-supply-chain-attack-against-xz-compression-library/)
-
-#### Patches
-
-Not Applicable
-
-### Workarounds
-
-Not Applicable
-
-#### References
-
-- [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094)
-- [Ubuntu CVE Disclosure](https://ubuntu.com/security/CVE-2024-3094)
-- [RedHat CVE Disclosure](https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users)
-- [SUSE CVE Disclosure](https://www.suse.com/c/suse-addresses-supply-chain-attack-against-xz-compression-library/)
-
-<br />
-
-## January 10, 2024 - CVE-2023-39323 Bypass CGO Restrictions - 8.1 CVSS
-
-Line directives `//line` can be used to bypass the restrictions on `//go:cgo_` directives, allowing blocked linker and
-compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when issuing
-the command `go build`. The line directive requires the absolute path of the file in which the directive resides, which
-makes exploiting this issue significantly more complex.
-
-#### Impact
-
-No impact. This is not a runtime issue and we do not compile untrusted code.
-
-#### Patches
-
-Not Applicable
-
-### Workarounds
-
-Not Applicable
-
-#### References
-
-- [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323)
-
-<br />
-
-## January 10, 2024 - CVE-2023-45283 Filepath Package and Special Prefixes - 7.5 CVSS
-
-The filepath package does not recognize paths with a `\??\` prefix as special. On Windows, a path beginning with `\??\`
-is a Root Local Device (RDL) path equivalent to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
-access arbitrary locations on the system. For example, the path `\??\c:\x` is equivalent to the more common path `c:\x`.
-
-Before the fix, the `Clean` function could convert a rooted path such as `\a\..\??\b` into the RDL path `\??\b`. `Clean`
-will now convert this to `.\??\b`. Similarly, before the fix, `Join(\, ??, b)` could convert a seemingly innocent
-sequence of path elements into the RDL path \??\b. Join will now convert this to `\.\??\b`.
-
-In the fix version, the function `IsAbs` now correctly reports paths beginning with `\??\` as absolute, and VolumeName
-correctly reports the `\??\` prefix as a volume name.
-
-Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with `\?`,
-resulting in `filepath.Clean(\?\c:)` returning `\?\c:` rather than `\?\c:\` among other effects. The previous expected
-behavior has been restored in the new version releases.
-
-#### Impact
-
-No impact. This only impacts Windows and Palette does not use Windows operating systems for runtime operations.
-
-#### Patches
-
-Not Applicable
-
-### Workarounds
-
-Not Applicable
-
-#### References
-
-- [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45283)
-
-<br />
-
-## January 10, 2024 - CVE-2023-45285 Insecure Fetching of Go Modules - 7.5 CVSS
-
-Using the command `go get` to fetch a module with the `.git` suffix may unexpectedly fallback to the insecure `git://`
-protocol if the module is unavailable via the secure `https://` and `git+ssh://` protocols, even if `GOINSECURE` is not
-set for said module. This only affects users who are not using the module proxy and are fetching modules directly and
-bypassing the Go proxy with `GOPROXY=off`.
-
-#### Impact
-
-No impact. This is not a runtime issue and we do not use any dependent module with `.git` suffix.
-
-#### Patches
-
-Not Applicable
-
-### Workarounds
-
-Not Applicable
-
-#### References
-
-- [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285)
-
-<br />
-
-## January 10, 2024 - CVE-2023-39325 Excessive Server Resource Consumption - 7.5 CVSS
-
-A malicious HTTP/2 client that rapidly creates requests and immediately resets them can cause excessive server resource
-consumption. While the total number of requests is bounded by the `http2.Server.MaxConcurrentStreams` setting, resetting
-an in-progress request allows the attacker to create a new request while the existing one is still executing.
-
-With the fix applied, HTTP/2 servers are now bound by the number of simultaneously executing handler goroutines to the
-stream concurrency limit `MaxConcurrentStreams`.
-
-If a client sends a new request when the server is already processing the maximum number of requests, the new request
-will be queued and wait for a handler to become available. However, if the queue of pending requests grows too large,
-the server will terminate the connection. This will happen only after the client has reset an existing request that is
-still being processed by the server.
-
-This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency
-limit is 250 streams requests per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2
-package. Refer to the `Server.MaxConcurrentStreams` setting and the `ConfigureServer` function for more details.
-
-#### Impact
-
-All Palette and VerteX releases prior to version 4.2.0 are impacted. The impact is largely mitigated as Palette and
-VerteX already have IP address based rate limit.
-
-#### Patches
-
-Palette and VerteX version 4.1.0 includes the fix for all the services using the HTTP/2 protocol.
-
-### Workarounds
-
-No workaround available. Impact is largely mitigated by the rate limits on the API requests. Refer to the
-[API Rate Limit](/api/introduction#rate-limits) documentation for more information.
-
-#### References
-
-- [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
-
-<br />
-
-## January 10, 2024 - CVE-2023-5363 Potential Truncation of Symmetric Ciphers - 7.5 CVSS
-
-A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential
-truncation or overruns during the initialisation of some symmetric ciphers.
-
-#### Impact
-
-Not Applicable. Impacting symbols defined in the CVE are not used.
-
-#### Patches
-
-Not Applicable
-
-### Workarounds
-
-Not Applicable
-
-#### References
-
-- [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363)
-
-<br />
-
-## January 10, 2024 - CVE-2019-0190 Denial of service - 7.5 CVSS
-
-A bug exists in the way `mod_ssl` handled client renegotiations. A remote attacker could send a carefully crafted
-request that would cause `mod_ssl` to enter a loop leading to a denial of service. This bug can be only triggered with
-Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to
-handling of renegotiation attempts.
-
-#### Impact
-
-Not Applicable. Apache HTTP server with OpenSSL 1.1.1 or later is not used.
-
-#### Patches
-
-Not Applicable
-
-### Workarounds
-
-Not Applicable
-
-#### References
-
-- [CVE-2019-0190](https://nvd.nist.gov/vuln/detail/CVE-2019-0190)
-
-<br />
-
-## January 10, 2024 - CVE-2022-4886 Nginx Path Sanitization Bypass - 8.8 CVSS
-
-The Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller path sanitization feature can be
-bypassed with the `log_format` directive.
-
-#### Impact
-
-No impact on Palette SaaS, self-hosted Palette, or VerteX deployments. We do not allow end user to create or update
-ingress objects. Tenant clusters using the Nginx ingress controller pack with versions older than v1.8.0 may be impacted
-if they expose the ability for end users to create or update ingress objects.
-
-#### Patches
-
-No fix is available yet, but there is a remediation available starting with Nginx ingress controller v1.8.0. The Nginx
-ingress controller pack is available with a newer version v1.9.4. The newer version has `enable-annotation-validation`
-set to `true` by default.
-
-### Workarounds
-
-Starting with Nginx version v1.8.0, ingress administrators can set the `--strict-validate-path-type` flag to `true` to
-validate ingress rules having `pathType` as "Exact" or "Prefix". If the `pathType` is `ImplementationSpecific` then an
-admission controller policy is required to filter out the malicious path. Check out the
-[OpenPolicyAgent and pathType enforcing](https://kubernetes.github.io/ingress-nginx/examples/openpolicyagent/)
-documentation for more information.
-
-Tenant clusters using older Nginx ingress controller packs can upgrade to version v1.9.4 which has
-`strict-validate-path-type` set to `true` by default.
-
-#### References
-
-- [CVE-2022-4886](https://nvd.nist.gov/vuln/detail/CVE-2022-4886)
-
-<br />
-
-## January 10, 2024 - CVE-2023-5043 Ingress Nginx Annotation Injection - 8.8 CVSS
-
-The Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller annotations can be used to inject
-arbitrary commands that are later executed.
-
-#### Impact
-
-No impact on Palette SaaS, self-hosted Palette and VerteX deployments. We do not allow end user to create or update
-ingress objects. Tenant clusters using the Nginx ingress controller pack with versions older than v1.8.0 may be impacted
-if they expose the ability for end users to create or update ingress objects.
-
-#### Patches
-
-No fix is available yet, but there is a remediation available starting with Nginx ingress controller v1.9.0. The Nginx
-ingress controller pack is available with a newer version v1.9.4. The new version has `enable-annotation-validation` set
-to `true` by default.
-
-### Workarounds
-
-Starting with Nginx version v1.9.0, Ingress administrators should set the `--enable-annotation-validation` flag to
-enforce restrictions on the contents of ingress-nginx annotation fields. Tenant clusters using older Nginx ingress
-controller pack versions can upgrade the pack to version 1.9.4 which has `enable-annotation-validation` set to `true` by
-default.
-
-#### References
-
-- [CVE-2023-5043](https://nvd.nist.gov/vuln/detail/CVE-2023-5043)
-
-<br />
-
-## January 10, 2024 - CVE-2023-5044 Ingress Nginx Annotation Injection - 8.8 CVSS
-
-The Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller
-`nginx.ingress.kubernetes.io/permanent-redirect` annotation can be used to inject arbitrary commands that are later
-executed.
-
-#### Impact
-
-No impact on Palette SaaS, self-hosted Palette and VerteX deployments. We do not allow end user to create or update
-ingress objects. Tenant clusters using nginx ingress controller pack with versions older than v1.8.0 may be impacted if
-they are expose the ability for end users to create or update ingress objects.
-
-#### Patches
-
-No fix is available yet, but there is a remediation available starting with Nginx ingress controller version 1.9.0. The
-Nginx ingress controller pack is available with version v1.9.4. The newer version has `enable-annotation-validation` set
-to `true` by default.
-
-### Workarounds
-
-Starting with Nginx version 1.9.0, ingress administrators should set the `--enable-annotation-validation` flag to
-enforce restrictions on the contents of ingress-nginx annotation fields. Tenant clusters using older Nginx ingress
-controller packs can upgrade to version v1.9.4 which has `enable-annotation-validation` set to `true` by default.
-
-#### References
-
-- [CVE-2023-5044](https://nvd.nist.gov/vuln/detail/CVE-2023-5044)
-
-<br />
-
-## October 17, 2023 - CVE-2023-4911 Buffer Overflow in Dynamic Loader - 7.8 CVSS
-
-A buffer overflow was discovered in the GNU C Library’s dynamic loader `ld.so` while processing the `GLIBC_TUNABLES`
-environment variable. This issue could allow a local attacker to use maliciously crafted `GLIBC_TUNABLES` environment
-variables when launching binaries with `SUID` permission to execute code with elevated privileges.
-
-#### Impact
-
-All internal Palette and VerteX microservices are not impacted as the binaries are compiled using
-[musl](https://musl.libc.org). This vulnerability, from an OS perspective, cannot be exploited without a remote code
-execution exploit.
-
-#### Patches
-
-Palette version 4.1.0 includes the security patch for the vulnerability.
-
-#### Workarounds
-
-Self-hosted instances of Palette and VerteX need to upgrade to version 4.1.0 or greater. Tenant Clusters and Private
-Cloud Gateways can be patched using the on-demand or scheduled OS security patches apply feature. Refer to the
-[OS Patching](../clusters/cluster-management/os-patching.md) documentation for more information.
-
-#### References
-
-- [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)
-
-<br />
-
-## October 11, 2023 - CVE-2023-44487 HTTP/2 Denial of Service - 7.5 CVSS
-
-The HTTP/2 protocol may be used to create a denial of service and cause a server to exhaust all of its allocated
-resources. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive
-server resource consumption.
-
-#### Impact
-
-All Palette and VerteX releases prior to version 4.1.0 are impacted. The impact is largely mitigated as Palette and
-VerteX already has IP address based rate limit.
-
-#### Patches
-
-Palette and VerteX version 4.1.0 includes the fix for all the services using HTTP/2 protocol.
-
-### Workarounds
-
-No workaround available. Impact is largely mitigated by the rate limits on the API requests. Refer to the
-[API Rate Limit](/api/introduction#rate-limits) documentation for more information.
-
-#### References
-
-- [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
-
-<br />
-
-## October 6, 2023 - CVE-2023-32002 NodeJS Modules Policy Bypass - 9.8 CVSS
-
-The use of the Module library's `Module._load()` function can be used to bypass the defined policy mechanism and require
-external modules not defined in the **policy.json** file for a given module. This vulnerability affects all users using
-the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Note that at the time this CVE was
-issued, the policy is an experimental feature of Node.js.
-
-#### Impact
-
-No impact since the impacted function is not used by Palette.
-
-#### Patches
-
-Not Applicable
-
-#### Workarounds
-
-Not Applicable
-
-#### References
-
--- [CVE-2023-32002](https://nvd.nist.gov/vuln/detail/CVE-2023-32002)
-
-<br />
-
-## September 25, 2023 - CVE-2023-42810 - NodeJS SSID Command Injection Vulnerability - 9.8 CVSS
-
-The NodeJS system information library, `systeminformation`, has an SSID command injection vulnerability. The affected
-versions are v5.0.0 to v5.21.6. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check
-or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()`.
-
-#### Impact
-
-No impact since the impacted functions are not used.
-
-#### Patches
-
-Not Applicable
-
-#### Workarounds
-
-Not Applicable
-
-#### References
-
-- [CVE-2023-42810](https://nvd.nist.gov/vuln/detail/CVE-2023-42810)
-
-<br />
-
-## September 25, 2023 - CVE-2023-4863 Libwebp Programs Terminations - 8.8 CVSS
-
-A heap buffer overflow in the library, `libwebp`, allows a remote attacker to perform an out of bounds memory write via
-a crafted HTML page. This vulerability is present with the combination of Google Chrome prior to versions 116.0.5845.187
-with `libwebp` version 1.3.2. This is Chromium security severity that is marked as Critical.
-
-#### Impact
-
-No impact since `libwebp` is not used on any of the Palette container images. This vulnerability, from an OS perspective
-OS, a cannot be exploited without a remote code execution exploit.
-
-#### Patches
-
-Release 4.1.0 of self-hosted Palette and VerteX deployment include the security patch for the CVE.
-
-#### Workarounds
-
-Self-hosted instances of Palette and VerteX need to upgrade to version 4.1.0 or greater. Tenant Clusters and Private
-Cloud Gateways can be patched using the on-demand or scheduled OS security patches apply feature. Refer to the
-[OS Patching](../clusters/cluster-management/os-patching.md) documentation for more information.
-
-#### References
-
-- [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863)
-
-<br />
-
-## September 01, 2023 - CVE-2023-22809 Sudo Vulnerability - 7.8 CVSS
-
-The sudo program version 1.9.12p2 and earlier mishandles extra arguments passed in the user-provided environment
-variables `SUDO_EDITOR`, `VISUAL`, and `EDITOR` when the `sudoedit` command is executed.
-
-The mishandling allows a local attacker to append arbitrary entries to the list of files to process. This can lead to
-privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor
-may contain the `--` argument that defeats a protection mechanism. For example, an attacker may issue the following
-command `EDITOR='vim -- /path/to/extra/file` value.
-
-### Impact
-
-This vulnerability affects the following Palette components:
-
-- Self-hosted Palette instances with versions older than 4.0.0
-
-- Private Cloud Gateways instances with versions older than 4.0.0
-
-- Clusters deployed with Palette versions older than 4.0.0
-
-### Patches
-
-For self-hosted Palette environments, upgrade to Palette version 4.0.0 or greater. Upgrading Palette will automatically
-update the OS.
-
-### Workarounds
-
-For clusters and Private Cloud Gateways, patch the OS. You can use the on-demand or scheduled features to apply the OS
-security patches. Refer to the [OS Patching](../clusters/cluster-management/os-patching.md) documentation for more
-information.
-
-<br />
-
-### References
-
-- [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/cve-2023-22809)
-
-<br />
-
-## September 01, 2023 - CVE-2023-38408 OpenSSH Vulnerability - 9.8 CVSS
-
-The PKCS#11 feature in the OpenSSH ssh-agent before version 9.3p2 has an insufficiently trustworthy search path. This
-may lead to remote code execution if an agent is forwarded to an attacker-controlled system. Code in the folder
-**/usr/lib** may be unsafe to load into the ssh-agent. This issue exists because of an incomplete fix for
-[CVE-2016-10009](https://nvd.nist.gov/vuln/detail/cve-2016-10009).
-
-### Impact
-
-This vulnerability affects the following Palette components:
-
-- Self-hosted Palette instances with versions older than 4.0.0
-
-- Private Cloud Gateways instances with versions older than 4.0.0
-
-- Clusters deployed with Palette versions older than 4.0.0
-
-### Patches
-
-- For self-hosted Palette environments, upgrade to Palette version 4.0.0 or greater. Upgrading Palette will
-  automatically update the Operating System (OS).
-
-### Workarounds
-
-- For clusters and Private Cloud Gateways, patch the OS. You can use the on-demand or scheduled features to apply the OS
-  security patches. Refer to the [OS Patching](../clusters/cluster-management/os-patching.md) documentation for more
-  information.
-
-### References
-
-- [CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408)
-
-<br />
-
-## September 01, 2023 - CVE-2023-29400 - HTML Template Vulnerability Security Advisory - 7.3 CVSS
-
-When using Go templates with actions in unquoted HTML attributes, such as `attr={{.}}`, unexpected output may occur due
-to HTML normalization rules if invoked with an empty input. This may allow the injection of arbitrary attributes into
-tags.
-
-### Impact
-
-No impact. We use the Go package [html/template](https://pkg.go.dev/html/template) and our HTML templates are static.
-Our templates do not contain characters mentioned in the CVE. We also do not accept or parse any provided user data
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400)
-
-- [GO-2023-1753](https://pkg.go.dev/vuln/GO-2023-1753)
-
-<br />
-
-## September 01, 2023 - CVE-2023-24539 - HTML Template Vulnerability Security Advisory - 7.3 CVSS
-
-Angle brackets `<>` are not considered dangerous characters when inserted into Cascading Style Sheets (CSS) contexts. Go
-templates containing multiple actions separated by a `/` character can result in unexpectedly closing the CSS context
-and allowing for the injection of unexpected HTML if executed with untrusted input.
-
-### Impact
-
-No impact. We use the Go package [html/template](https://pkg.go.dev/html/template) and our HTML templates are static. We
-also do not accept or parse any provided user data.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539)
-
-- [GO-2023-1751](https://pkg.go.dev/vuln/GO-2023-1751)
-
-<br />
-
-## September 01, 2023 - CVE-2023-24538 - HTML Template Vulnerability - Security Advisory - 9.8 CVSS
-
-Go templates do not consider backticks as a Javascript string delimiter and, as a result, do not escape them as
-expected. Backticks have been used since ES6 for JS template literals. If a Go template contains an action within a
-literal Javascript template, the action's contents can be used to terminate the literal and potentially inject arbitrary
-Javascript code into the Go template.
-
-Go template actions are disallowed from being used inside of them, for example, `"var a = {{.}}"` since there is no safe
-way to allow this behavior. This takes the same approach as github.com/google/safehtml. With this fix,
-`Template.Parse()` returns an error when it encounters templates containing actions with literal JavaScript. The
-ErrorCode has a value of 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21.
-Users who rely on the previous behavior can re-enable it using the `GODEBUG flag jstmpllitinterp=1` with the caveat that
-backticks will now be escaped.
-
-### Impact
-
-No impact. We use the Go package [html/template](https://pkg.go.dev/html/template) and our HTML templates are static. We
-also do not accept or parse any provided user data.
-
-### Affected Products
-
-Not applicable.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538)
-
-- [GO-2023-1703](https://pkg.go.dev/vuln/GO-2023-1703)
-
-<br />
-
-## September 01, 2023 - CVE-2023-29404 - CGO LDFLAGS Vulnerability Security Advisory - 9.8 CVSS
-
-The `go` command can execute any code during the build process when using cgo. This can happen when using `go get`
-command on a malicious module or any other command that builds untrusted code. It can also be triggered by linker flags
-specified through the `#cgo LDFLAGS` directive. The non-optional flags in LDFLAGS sanitization allow disallowed flags to
-be used with gc and gccgo compilers.
-
-### Impact
-
-No impact. This is not a runtime issue and we do not compile untrusted code.
-
-### Affected Products
-
-Not applicable.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402)
-
-- [GO-2023-1841](https://pkg.go.dev/vuln/GO-2023-1841)
-
-<br />
-
-## September 01, 2023 - CVE-2023-29402 - Go Modules Vulnerability Security Advisory - 9.8 CVSS
-
-The go command may generate unexpected code at build time when using cgo. Using unexpected code with cgo can cause
-unexpected behavior in Go programs. This may occur when an untrusted module contains directories with newline characters
-in their names. Go modules retrieved using the command `go get` are unaffected. Modules retrieved using the legacy
-module retrieve method with the environment variables `GOPATH` and `GO111MODULE=off` may be affected.
-
-### Impact
-
-No impact. This is not a runtime issue and we do not compile untrusted code.
-
-### Affected Products
-
-Not applicable.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402)
-
-- [GO-2023-1839](https://pkg.go.dev/vuln/GO-2023-1839)
-
-<br />
-
-## September 01, 2023 - CVE-2023-29402 - Go get Vulnerability Security Advisory - 9.8 CVSS
-
-The go command may execute arbitrary code at build time when using cgo. The arbitrary code execution may occur when the
-command `go get` is issued on a malicious module or when using any other command that builds untrusted code. This can be
-triggered by linker flags specified via a `#cgo LDFLAGS directive`. Flags containing embedded spaces are mishandled, and
-disallowed flags are smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This
-only affects the gccgo compiler.
-
-### Impact
-
-No impact. This is not a runtime issue and we do not compile untrusted code.
-
-### Affected Products
-
-Not applicable.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402)
-
-- [GO-2023-1842](https://pkg.go.dev/vuln/GO-2023-1842)
-
-<br />
-
-## September 01, 2023 - CVE-2023-24540 - HTML Template Security Advisory - 9.8 CVSS
-
-Not all valid JavaScript whitespace characters are considered to be whitespace. JavaScript templates containing
-whitespace characters outside of the character set `\t\n\f\r\u0020\u2028\u2029` may not be properly sanitized during
-execution.
-
-### Impact
-
-No impact - We use the Go package [html/template](https://pkg.go.dev/html/template) but our HTML templates are static.
-We also do not accept or parse any provided user data.
-
-### Patches
-
-Not applicable.
-
-### Workarounds
-
-Not applicable.
-
-### References
-
-- [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540)
-
-- [GO-2023-1752](https://pkg.go.dev/vuln/GO-2023-1752)
-
-<br />
-
-## March 20, 2023 - CVE-2023-22809 Sudo Vulnerability in Palette - 7.8 CVSS
-
-A security vulnerability in `sudo -e` option (aka _sudoedit_) allows a malicious user with sudoedit privileges to edit
-arbitrary files. The Palette container `palette-controller-manager:mold-manager` incorporates a sudo version affected by
-sudoers policy bypass in sudo when using sudoedit.
-
-All versions of Palette before v2.6.70 are affected.
-
-#### Impact
-
-A local user with permission to edit files can use this flaw to change a file not permitted by the security policy,
-resulting in privilege escalation.
-
-#### Resolution
-
-- For Palette SaaS, this has been addressed and requires no user action.
-- For ​​Palette self-hosted deployments, please upgrade to newer versions greater than or equal to v2.6.70 to address
-  the reported vulnerability.
-
-#### Workarounds
-
-None.
-
-#### References
-
-- [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/cve-2023-22809)
-
-<br />
-
-## August 4, 2022 - CVE-2022-1292 c_rehash script vulnerability in vSphere CSI pack - 9.8 CVSS
-
-On May 3 2022, OpenSSL published a security advisory disclosing a command injection vulnerability in the `c_rehash`
-script included with the OpenSSL library. Some operating systems automatically execute this script as a part of normal
-operations, which could allow an attacker to execute arbitrary commands with elevated privileges.
-
-Palette is not directly affected by this vulnerability. However, if your cluster profile is using the vSphere CSI pack,
-version v2.3 or below, it contains a vulnerable version of the `c_rehash` script.
-
-#### Impact
-
-The `c_rehash` script does not sanitize shell metacharacters properly to prevent command injection. This script is
-distributed by some operating systems, and by extension, in container images, in a manner where it is automatically
-executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script.
-
-#### Resolution
-
-This vulnerability has been addressed in the vSphere CSI pack greater than or equal to version v2.6.
-
-#### Workarounds
-
-Update cluster profiles using the vSphere CSI pack to version v2.6 or greater. Apply the updated cluster profile changes
-to all clusters consuming the cluster profile.
-
-#### References
-
-- [CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292)
+| Impacted Product & Version | Vulnerability Type                | Impacted Component | Vulnerability Summary                                                                                                                                                                                                                                           | CVE ID                                                            | CVSS Severity             |
+| -------------------------- | --------------------------------- | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------- |
+| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.                                           | [CVE-2023-6270](https://ubuntu.com/security/CVE-2023-6270)        | 7.0                       |
+| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.                                                                    | [CVE-2023-7042](https://ubuntu.com/security/CVE-2023-7042)        | 5.5                       |
+| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to cause a denial of service.                                                                               | [CVE-2024-0841](https://ubuntu.com/security/CVE-2024-0841)        | 7.8                       |
+| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service.                                | [CVE-2024-21823](https://ubuntu.com/security/CVE-2024-21823)      | Not Available             |
+| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash).                          | [CVE-2024-22099](https://ubuntu.com/security/CVE-2024-22099)      | 5.5                       |
+| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | MediaTek SoC Gigabit Ethernet driver in the Linux kernel contained a race condition when stopping the device. A local attacker could possibly use this to cause a denial of service (device unavailability).                                                    | [CVE-2024-27432](https://ubuntu.com/security/CVE-2024-27432)      | Not Available             |
+| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Ubuntu released 146 additional vulnerabilities related to Linux Kernel                                                                                                                                                                                          | [USN-6820-1](https://ubuntu.com/security/notices/USN-6820-1)      | Varying                   |
+| Palette 4.4, 4.3, 4.2…     | Third-party component: Kubernetes | Kubernetes         | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters. | [CVE-2024-36106](https://nvd.nist.gov/vuln/detail/CVE-2024-36106) | Awaiting Analysis by NIST |
+| Palette 4.4, 4.3, 4.2…     | Third-party component: Kubernetes | Kubernetes         | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by `/api/v1/settings` endpoint without authentication.                                                 | [CVE-2024-37152](https://nvd.nist.gov/vuln/detail/CVE-2024-37152) | Awaiting Analysis by NIST |
diff --git a/docs/docs-content/security-bulletins/security-bulletins.md b/docs/docs-content/security-bulletins/security-bulletins.md
index 049799fdd4..46af3fd39e 100644
--- a/docs/docs-content/security-bulletins/security-bulletins.md
+++ b/docs/docs-content/security-bulletins/security-bulletins.md
@@ -29,6 +29,4 @@ security bulletin.
 
 ## Resources
 
-- [CVE Reports](cve-reports.md)
-
-- [CVE Index](cve-index.md)
+- [Security Bulletins](cve-reports.md)
diff --git a/docs/docs-content/unlisted/cve-reports.md b/docs/docs-content/unlisted/cve-reports.md
new file mode 100644
index 0000000000..5373033c37
--- /dev/null
+++ b/docs/docs-content/unlisted/cve-reports.md
@@ -0,0 +1,1027 @@
+---
+sidebar_label: "CVE Index"
+title: "CVE Index"
+description: "Security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette"
+icon: ""
+hide_table_of_contents: false
+sidebar_position: 10
+slug: "index"
+tags: ["security", "cve"]
+unlisted: true
+---
+
+# Security Bulletins
+
+<!-- COPY THIS SECTION AND FILL OUT THE TEMPLATE. DO NOT REPLACE THIS SECTION.
+                  NEW CONTENT GOES AT THE TOP OF THE FILE
+
+## Title
+_Include the datea and the CVE description and score.
+Example: March 20, 2023 - CVE-2023-22809 Sudo Vulnerability in Palette - 7.8 CVSS
+
+### Impact
+_What kind of vulnerability is it? Who is impacted?_ What Palette versions are affected?
+
+### Patches
+_Has the problem been patched? What versions should users upgrade to?_
+
+### Workarounds
+_Is there a way for users to fix or remediate the vulnerability without upgrading?_
+
+### References
+_Are there any links users can visit to find out more?_
+
+-->
+
+## June 3, 2024 - CVE-2024-23652 BuildKit Vulnerable to Possible Host System Access from Mount Stub Cleaner - 9.1 CVSS
+
+A vulnerability found in BuildKit can potentially allow malicious BuildKit frontends and Dockerfiles to remove files
+from the host system outside the container by using the `RUN --mount` command.
+
+### Impact
+
+No impact. Palette and VerteX do not use the impacted symbol.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2024-23652](https://nvd.nist.gov/vuln/detail/CVE-2024-23652)
+- [GO-2024-2494](https://pkg.go.dev/vuln/GO-2024-2494)
+
+<br />
+
+## June 3, 2024 - CVE-2024-23653 BuildKit Interactive Container API Does Not Validate Privileges - 9.8 CVSS
+
+A vulnerability was found in the BuildKit API for running interactive containers. In addition to running containers as
+build steps, the API allowed running containers with elevated privileges.
+
+### Impact
+
+No impact. Palette and VerteX do not use the impacted symbol.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2024-23653](https://nvd.nist.gov/vuln/detail/CVE-2024-23653)
+- [GO-2024-2497](https://pkg.go.dev/vuln/GO-2024-2497)
+
+<br />
+
+## June 3, 2024 - CVE-2023-49569 Path Traversal and RCE Vulnerability in Go-Git Versions Before v5.11 - 9.8 CVSS
+
+A path traversal vulnerability discovered in Go-Git can allow attackers to create and amend files across the file system
+and, potentially, remotely execute malicious code. Only those applications that use
+[ChrootOS](https://pkg.go.dev/github.com/go-git/go-billy/v5/osfs#ChrootOS) are affected.
+
+This is a Go-Git implementation vulnerability, and it does not affect the upstream git CLI.
+
+### Impact
+
+No impact. Palette and VerteX do not use the impacted symbols.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-49569](https://nvd.nist.gov/vuln/detail/CVE-2023-49569)
+- [GO-2024-2456](https://pkg.go.dev/vuln/GO-2024-2456)
+
+<br />
+
+## April 14, 2024 - CVE-2023-24534 HTTP and MIME Header Parsing Can Allocate Large Amounts of Memory - 7.5 CVSS
+
+HTTP and MIME header parsing can allocate large amounts of memory, even when parsing small inputs, potentially leading
+to a denial of service. Certain unusual patterns of input data can cause the common function used to parse HTTP and MIME
+headers to allocate substantially more memory than required to hold the parsed headers.
+
+An attacker can exploit this behavior to cause an HTTP server to allocate large amounts of memory from a small request,
+potentially leading to memory exhaustion and a denial of service. With the fix, header parsing now correctly allocates
+only the memory required to hold parsed headers.
+
+### Impact
+
+Low.
+
+### Patches
+
+Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-24534](https://nvd.nist.gov/vuln/detail/CVE-2023-24534)
+
+<br />
+
+## April 14, 2024 - CVE-2023-24536 MIME/Multipart Form Parsing Can Consume Large Amounts of CPU and Memory - 7.5 CVSS
+
+Multipart form parsing can consume large amounts of CPU and memory when processing form inputs containing large numbers
+of parts. This can be caused by several reasons:
+
+- `mime/multipart.Reader.ReadForm` limits the total memory a parsed multipart form can consume. `ReadForm` can
+  undercount the amount of memory consumed, leading it to accept larger inputs than intended.
+- Limiting total memory does not account for increased pressure on the garbage collector from large numbers of small
+  allocations in forms with many parts.
+- `ReadForm` can allocate a large number of short-lived buffers, further increasing pressure on the garbage collector.
+
+The combination of these factors can allow an attacker to cause a program that parses multipart forms to consume large
+amounts of CPU and memory, potentially resulting in a denial of service. This affects programs that use
+`mime/multipart.Reader.ReadForm` and form parsing in the `net/http` package with the request methods `FormFile`,
+`FormValue`, `ParseMultipartForm`, and `PostFormValue`. With the fix, `ReadForm` now better estimates the memory
+consumption of parsed forms and performs fewer short-lived allocations. In addition, the fixed `mime/multipart.Reader`
+imposes the following limits on the size of parsed forms:
+
+- Forms parsed with `ReadForm` may contain no more than 1000 parts. This limit can be adjusted with the environment
+  variable `GODEBUG=multipartmaxparts=`.
+- Form parts parsed with `NextPart` and `NextRawPart` may contain no more than 10,000 header fields. In addition, forms
+  parsed with `ReadForm` may contain no more than 10,000 header fields across all parts. This limit may be adjusted with
+  the environment variable `GODEBUG=multipartmaxheaders=`.
+
+### Impact
+
+Low.
+
+### Patches
+
+Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-24536](https://nvd.nist.gov/vuln/detail/CVE-2023-24536)
+
+<br />
+
+## April 14, 2024 - CVE-2023-26159 Improper Input Validation Due to Improper Handling of URLs - 6.1 CVSS
+
+Versions of the `follow-redirects` package prior to 1.15.4 are vulnerable to Improper Input Validation due to the
+improper handling of URLs by the `url.parse()` function. When `new URL()` throws an error, it can be manipulated to
+misinterpret the hostname. An attacker could exploit this weakness to redirect traffic to a malicious site, potentially
+leading to information disclosure, phishing attacks, or other security breaches.
+
+### Impact
+
+Low impact. The Palette management platform's MongoDB service sidecar is not exposed publicly and does not accept user
+input.
+
+### Patches
+
+Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-26159](https://nvd.nist.gov/vuln/detail/CVE-2023-26159)
+
+<br />
+
+## April 14, 2024 - CVE-2023-5764 Ansible Template Injection Vulnerability - 7.8 CVSS
+
+A template injection flaw was found in Ansible. It occurs when internal templating operations of a user's controller
+remove the unsafe designation from template data. This issue could allow an attacker to use a specially crafted file to
+introduce code injection when supplying templating data.
+
+### Impact
+
+No impact. The Palette node agent service does not accept or parse any provided user data.
+
+### Patches
+
+Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-5764](https://nvd.nist.gov/vuln/detail/CVE-2023-5764)
+
+<br />
+
+## April 14, 2024 - CVE-2023-42282 SSRF Vulnerability in Node.js - 9.8 CVSS
+
+Node.js IP packages before version 1.1.9 may allow Server-Side Request Forgery (SSRF). This might happen because certain
+IP addresses, such as `0x7f.1`, are improperly categorized as globally routable by the `isPublic` function.
+
+### Impact
+
+Low impact. The Palette management platform's MongoDB service sidecar is not exposed publicly and does not accept user
+input.
+
+### Patches
+
+Palette and VerteX version 4.3.0 include the security patch for the vulnerability.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-42282](https://nvd.nist.gov/vuln/detail/CVE-2023-42282)
+
+<br />
+
+## April 2, 2024 - CVE-2024-3094 Malicious Code in XZ Utility - 10 CVSS
+
+Malicious code was discovered in the upstream tarballs of the XZ utility, starting with version 5.6.0, contain malicious
+code. This code is hidden within a test file in the source code and is extracted by the liblzma build process. The code
+then modifies specific functions in the liblzma library, resulting in a modified version of the library. Any software
+that links against this modified library may have its data interaction intercepted and modified. You can learn more
+about the vulnerability in the [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094) reference page.
+
+#### Impact
+
+No impact. None of the OS distributions supported by Palette use the impacted versions of the XZ utils package. Below
+are the links to the security advisories for all the Palette supported OS distributions:
+
+- [Ubuntu 20.04, 22.04, 23.10](https://ubuntu.com/security/CVE-2024-3094)
+- [RHEL 8](https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users)
+- [OpenSUSE Leap](https://www.suse.com/c/suse-addresses-supply-chain-attack-against-xz-compression-library/)
+- [SLE Micro](https://www.suse.com/c/suse-addresses-supply-chain-attack-against-xz-compression-library/)
+
+#### Patches
+
+Not Applicable
+
+### Workarounds
+
+Not Applicable
+
+#### References
+
+- [CVE-2024-3094](https://nvd.nist.gov/vuln/detail/CVE-2024-3094)
+- [Ubuntu CVE Disclosure](https://ubuntu.com/security/CVE-2024-3094)
+- [RedHat CVE Disclosure](https://www.redhat.com/en/blog/urgent-security-alert-fedora-41-and-rawhide-users)
+- [SUSE CVE Disclosure](https://www.suse.com/c/suse-addresses-supply-chain-attack-against-xz-compression-library/)
+
+<br />
+
+## January 10, 2024 - CVE-2023-39323 Bypass CGO Restrictions - 8.1 CVSS
+
+Line directives `//line` can be used to bypass the restrictions on `//go:cgo_` directives, allowing blocked linker and
+compiler flags to be passed during compilation. This can result in unexpected execution of arbitrary code when issuing
+the command `go build`. The line directive requires the absolute path of the file in which the directive resides, which
+makes exploiting this issue significantly more complex.
+
+#### Impact
+
+No impact. This is not a runtime issue and we do not compile untrusted code.
+
+#### Patches
+
+Not Applicable
+
+### Workarounds
+
+Not Applicable
+
+#### References
+
+- [CVE-2023-39323](https://nvd.nist.gov/vuln/detail/CVE-2023-39323)
+
+<br />
+
+## January 10, 2024 - CVE-2023-45283 Filepath Package and Special Prefixes - 7.5 CVSS
+
+The filepath package does not recognize paths with a `\??\` prefix as special. On Windows, a path beginning with `\??\`
+is a Root Local Device (RDL) path equivalent to a path beginning with `\\?\`. Paths with a `\??\` prefix may be used to
+access arbitrary locations on the system. For example, the path `\??\c:\x` is equivalent to the more common path `c:\x`.
+
+Before the fix, the `Clean` function could convert a rooted path such as `\a\..\??\b` into the RDL path `\??\b`. `Clean`
+will now convert this to `.\??\b`. Similarly, before the fix, `Join(\, ??, b)` could convert a seemingly innocent
+sequence of path elements into the RDL path \??\b. Join will now convert this to `\.\??\b`.
+
+In the fix version, the function `IsAbs` now correctly reports paths beginning with `\??\` as absolute, and VolumeName
+correctly reports the `\??\` prefix as a volume name.
+
+Go 1.20.11 and Go 1.21.4 inadvertently changed the definition of the volume name in Windows paths starting with `\?`,
+resulting in `filepath.Clean(\?\c:)` returning `\?\c:` rather than `\?\c:\` among other effects. The previous expected
+behavior has been restored in the new version releases.
+
+#### Impact
+
+No impact. This only impacts Windows and Palette does not use Windows operating systems for runtime operations.
+
+#### Patches
+
+Not Applicable
+
+### Workarounds
+
+Not Applicable
+
+#### References
+
+- [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45283)
+
+<br />
+
+## January 10, 2024 - CVE-2023-45285 Insecure Fetching of Go Modules - 7.5 CVSS
+
+Using the command `go get` to fetch a module with the `.git` suffix may unexpectedly fallback to the insecure `git://`
+protocol if the module is unavailable via the secure `https://` and `git+ssh://` protocols, even if `GOINSECURE` is not
+set for said module. This only affects users who are not using the module proxy and are fetching modules directly and
+bypassing the Go proxy with `GOPROXY=off`.
+
+#### Impact
+
+No impact. This is not a runtime issue and we do not use any dependent module with `.git` suffix.
+
+#### Patches
+
+Not Applicable
+
+### Workarounds
+
+Not Applicable
+
+#### References
+
+- [CVE-2023-45285](https://nvd.nist.gov/vuln/detail/CVE-2023-45285)
+
+<br />
+
+## January 10, 2024 - CVE-2023-39325 Excessive Server Resource Consumption - 7.5 CVSS
+
+A malicious HTTP/2 client that rapidly creates requests and immediately resets them can cause excessive server resource
+consumption. While the total number of requests is bounded by the `http2.Server.MaxConcurrentStreams` setting, resetting
+an in-progress request allows the attacker to create a new request while the existing one is still executing.
+
+With the fix applied, HTTP/2 servers are now bound by the number of simultaneously executing handler goroutines to the
+stream concurrency limit `MaxConcurrentStreams`.
+
+If a client sends a new request when the server is already processing the maximum number of requests, the new request
+will be queued and wait for a handler to become available. However, if the queue of pending requests grows too large,
+the server will terminate the connection. This will happen only after the client has reset an existing request that is
+still being processed by the server.
+
+This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency
+limit is 250 streams requests per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2
+package. Refer to the `Server.MaxConcurrentStreams` setting and the `ConfigureServer` function for more details.
+
+#### Impact
+
+All Palette and VerteX releases prior to version 4.2.0 are impacted. The impact is largely mitigated as Palette and
+VerteX already have IP address based rate limit.
+
+#### Patches
+
+Palette and VerteX version 4.1.0 includes the fix for all the services using the HTTP/2 protocol.
+
+### Workarounds
+
+No workaround available. Impact is largely mitigated by the rate limits on the API requests. Refer to the
+[API Rate Limit](/api/introduction#rate-limits) documentation for more information.
+
+#### References
+
+- [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)
+
+<br />
+
+## January 10, 2024 - CVE-2023-5363 Potential Truncation of Symmetric Ciphers - 7.5 CVSS
+
+A bug has been identified in the processing of key and initialisation vector (IV) lengths. This can lead to potential
+truncation or overruns during the initialisation of some symmetric ciphers.
+
+#### Impact
+
+Not Applicable. Impacting symbols defined in the CVE are not used.
+
+#### Patches
+
+Not Applicable
+
+### Workarounds
+
+Not Applicable
+
+#### References
+
+- [CVE-2023-5363](https://nvd.nist.gov/vuln/detail/CVE-2023-5363)
+
+<br />
+
+## January 10, 2024 - CVE-2019-0190 Denial of service - 7.5 CVSS
+
+A bug exists in the way `mod_ssl` handled client renegotiations. A remote attacker could send a carefully crafted
+request that would cause `mod_ssl` to enter a loop leading to a denial of service. This bug can be only triggered with
+Apache HTTP Server version 2.4.37 when using OpenSSL version 1.1.1 or later, due to an interaction in changes to
+handling of renegotiation attempts.
+
+#### Impact
+
+Not Applicable. Apache HTTP server with OpenSSL 1.1.1 or later is not used.
+
+#### Patches
+
+Not Applicable
+
+### Workarounds
+
+Not Applicable
+
+#### References
+
+- [CVE-2019-0190](https://nvd.nist.gov/vuln/detail/CVE-2019-0190)
+
+<br />
+
+## January 10, 2024 - CVE-2022-4886 Nginx Path Sanitization Bypass - 8.8 CVSS
+
+The Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller path sanitization feature can be
+bypassed with the `log_format` directive.
+
+#### Impact
+
+No impact on Palette SaaS, self-hosted Palette, or VerteX deployments. We do not allow end user to create or update
+ingress objects. Tenant clusters using the Nginx ingress controller pack with versions older than v1.8.0 may be impacted
+if they expose the ability for end users to create or update ingress objects.
+
+#### Patches
+
+No fix is available yet, but there is a remediation available starting with Nginx ingress controller v1.8.0. The Nginx
+ingress controller pack is available with a newer version v1.9.4. The newer version has `enable-annotation-validation`
+set to `true` by default.
+
+### Workarounds
+
+Starting with Nginx version v1.8.0, ingress administrators can set the `--strict-validate-path-type` flag to `true` to
+validate ingress rules having `pathType` as "Exact" or "Prefix". If the `pathType` is `ImplementationSpecific` then an
+admission controller policy is required to filter out the malicious path. Check out the
+[OpenPolicyAgent and pathType enforcing](https://kubernetes.github.io/ingress-nginx/examples/openpolicyagent/)
+documentation for more information.
+
+Tenant clusters using older Nginx ingress controller packs can upgrade to version v1.9.4 which has
+`strict-validate-path-type` set to `true` by default.
+
+#### References
+
+- [CVE-2022-4886](https://nvd.nist.gov/vuln/detail/CVE-2022-4886)
+
+<br />
+
+## January 10, 2024 - CVE-2023-5043 Ingress Nginx Annotation Injection - 8.8 CVSS
+
+The Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller annotations can be used to inject
+arbitrary commands that are later executed.
+
+#### Impact
+
+No impact on Palette SaaS, self-hosted Palette and VerteX deployments. We do not allow end user to create or update
+ingress objects. Tenant clusters using the Nginx ingress controller pack with versions older than v1.8.0 may be impacted
+if they expose the ability for end users to create or update ingress objects.
+
+#### Patches
+
+No fix is available yet, but there is a remediation available starting with Nginx ingress controller v1.9.0. The Nginx
+ingress controller pack is available with a newer version v1.9.4. The new version has `enable-annotation-validation` set
+to `true` by default.
+
+### Workarounds
+
+Starting with Nginx version v1.9.0, Ingress administrators should set the `--enable-annotation-validation` flag to
+enforce restrictions on the contents of ingress-nginx annotation fields. Tenant clusters using older Nginx ingress
+controller pack versions can upgrade the pack to version 1.9.4 which has `enable-annotation-validation` set to `true` by
+default.
+
+#### References
+
+- [CVE-2023-5043](https://nvd.nist.gov/vuln/detail/CVE-2023-5043)
+
+<br />
+
+## January 10, 2024 - CVE-2023-5044 Ingress Nginx Annotation Injection - 8.8 CVSS
+
+The Kubernetes [ingress-nginx](https://github.com/kubernetes/ingress-nginx) controller
+`nginx.ingress.kubernetes.io/permanent-redirect` annotation can be used to inject arbitrary commands that are later
+executed.
+
+#### Impact
+
+No impact on Palette SaaS, self-hosted Palette and VerteX deployments. We do not allow end user to create or update
+ingress objects. Tenant clusters using nginx ingress controller pack with versions older than v1.8.0 may be impacted if
+they are expose the ability for end users to create or update ingress objects.
+
+#### Patches
+
+No fix is available yet, but there is a remediation available starting with Nginx ingress controller version 1.9.0. The
+Nginx ingress controller pack is available with version v1.9.4. The newer version has `enable-annotation-validation` set
+to `true` by default.
+
+### Workarounds
+
+Starting with Nginx version 1.9.0, ingress administrators should set the `--enable-annotation-validation` flag to
+enforce restrictions on the contents of ingress-nginx annotation fields. Tenant clusters using older Nginx ingress
+controller packs can upgrade to version v1.9.4 which has `enable-annotation-validation` set to `true` by default.
+
+#### References
+
+- [CVE-2023-5044](https://nvd.nist.gov/vuln/detail/CVE-2023-5044)
+
+<br />
+
+## October 17, 2023 - CVE-2023-4911 Buffer Overflow in Dynamic Loader - 7.8 CVSS
+
+A buffer overflow was discovered in the GNU C Library’s dynamic loader `ld.so` while processing the `GLIBC_TUNABLES`
+environment variable. This issue could allow a local attacker to use maliciously crafted `GLIBC_TUNABLES` environment
+variables when launching binaries with `SUID` permission to execute code with elevated privileges.
+
+#### Impact
+
+All internal Palette and VerteX microservices are not impacted as the binaries are compiled using
+[musl](https://musl.libc.org). This vulnerability, from an OS perspective, cannot be exploited without a remote code
+execution exploit.
+
+#### Patches
+
+Palette version 4.1.0 includes the security patch for the vulnerability.
+
+#### Workarounds
+
+Self-hosted instances of Palette and VerteX need to upgrade to version 4.1.0 or greater. Tenant Clusters and Private
+Cloud Gateways can be patched using the on-demand or scheduled OS security patches apply feature. Refer to the
+[OS Patching](../clusters/cluster-management/os-patching.md) documentation for more information.
+
+#### References
+
+- [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)
+
+<br />
+
+## October 11, 2023 - CVE-2023-44487 HTTP/2 Denial of Service - 7.5 CVSS
+
+The HTTP/2 protocol may be used to create a denial of service and cause a server to exhaust all of its allocated
+resources. A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive
+server resource consumption.
+
+#### Impact
+
+All Palette and VerteX releases prior to version 4.1.0 are impacted. The impact is largely mitigated as Palette and
+VerteX already has IP address based rate limit.
+
+#### Patches
+
+Palette and VerteX version 4.1.0 includes the fix for all the services using HTTP/2 protocol.
+
+### Workarounds
+
+No workaround available. Impact is largely mitigated by the rate limits on the API requests. Refer to the
+[API Rate Limit](/api/introduction#rate-limits) documentation for more information.
+
+#### References
+
+- [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)
+
+<br />
+
+## October 6, 2023 - CVE-2023-32002 NodeJS Modules Policy Bypass - 9.8 CVSS
+
+The use of the Module library's `Module._load()` function can be used to bypass the defined policy mechanism and require
+external modules not defined in the **policy.json** file for a given module. This vulnerability affects all users using
+the experimental policy mechanism in all active release lines: 16.x, 18.x and, 20.x. Note that at the time this CVE was
+issued, the policy is an experimental feature of Node.js.
+
+#### Impact
+
+No impact since the impacted function is not used by Palette.
+
+#### Patches
+
+Not Applicable
+
+#### Workarounds
+
+Not Applicable
+
+#### References
+
+-- [CVE-2023-32002](https://nvd.nist.gov/vuln/detail/CVE-2023-32002)
+
+<br />
+
+## September 25, 2023 - CVE-2023-42810 - NodeJS SSID Command Injection Vulnerability - 9.8 CVSS
+
+The NodeJS system information library, `systeminformation`, has an SSID command injection vulnerability. The affected
+versions are v5.0.0 to v5.21.6. The problem was fixed with a parameter check in version 5.21.7. As a workaround, check
+or sanitize parameter strings that are passed to `wifiConnections()`, `wifiNetworks()`.
+
+#### Impact
+
+No impact since the impacted functions are not used.
+
+#### Patches
+
+Not Applicable
+
+#### Workarounds
+
+Not Applicable
+
+#### References
+
+- [CVE-2023-42810](https://nvd.nist.gov/vuln/detail/CVE-2023-42810)
+
+<br />
+
+## September 25, 2023 - CVE-2023-4863 Libwebp Programs Terminations - 8.8 CVSS
+
+A heap buffer overflow in the library, `libwebp`, allows a remote attacker to perform an out of bounds memory write via
+a crafted HTML page. This vulerability is present with the combination of Google Chrome prior to versions 116.0.5845.187
+with `libwebp` version 1.3.2. This is Chromium security severity that is marked as Critical.
+
+#### Impact
+
+No impact since `libwebp` is not used on any of the Palette container images. This vulnerability, from an OS perspective
+OS, a cannot be exploited without a remote code execution exploit.
+
+#### Patches
+
+Release 4.1.0 of self-hosted Palette and VerteX deployment include the security patch for the CVE.
+
+#### Workarounds
+
+Self-hosted instances of Palette and VerteX need to upgrade to version 4.1.0 or greater. Tenant Clusters and Private
+Cloud Gateways can be patched using the on-demand or scheduled OS security patches apply feature. Refer to the
+[OS Patching](../clusters/cluster-management/os-patching.md) documentation for more information.
+
+#### References
+
+- [CVE-2023-4863](https://nvd.nist.gov/vuln/detail/CVE-2023-4863)
+
+<br />
+
+## September 01, 2023 - CVE-2023-22809 Sudo Vulnerability - 7.8 CVSS
+
+The sudo program version 1.9.12p2 and earlier mishandles extra arguments passed in the user-provided environment
+variables `SUDO_EDITOR`, `VISUAL`, and `EDITOR` when the `sudoedit` command is executed.
+
+The mishandling allows a local attacker to append arbitrary entries to the list of files to process. This can lead to
+privilege escalation. Affected versions are 1.8.0 through 1.9.12.p1. The problem exists because a user-specified editor
+may contain the `--` argument that defeats a protection mechanism. For example, an attacker may issue the following
+command `EDITOR='vim -- /path/to/extra/file` value.
+
+### Impact
+
+This vulnerability affects the following Palette components:
+
+- Self-hosted Palette instances with versions older than 4.0.0
+
+- Private Cloud Gateways instances with versions older than 4.0.0
+
+- Clusters deployed with Palette versions older than 4.0.0
+
+### Patches
+
+For self-hosted Palette environments, upgrade to Palette version 4.0.0 or greater. Upgrading Palette will automatically
+update the OS.
+
+### Workarounds
+
+For clusters and Private Cloud Gateways, patch the OS. You can use the on-demand or scheduled features to apply the OS
+security patches. Refer to the [OS Patching](../clusters/cluster-management/os-patching.md) documentation for more
+information.
+
+<br />
+
+### References
+
+- [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/cve-2023-22809)
+
+<br />
+
+## September 01, 2023 - CVE-2023-38408 OpenSSH Vulnerability - 9.8 CVSS
+
+The PKCS#11 feature in the OpenSSH ssh-agent before version 9.3p2 has an insufficiently trustworthy search path. This
+may lead to remote code execution if an agent is forwarded to an attacker-controlled system. Code in the folder
+**/usr/lib** may be unsafe to load into the ssh-agent. This issue exists because of an incomplete fix for
+[CVE-2016-10009](https://nvd.nist.gov/vuln/detail/cve-2016-10009).
+
+### Impact
+
+This vulnerability affects the following Palette components:
+
+- Self-hosted Palette instances with versions older than 4.0.0
+
+- Private Cloud Gateways instances with versions older than 4.0.0
+
+- Clusters deployed with Palette versions older than 4.0.0
+
+### Patches
+
+- For self-hosted Palette environments, upgrade to Palette version 4.0.0 or greater. Upgrading Palette will
+  automatically update the Operating System (OS).
+
+### Workarounds
+
+- For clusters and Private Cloud Gateways, patch the OS. You can use the on-demand or scheduled features to apply the OS
+  security patches. Refer to the [OS Patching](../clusters/cluster-management/os-patching.md) documentation for more
+  information.
+
+### References
+
+- [CVE-2023-38408](https://nvd.nist.gov/vuln/detail/CVE-2023-38408)
+
+<br />
+
+## September 01, 2023 - CVE-2023-29400 - HTML Template Vulnerability Security Advisory - 7.3 CVSS
+
+When using Go templates with actions in unquoted HTML attributes, such as `attr={{.}}`, unexpected output may occur due
+to HTML normalization rules if invoked with an empty input. This may allow the injection of arbitrary attributes into
+tags.
+
+### Impact
+
+No impact. We use the Go package [html/template](https://pkg.go.dev/html/template) and our HTML templates are static.
+Our templates do not contain characters mentioned in the CVE. We also do not accept or parse any provided user data
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-29400](https://nvd.nist.gov/vuln/detail/CVE-2023-29400)
+
+- [GO-2023-1753](https://pkg.go.dev/vuln/GO-2023-1753)
+
+<br />
+
+## September 01, 2023 - CVE-2023-24539 - HTML Template Vulnerability Security Advisory - 7.3 CVSS
+
+Angle brackets `<>` are not considered dangerous characters when inserted into Cascading Style Sheets (CSS) contexts. Go
+templates containing multiple actions separated by a `/` character can result in unexpectedly closing the CSS context
+and allowing for the injection of unexpected HTML if executed with untrusted input.
+
+### Impact
+
+No impact. We use the Go package [html/template](https://pkg.go.dev/html/template) and our HTML templates are static. We
+also do not accept or parse any provided user data.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-24539](https://nvd.nist.gov/vuln/detail/CVE-2023-24539)
+
+- [GO-2023-1751](https://pkg.go.dev/vuln/GO-2023-1751)
+
+<br />
+
+## September 01, 2023 - CVE-2023-24538 - HTML Template Vulnerability - Security Advisory - 9.8 CVSS
+
+Go templates do not consider backticks as a Javascript string delimiter and, as a result, do not escape them as
+expected. Backticks have been used since ES6 for JS template literals. If a Go template contains an action within a
+literal Javascript template, the action's contents can be used to terminate the literal and potentially inject arbitrary
+Javascript code into the Go template.
+
+Go template actions are disallowed from being used inside of them, for example, `"var a = {{.}}"` since there is no safe
+way to allow this behavior. This takes the same approach as github.com/google/safehtml. With this fix,
+`Template.Parse()` returns an error when it encounters templates containing actions with literal JavaScript. The
+ErrorCode has a value of 12. This ErrorCode is currently unexported but will be exported in the release of Go 1.21.
+Users who rely on the previous behavior can re-enable it using the `GODEBUG flag jstmpllitinterp=1` with the caveat that
+backticks will now be escaped.
+
+### Impact
+
+No impact. We use the Go package [html/template](https://pkg.go.dev/html/template) and our HTML templates are static. We
+also do not accept or parse any provided user data.
+
+### Affected Products
+
+Not applicable.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-24538](https://nvd.nist.gov/vuln/detail/CVE-2023-24538)
+
+- [GO-2023-1703](https://pkg.go.dev/vuln/GO-2023-1703)
+
+<br />
+
+## September 01, 2023 - CVE-2023-29404 - CGO LDFLAGS Vulnerability Security Advisory - 9.8 CVSS
+
+The `go` command can execute any code during the build process when using cgo. This can happen when using `go get`
+command on a malicious module or any other command that builds untrusted code. It can also be triggered by linker flags
+specified through the `#cgo LDFLAGS` directive. The non-optional flags in LDFLAGS sanitization allow disallowed flags to
+be used with gc and gccgo compilers.
+
+### Impact
+
+No impact. This is not a runtime issue and we do not compile untrusted code.
+
+### Affected Products
+
+Not applicable.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402)
+
+- [GO-2023-1841](https://pkg.go.dev/vuln/GO-2023-1841)
+
+<br />
+
+## September 01, 2023 - CVE-2023-29402 - Go Modules Vulnerability Security Advisory - 9.8 CVSS
+
+The go command may generate unexpected code at build time when using cgo. Using unexpected code with cgo can cause
+unexpected behavior in Go programs. This may occur when an untrusted module contains directories with newline characters
+in their names. Go modules retrieved using the command `go get` are unaffected. Modules retrieved using the legacy
+module retrieve method with the environment variables `GOPATH` and `GO111MODULE=off` may be affected.
+
+### Impact
+
+No impact. This is not a runtime issue and we do not compile untrusted code.
+
+### Affected Products
+
+Not applicable.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402)
+
+- [GO-2023-1839](https://pkg.go.dev/vuln/GO-2023-1839)
+
+<br />
+
+## September 01, 2023 - CVE-2023-29402 - Go get Vulnerability Security Advisory - 9.8 CVSS
+
+The go command may execute arbitrary code at build time when using cgo. The arbitrary code execution may occur when the
+command `go get` is issued on a malicious module or when using any other command that builds untrusted code. This can be
+triggered by linker flags specified via a `#cgo LDFLAGS directive`. Flags containing embedded spaces are mishandled, and
+disallowed flags are smuggled through the LDFLAGS sanitization by including them in the argument of another flag. This
+only affects the gccgo compiler.
+
+### Impact
+
+No impact. This is not a runtime issue and we do not compile untrusted code.
+
+### Affected Products
+
+Not applicable.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-29402](https://nvd.nist.gov/vuln/detail/CVE-2023-29402)
+
+- [GO-2023-1842](https://pkg.go.dev/vuln/GO-2023-1842)
+
+<br />
+
+## September 01, 2023 - CVE-2023-24540 - HTML Template Security Advisory - 9.8 CVSS
+
+Not all valid JavaScript whitespace characters are considered to be whitespace. JavaScript templates containing
+whitespace characters outside of the character set `\t\n\f\r\u0020\u2028\u2029` may not be properly sanitized during
+execution.
+
+### Impact
+
+No impact - We use the Go package [html/template](https://pkg.go.dev/html/template) but our HTML templates are static.
+We also do not accept or parse any provided user data.
+
+### Patches
+
+Not applicable.
+
+### Workarounds
+
+Not applicable.
+
+### References
+
+- [CVE-2023-24540](https://nvd.nist.gov/vuln/detail/CVE-2023-24540)
+
+- [GO-2023-1752](https://pkg.go.dev/vuln/GO-2023-1752)
+
+<br />
+
+## March 20, 2023 - CVE-2023-22809 Sudo Vulnerability in Palette - 7.8 CVSS
+
+A security vulnerability in `sudo -e` option (aka _sudoedit_) allows a malicious user with sudoedit privileges to edit
+arbitrary files. The Palette container `palette-controller-manager:mold-manager` incorporates a sudo version affected by
+sudoers policy bypass in sudo when using sudoedit.
+
+All versions of Palette before v2.6.70 are affected.
+
+#### Impact
+
+A local user with permission to edit files can use this flaw to change a file not permitted by the security policy,
+resulting in privilege escalation.
+
+#### Resolution
+
+- For Palette SaaS, this has been addressed and requires no user action.
+- For ​​Palette self-hosted deployments, please upgrade to newer versions greater than or equal to v2.6.70 to address
+  the reported vulnerability.
+
+#### Workarounds
+
+None.
+
+#### References
+
+- [CVE-2023-22809](https://nvd.nist.gov/vuln/detail/cve-2023-22809)
+
+<br />
+
+## August 4, 2022 - CVE-2022-1292 c_rehash script vulnerability in vSphere CSI pack - 9.8 CVSS
+
+On May 3 2022, OpenSSL published a security advisory disclosing a command injection vulnerability in the `c_rehash`
+script included with the OpenSSL library. Some operating systems automatically execute this script as a part of normal
+operations, which could allow an attacker to execute arbitrary commands with elevated privileges.
+
+Palette is not directly affected by this vulnerability. However, if your cluster profile is using the vSphere CSI pack,
+version v2.3 or below, it contains a vulnerable version of the `c_rehash` script.
+
+#### Impact
+
+The `c_rehash` script does not sanitize shell metacharacters properly to prevent command injection. This script is
+distributed by some operating systems, and by extension, in container images, in a manner where it is automatically
+executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script.
+
+#### Resolution
+
+This vulnerability has been addressed in the vSphere CSI pack greater than or equal to version v2.6.
+
+#### Workarounds
+
+Update cluster profiles using the vSphere CSI pack to version v2.6 or greater. Apply the updated cluster profile changes
+to all clusters consuming the cluster profile.
+
+#### References
+
+- [CVE-2022-1292](https://nvd.nist.gov/vuln/detail/CVE-2022-1292)
diff --git a/redirects.js b/redirects.js
index a7b9e3c48b..7a40da06ed 100644
--- a/redirects.js
+++ b/redirects.js
@@ -504,6 +504,10 @@ const redirects = [
     from: "/clusters/edge/edgeforge-workflow/palette-canvos/build-artifacts",
     to: "/clusters/edge/edgeforge-workflow/palette-canvos/build-content-bundle",
   },
+  {
+    from: "/security-bulletins/index/",
+    to: "/unlisted/index/",
+  },
 ];
 
 module.exports = redirects;

From 0a3f37d2d24446aae2d6118b595506abd4256970 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Thu, 20 Jun 2024 14:39:32 -0700
Subject: [PATCH 03/19] chore: updated with link

---
 docs/docs-content/security-bulletins/security-bulletins.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/docs-content/security-bulletins/security-bulletins.md b/docs/docs-content/security-bulletins/security-bulletins.md
index 46af3fd39e..004368ff13 100644
--- a/docs/docs-content/security-bulletins/security-bulletins.md
+++ b/docs/docs-content/security-bulletins/security-bulletins.md
@@ -16,9 +16,9 @@ utilize in our products and services.
 
 ## Security Bulletins
 
-We release security bulletins on a monthly and ad-hoc basis addressing security vulnerabilities in our software or
-related third-party components, describing their remediation when available, and providing links to the applicable
-updates for affected software when available.
+We release [security bulletins](./cve-reports.md) on a monthly and ad-hoc basis addressing security vulnerabilities in
+our software or related third-party components, describing their remediation when available, and providing links to the
+applicable updates for affected software when available.
 
 ## Security Advisories
 

From 49f118f9231d5ae69b4fdeb456ad7a6bcfb78806 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Fri, 12 Jul 2024 13:04:55 -0700
Subject: [PATCH 04/19] docs: updated disclosures

---
 .../security-bulletins/cve-reports.md         | 56 ++++++++++++++-----
 1 file changed, 43 insertions(+), 13 deletions(-)

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 620f808cef..44680ceaa9 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -11,22 +11,52 @@ tags: ["security", "cve"]
 
 # Security Bulletins
 
-This page lists the security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette and VerteX.
+The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette solution and
+third-party component vulnerabilities, which we have become aware of. Some of the listed vulnerabilities below have been
+fixed in new versions of our products and released in the last month. These vulnerabilities are discovered via our Bug
+Bounty program, our security monitoring program, or reported to us by our supply chain.
 
 :::info
 
-Previous security bulletins are available in the [Security Bulletins Archive](../unlisted/cve-reports.md).
+The CVSS Severity is provided by either the third-party service provider, or NIST CVE. We do not provide the criticality
+score for third-party components. Previous security bulletins are available in the
+[Security Bulletins Archive](../unlisted/cve-reports.md).
 
 :::
 
-| Impacted Product & Version | Vulnerability Type                | Impacted Component | Vulnerability Summary                                                                                                                                                                                                                                           | CVE ID                                                            | CVSS Severity             |
-| -------------------------- | --------------------------------- | ------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------- |
-| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | ATA over Ethernet (AoE) driver in the Linux kernel contained a race condition, leading to a use-after-free vulnerability. An attacker could use this to cause a denial of service or possibly execute arbitrary code.                                           | [CVE-2023-6270](https://ubuntu.com/security/CVE-2023-6270)        | 7.0                       |
-| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Atheros 802.11ac wireless driver did not properly validate certain data structures, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service.                                                                    | [CVE-2023-7042](https://ubuntu.com/security/CVE-2023-7042)        | 5.5                       |
-| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | HugeTLB file system component of the Linux Kernel contained a NULL pointer dereference vulnerability. A privileged attacker could possibly use this to cause a denial of service.                                                                               | [CVE-2024-0841](https://ubuntu.com/security/CVE-2024-0841)        | 7.8                       |
-| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Intel Data Streaming and Intel Analytics Accelerator drivers in the Linux kernel allowed direct access to the devices for unprivileged users and virtual machines. A local attacker could use this to cause a denial of service.                                | [CVE-2024-21823](https://ubuntu.com/security/CVE-2024-21823)      | Not Available             |
-| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Yuxuan Hu discovered that the Bluetooth RFCOMM protocol driver in the Linux Kernel contained a race condition, leading to a NULL pointer dereference. An attacker could possibly use this to cause a denial of service (system crash).                          | [CVE-2024-22099](https://ubuntu.com/security/CVE-2024-22099)      | 5.5                       |
-| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | MediaTek SoC Gigabit Ethernet driver in the Linux kernel contained a race condition when stopping the device. A local attacker could possibly use this to cause a denial of service (device unavailability).                                                    | [CVE-2024-27432](https://ubuntu.com/security/CVE-2024-27432)      | Not Available             |
-| Palette 4.4                | Third-party component: Ubuntu     | Linux Kernel       | Ubuntu released 146 additional vulnerabilities related to Linux Kernel                                                                                                                                                                                          | [USN-6820-1](https://ubuntu.com/security/notices/USN-6820-1)      | Varying                   |
-| Palette 4.4, 4.3, 4.2…     | Third-party component: Kubernetes | Kubernetes         | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. It’s possible for authenticated users to enumerate clusters by name by inspecting error messages. It’s also possible to enumerate the names of projects with project-scoped clusters. | [CVE-2024-36106](https://nvd.nist.gov/vuln/detail/CVE-2024-36106) | Awaiting Analysis by NIST |
-| Palette 4.4, 4.3, 4.2…     | Third-party component: Kubernetes | Kubernetes         | Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. The vulnerability allows unauthorized access to the sensitive settings exposed by `/api/v1/settings` endpoint without authentication.                                                 | [CVE-2024-37152](https://nvd.nist.gov/vuln/detail/CVE-2024-37152) | Awaiting Analysis by NIST |
+To fix all the vulnerabilities impacting your products, we recommends patching your instances to the latest version
+regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and
+workarounds where applicable
+
+<!-- prettier-ignore -->
+| Impacted Product & Version | Vulnerability Type                                           | Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | CVE ID                                                            | CVSS Severity                                          |
+| -------------------------- | ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------ |
+| Palette 4.4.a              | Third-party component: Ubuntu                                | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | [CVE-2024-24790](https://ubuntu.com/security/CVE-2024-24790)      | [9.8](https://ubuntu.com/security/CVE-2024-24790)      |
+| Palette 4.4.a              | Third-party component: Github                                | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | [CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) |
+| Palette 4.4.a              | Third-party component: KRB5                                  | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow) and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."                                                                                                                                                                                                                                                                                                                                            | [CVE-2022-42898](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) |
+| Palette 4.4.a              | Third-party component: CLI Tool runc                         | Runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier due to an internal file descriptor leak an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace allowing for a container escape by giving access to the host file system.                                                                                                                                                                                                                                                                                                                                                                                    | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                    |
+| Palette 4.4.a              | Third-party component: Hashicorp go-getter library           | HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration potentially leading to arbitrary code execution.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6257](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                     | [8.4](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                    |
+| Palette 4.4.a              | Third-party component: OpenSSH Server                        | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                     | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                    |
+| Palette 4.4.a              | Third-party component: Ncurses                               | Ncurses before 6.4 20230408 when used by a setuid application allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | [CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    |
+| Palette 4.4.a              | Third-party component: Unix                                  | On Unix platforms the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases such as when dumping memory state or assuming the status of standard i/o file descriptors.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    |
+| Palette 4.4.a              | Third-party component: Linux Kernel                          | In the Linux kernel the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put() if the ref-counter is the last one (which is true for most cases) the inner map will be freed by ops->map_free() in a kworker. But for now most .map_free() callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    |
+| Palette 4.4.a              | Third-party component: glibc library                         | A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called or called with the ident argument set to NULL and the program name (the basename of argv[0]) is bigger than 1024 bytes resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.                                                                                                                                                                                                                                                                                                                  | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                    |
+| Palette 4.4.a              | Third-party component: GNU C Library                         | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                    |
+| Palette 4.4.a              | Third-party component: Ubuntu                                | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an “Expect: 100-continue” header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | [CVE-2024-24791](https://ubuntu.com/security/CVE-2024-24791)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-24791)                                                    |
+| Palette 4.4.a              | Third-party component: OpenSSL                               | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                     | CVE-2022-4450                                                     | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0 the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                        | CVE-2023-47108                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: glibc library                         | An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes leading to an incorrect calculation of the buffer size to store the message resulting in an application crash. This issue affects glibc 2.37 and newer.                                                                                                                                                                                                                                                                                                                                               | CVE-2023-6779                                                     | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Certifi                               | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.                                                                                                                                                                                                                                                                                                                                 | CVE-2023-37920                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | CVE-2023-45142                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: OpenSSL                               | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | CVE-2023-0464                                                     | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Go Project                            | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                | CVE-2023-39325                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Python 3.11 through 3.11.4            | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath() the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier but that filename is no longer rejected in Python 3.11.x.                                                                                                                                                                                                                                                                                                                                                                                          | CVE-2023-41105                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Python                                | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | CVE-2023-24329                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: DNS Protocol                          | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses aka the "KeyTrap" issue. One of the concerns is that when there is a zone with many DNSKEY and RRSIG records the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.                                                                                                                                                                                                                                                                                                                                           | CVE-2023-50387                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: urllib3                               | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | CVE-2021-33503                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: OpenSSL                               | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME CMS and PKCS7 streaming capabilities but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | CVE-2023-0215                                                     | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Go-yaml v2                            | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | CVE-2022-28948                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Go Project                            | Before Go 1.20 the RSA based TLS key exchanges used the math/big library which is not constant time. RSA blinding was applied to prevent timing attacks but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information which in turn could be used to recover session key bits. In Go 1.20 the crypto/tls library switched to a fully constant time RSA implementation which we do not believe exhibits any timing side channels.                                                                                                                                                                                                                                                      | CVE-2023-45287                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: Diffie-Hellman Key Agreement Protocol | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size rather than an observation about numbers that are not public keys.                                                                                                                                                                                                             | CVE-2022-40735                                                    | 7.5                                                    |
+| Palette 4.4.a              | Third-party component: OpenSSL                               | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                              | CVE-2023-0286                                                     | 7.4                                                    |
+| Palette 4.4.a              | Third-party component: Linux Kernel                          | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device` and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | CVE-2023-6270                                                     | 7.0                                                    |

From 8057afb3b6c7812c380a657d9f01e03e09fcd9eb Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Fri, 12 Jul 2024 13:15:24 -0700
Subject: [PATCH 05/19] docs: updated

---
 .../security-bulletins/cve-reports.md         | 60 +++++++++----------
 1 file changed, 30 insertions(+), 30 deletions(-)

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 44680ceaa9..7880722167 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -3,7 +3,7 @@ sidebar_label: "CVE Reports"
 title: "CVE Reports"
 description: "Security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette"
 icon: ""
-hide_table_of_contents: false
+hide_table_of_contents: true
 sidebar_position: 0
 toc_max_heading_level: 2
 tags: ["security", "cve"]
@@ -31,32 +31,32 @@ workarounds where applicable
 <!-- prettier-ignore -->
 | Impacted Product & Version | Vulnerability Type                                           | Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | CVE ID                                                            | CVSS Severity                                          |
 | -------------------------- | ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------ |
-| Palette 4.4.a              | Third-party component: Ubuntu                                | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | [CVE-2024-24790](https://ubuntu.com/security/CVE-2024-24790)      | [9.8](https://ubuntu.com/security/CVE-2024-24790)      |
-| Palette 4.4.a              | Third-party component: Github                                | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | [CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) |
-| Palette 4.4.a              | Third-party component: KRB5                                  | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow) and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."                                                                                                                                                                                                                                                                                                                                            | [CVE-2022-42898](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) |
-| Palette 4.4.a              | Third-party component: CLI Tool runc                         | Runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier due to an internal file descriptor leak an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace allowing for a container escape by giving access to the host file system.                                                                                                                                                                                                                                                                                                                                                                                    | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                    |
-| Palette 4.4.a              | Third-party component: Hashicorp go-getter library           | HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration potentially leading to arbitrary code execution.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6257](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                     | [8.4](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                    |
-| Palette 4.4.a              | Third-party component: OpenSSH Server                        | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                     | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                    |
-| Palette 4.4.a              | Third-party component: Ncurses                               | Ncurses before 6.4 20230408 when used by a setuid application allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | [CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    |
-| Palette 4.4.a              | Third-party component: Unix                                  | On Unix platforms the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases such as when dumping memory state or assuming the status of standard i/o file descriptors.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    |
-| Palette 4.4.a              | Third-party component: Linux Kernel                          | In the Linux kernel the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put() if the ref-counter is the last one (which is true for most cases) the inner map will be freed by ops->map_free() in a kworker. But for now most .map_free() callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    |
-| Palette 4.4.a              | Third-party component: glibc library                         | A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called or called with the ident argument set to NULL and the program name (the basename of argv[0]) is bigger than 1024 bytes resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.                                                                                                                                                                                                                                                                                                                  | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                    |
-| Palette 4.4.a              | Third-party component: GNU C Library                         | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                    |
-| Palette 4.4.a              | Third-party component: Ubuntu                                | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an “Expect: 100-continue” header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | [CVE-2024-24791](https://ubuntu.com/security/CVE-2024-24791)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-24791)                                                    |
-| Palette 4.4.a              | Third-party component: OpenSSL                               | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                     | CVE-2022-4450                                                     | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0 the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                        | CVE-2023-47108                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: glibc library                         | An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes leading to an incorrect calculation of the buffer size to store the message resulting in an application crash. This issue affects glibc 2.37 and newer.                                                                                                                                                                                                                                                                                                                                               | CVE-2023-6779                                                     | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Certifi                               | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.                                                                                                                                                                                                                                                                                                                                 | CVE-2023-37920                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | CVE-2023-45142                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: OpenSSL                               | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | CVE-2023-0464                                                     | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Go Project                            | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                | CVE-2023-39325                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Python 3.11 through 3.11.4            | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath() the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier but that filename is no longer rejected in Python 3.11.x.                                                                                                                                                                                                                                                                                                                                                                                          | CVE-2023-41105                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Python                                | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | CVE-2023-24329                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: DNS Protocol                          | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses aka the "KeyTrap" issue. One of the concerns is that when there is a zone with many DNSKEY and RRSIG records the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.                                                                                                                                                                                                                                                                                                                                           | CVE-2023-50387                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: urllib3                               | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | CVE-2021-33503                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: OpenSSL                               | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME CMS and PKCS7 streaming capabilities but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | CVE-2023-0215                                                     | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Go-yaml v2                            | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | CVE-2022-28948                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Go Project                            | Before Go 1.20 the RSA based TLS key exchanges used the math/big library which is not constant time. RSA blinding was applied to prevent timing attacks but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information which in turn could be used to recover session key bits. In Go 1.20 the crypto/tls library switched to a fully constant time RSA implementation which we do not believe exhibits any timing side channels.                                                                                                                                                                                                                                                      | CVE-2023-45287                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: Diffie-Hellman Key Agreement Protocol | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size rather than an observation about numbers that are not public keys.                                                                                                                                                                                                             | CVE-2022-40735                                                    | 7.5                                                    |
-| Palette 4.4.a              | Third-party component: OpenSSL                               | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                              | CVE-2023-0286                                                     | 7.4                                                    |
-| Palette 4.4.a              | Third-party component: Linux Kernel                          | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The aoecmd_cfg_pkts() function improperly updates the refcnt on `struct net_device` and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | CVE-2023-6270                                                     | 7.0                                                    |
+| Palette 4.4.8              | Third-party component: Ubuntu                                | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | [CVE-2024-24790](https://ubuntu.com/security/CVE-2024-24790)      | [9.8](https://ubuntu.com/security/CVE-2024-24790)      |
+| Palette 4.4.8              | Third-party component: Github                                | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | [CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) |
+| Palette 4.4.8              | Third-party component: KRB5                                  | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow) and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."                                                                                                                                                                                                                                                                                                                                            | [CVE-2022-42898](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) |
+| Palette 4.4.8              | Third-party component: CLI Tool runc                         | Runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier due to an internal file descriptor leak an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace allowing for a container escape by giving access to the host file system.                                                                                                                                                                                                                                                                                                                                                                                    | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                    |
+| Palette 4.4.8              | Third-party component: Hashicorp go-getter library           | HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration potentially leading to arbitrary code execution.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6257](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                     | [8.4](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                    |
+| Palette 4.4.8              | Third-party component: OpenSSH Server                        | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                     | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                    |
+| Palette 4.4.8              | Third-party component: Ncurses                               | Ncurses before 6.4 20230408 when used by a setuid application allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | [CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    |
+| Palette 4.4.8              | Third-party component: Unix                                  | On Unix platforms the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases such as when dumping memory state or assuming the status of standard i/o file descriptors.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    |
+| Palette 4.4.8              | Third-party component: Linux Kernel                          | In the Linux kernel the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put() if the ref-counter is the last one (which is true for most cases) the inner map will be freed by ops->map_free() in a kworker. But for now most .map_free() callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    |
+| Palette 4.4.8              | Third-party component: glibc library                         | A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called or called with the ident argument set to NULL and the program name (the basename of argv[0]) is bigger than 1024 bytes resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.                                                                                                                                                                                                                                                                                                                  | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                    |
+| Palette 4.4.8              | Third-party component: GNU C Library                         | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                    |
+| Palette 4.4.8              | Third-party component: Ubuntu                                | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an “Expect: 100-continue” header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | [CVE-2024-24791](https://ubuntu.com/security/CVE-2024-24791)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-24791)                                                    |
+| Palette 4.4.8              | Third-party component: OpenSSL                               | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                     | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                   |
+| Palette 4.4.8              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0 the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                        | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                   |
+| Palette 4.4.8              | Third-party component: glibc library                         | An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes leading to an incorrect calculation of the buffer size to store the message resulting in an application crash. This issue affects glibc 2.37 and newer.                                                                                                                                                                                                                                                                                                                                               | [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                    |
+| Palette 4.4.8              | Third-party component: Certifi                               | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.                                                                                                                                                                                                                                                                                                                                 | [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-37920)                                                    |
+| Palette 4.4.8              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | [CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                                    |
+| Palette 4.4.8              | Third-party component: OpenSSL                               | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                                    |
+| Palette 4.4.8              | Third-party component: Go Project                            | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                                    |
+| Palette 4.4.8              | Third-party component: Python 3.11 through 3.11.4            | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath() the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier but that filename is no longer rejected in Python 3.11.x.                                                                                                                                                                                                                                                                                                                                                                                          | [CVE-2023-41105](https://nvd.nist.gov/vuln/detail/CVE-2023-41105)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-41105)                                                    |
+| Palette 4.4.8              | Third-party component: Python                                | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24329)                                                   |
+| Palette 4.4.8              | Third-party component: DNS Protocol                          | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses aka the "KeyTrap" issue. One of the concerns is that when there is a zone with many DNSKEY and RRSIG records the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.                                                                                                                                                                                                                                                                                                                                           | [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-50387)                                                   |
+| Palette 4.4.8              | Third-party component: urllib3                               | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | [CVE-2021-33503](https://nvd.nist.gov/vuln/detail/CVE-2021-33503)                                                   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-33503)                                                    |
+| Palette 4.4.8              | Third-party component: OpenSSL                               | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME CMS and PKCS7 streaming capabilities but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                                    |
+| Palette 4.4.8              | Third-party component: Go-yaml v2                            | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | [CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-28948)                                                    |
+| Palette 4.4.8              | Third-party component: Go Project                            | Before Go 1.20 the RSA based TLS key exchanges used the math/big library which is not constant time. RSA blinding was applied to prevent timing attacks but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information which in turn could be used to recover session key bits. In Go 1.20 the crypto/tls library switched to a fully constant time RSA implementation which we do not believe exhibits any timing side channels.                                                                                                                                                                                                                                                      | [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287)                                                    |
+| Palette 4.4.8              | Third-party component: Diffie-Hellman Key Agreement Protocol | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size rather than an observation about numbers that are not public keys.                                                                                                                                                                                                             | [CVE-2022-40735](https://nvd.nist.gov/vuln/detail/CVE-2022-40735)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-40735)                                                    |
+| Palette 4.4.8              | Third-party component: OpenSSL                               | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                              | [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                                     | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                                    |
+| Palette 4.4.8              | Third-party component: Linux Kernel                          | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The `aoecmd_cfg_pkts()` function improperly updates the refcnt on `struct net_device` and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-6270](https://nvd.nist.gov/vuln/detail/CVE-2023-6270)                                                     | [7.0](https://nvd.nist.gov/vuln/detail/CVE-2023-6270)                                                    |

From 726634d8c0ebe42129eb41c2523aaa3f1eabbff5 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Fri, 12 Jul 2024 13:23:36 -0700
Subject: [PATCH 06/19] chore: updated

---
 docs/docs-content/security-bulletins/cve-reports.md | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 7880722167..b85e30c8cd 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -38,12 +38,12 @@ workarounds where applicable
 | Palette 4.4.8              | Third-party component: Hashicorp go-getter library           | HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration potentially leading to arbitrary code execution.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6257](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                     | [8.4](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                    |
 | Palette 4.4.8              | Third-party component: OpenSSH Server                        | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                     | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                    |
 | Palette 4.4.8              | Third-party component: Ncurses                               | Ncurses before 6.4 20230408 when used by a setuid application allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | [CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    |
-| Palette 4.4.8              | Third-party component: Unix                                  | On Unix platforms the Go runtime does not behave differently when a binary is run with the setuid/setgid bits. This can be dangerous in certain cases such as when dumping memory state or assuming the status of standard i/o file descriptors.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    |
-| Palette 4.4.8              | Third-party component: Linux Kernel                          | In the Linux kernel the following vulnerability has been resolved: bpf: Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However bpf_map_fd_put_ptr() decreases the ref-counter of the inner map directly through bpf_map_put() if the ref-counter is the last one (which is true for most cases) the inner map will be freed by ops->map_free() in a kworker. But for now most .map_free() callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    |
+| Palette 4.4.8              | Third-party component: Unix                                  | On Unix platforms the Go runtime does not behave differently when a binary is started with the setuid/setgid bits. This can be dangerous in certain cases such as when dumping memory state or assuming the status of standard i/o file descriptors.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    |
+| Palette 4.4.8              | Third-party component: Linux Kernel                          | In the Linux kernel the following vulnerability has been resolved: `bpf:` Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However `bpf_map_fd_put_ptr()` decreases the ref-counter of the inner map directly through `bpf_map_put()` if the ref-counter is the last one (which is true for most cases) the inner map will be freed by `ops->map_free()` in a kworker. But for now most `.map_free()` callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    |
 | Palette 4.4.8              | Third-party component: glibc library                         | A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called or called with the ident argument set to NULL and the program name (the basename of argv[0]) is bigger than 1024 bytes resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.                                                                                                                                                                                                                                                                                                                  | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                    |
 | Palette 4.4.8              | Third-party component: GNU C Library                         | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                    |
 | Palette 4.4.8              | Third-party component: Ubuntu                                | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an “Expect: 100-continue” header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | [CVE-2024-24791](https://ubuntu.com/security/CVE-2024-24791)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-24791)                                                    |
-| Palette 4.4.8              | Third-party component: OpenSSL                               | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                     | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                   |
+| Palette 4.4.8              | Third-party component: OpenSSL                               | The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()` will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                     | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                   |
 | Palette 4.4.8              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0 the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                        | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                   |
 | Palette 4.4.8              | Third-party component: glibc library                         | An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes leading to an incorrect calculation of the buffer size to store the message resulting in an application crash. This issue affects glibc 2.37 and newer.                                                                                                                                                                                                                                                                                                                                               | [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                    |
 | Palette 4.4.8              | Third-party component: Certifi                               | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.                                                                                                                                                                                                                                                                                                                                 | [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-37920)                                                    |

From 0898a210d6a6a56a8f0e07cebf8de74b7354a607 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 08:48:18 -0700
Subject: [PATCH 07/19] docs: updated

---
 .gitignore                                          | 3 +++
 docs/docs-content/security-bulletins/cve-reports.md | 6 ++++--
 2 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/.gitignore b/.gitignore
index 41bd8081b1..276028fd8f 100644
--- a/.gitignore
+++ b/.gitignore
@@ -70,6 +70,9 @@ artifact.zip
 # Ignore _partials/index.ts
 _partials/index.ts
 
+# Ignore statoc/img/packs
+static/img/packs
+
 
 .vale-config/
 vale/styles/spectrocloud/
diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index b85e30c8cd..1a933d8477 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -28,10 +28,12 @@ To fix all the vulnerabilities impacting your products, we recommends patching y
 regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and
 workarounds where applicable
 
-<!-- prettier-ignore -->
+<!-- prettier-ignore-start -->
 | Impacted Product & Version | Vulnerability Type                                           | Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | CVE ID                                                            | CVSS Severity                                          |
 | -------------------------- | ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------ |
+| Palette 4.4.8 | Third-party component: PyYAML library through v5.4 |   A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. | [CVE-2020-14343](https://nvd.nist.gov/vuln/detail/CVE-2020-14343) | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2020-14343) | 
 | Palette 4.4.8              | Third-party component: Ubuntu                                | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | [CVE-2024-24790](https://ubuntu.com/security/CVE-2024-24790)      | [9.8](https://ubuntu.com/security/CVE-2024-24790)      |
+| Palette 4.4.8 | Third-party component: Certif | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. | [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) |
 | Palette 4.4.8              | Third-party component: Github                                | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | [CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) |
 | Palette 4.4.8              | Third-party component: KRB5                                  | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow) and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."                                                                                                                                                                                                                                                                                                                                            | [CVE-2022-42898](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) |
 | Palette 4.4.8              | Third-party component: CLI Tool runc                         | Runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier due to an internal file descriptor leak an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace allowing for a container escape by giving access to the host file system.                                                                                                                                                                                                                                                                                                                                                                                    | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                    |
@@ -42,7 +44,6 @@ workarounds where applicable
 | Palette 4.4.8              | Third-party component: Linux Kernel                          | In the Linux kernel the following vulnerability has been resolved: `bpf:` Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However `bpf_map_fd_put_ptr()` decreases the ref-counter of the inner map directly through `bpf_map_put()` if the ref-counter is the last one (which is true for most cases) the inner map will be freed by `ops->map_free()` in a kworker. But for now most `.map_free()` callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    |
 | Palette 4.4.8              | Third-party component: glibc library                         | A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called or called with the ident argument set to NULL and the program name (the basename of argv[0]) is bigger than 1024 bytes resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.                                                                                                                                                                                                                                                                                                                  | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                    |
 | Palette 4.4.8              | Third-party component: GNU C Library                         | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                    |
-| Palette 4.4.8              | Third-party component: Ubuntu                                | The net/http HTTP/1.1 client mishandled the case where a server responds to a request with an “Expect: 100-continue” header with a non-informational (200 or higher) status. This mishandling could leave a client connection in an invalid state                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | [CVE-2024-24791](https://ubuntu.com/security/CVE-2024-24791)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2024-24791)                                                    |
 | Palette 4.4.8              | Third-party component: OpenSSL                               | The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()` will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                     | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                   |
 | Palette 4.4.8              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0 the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                        | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                   |
 | Palette 4.4.8              | Third-party component: glibc library                         | An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes leading to an incorrect calculation of the buffer size to store the message resulting in an application crash. This issue affects glibc 2.37 and newer.                                                                                                                                                                                                                                                                                                                                               | [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                    |
@@ -60,3 +61,4 @@ workarounds where applicable
 | Palette 4.4.8              | Third-party component: Diffie-Hellman Key Agreement Protocol | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size rather than an observation about numbers that are not public keys.                                                                                                                                                                                                             | [CVE-2022-40735](https://nvd.nist.gov/vuln/detail/CVE-2022-40735)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-40735)                                                    |
 | Palette 4.4.8              | Third-party component: OpenSSL                               | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                              | [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                                     | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                                    |
 | Palette 4.4.8              | Third-party component: Linux Kernel                          | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The `aoecmd_cfg_pkts()` function improperly updates the refcnt on `struct net_device` and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-6270](https://nvd.nist.gov/vuln/detail/CVE-2023-6270)                                                     | [7.0](https://nvd.nist.gov/vuln/detail/CVE-2023-6270)                                                    |
+<!-- prettier-ignore-end -->

From 55849a60e5cd88b1cde091214c8c954ea9c7c2ec Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 14:10:38 -0700
Subject: [PATCH 08/19] docs: updates

---
 .../security-bulletins/cve-reports.md         | 41 ++++---------------
 .../life-cycle/cve-2024-21626.md              |  9 ++++
 .../life-cycle/life-cycle.md                  | 10 +++++
 3 files changed, 28 insertions(+), 32 deletions(-)
 create mode 100644 docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md
 create mode 100644 docs/docs-content/security-bulletins/life-cycle/life-cycle.md

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 1a933d8477..2d584559d2 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -29,36 +29,13 @@ regarding any third-party components. For vulnerabilities originating in our pro
 workarounds where applicable
 
 <!-- prettier-ignore-start -->
-| Impacted Product & Version | Vulnerability Type                                           | Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | CVE ID                                                            | CVSS Severity                                          |
-| -------------------------- | ------------------------------------------------------------ | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------- | ------------------------------------------------------ |
-| Palette 4.4.8 | Third-party component: PyYAML library through v5.4 |   A vulnerability was discovered in the PyYAML library in versions before 5.4, where it is susceptible to arbitrary code execution when it processes untrusted YAML files through the full_load method or with the FullLoader loader. Applications that use the library to process untrusted input may be vulnerable to this flaw. | [CVE-2020-14343](https://nvd.nist.gov/vuln/detail/CVE-2020-14343) | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2020-14343) | 
-| Palette 4.4.8              | Third-party component: Ubuntu                                | The various Is methods (IsPrivate, IsLoopback, etc) did not work as expected for IPv4-mapped IPv6 addresses, returning false for addresses which would return true in their traditional IPv4 forms.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | [CVE-2024-24790](https://ubuntu.com/security/CVE-2024-24790)      | [9.8](https://ubuntu.com/security/CVE-2024-24790)      |
-| Palette 4.4.8 | Third-party component: Certif | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store. | [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2023-37920) |
-| Palette 4.4.8              | Third-party component: Github                                | Git is a revision control system. Prior to versions 2.45.1, 2.44.1, 2.43.4, 2.42.2, 2.41.1, 2.40.2, and 2.39.4, repositories with submodules can be crafted in a way that exploits a bug in Git whereby it can be fooled into writing files not into the submodule's worktree but into a `.git/` directory.                                                                                                                                                                                                                                                                                                                                                                                                                                                                 | [CVE-2024-32002](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) | [9.0](https://nvd.nist.gov/vuln/detail/CVE-2024-32002) |
-| Palette 4.4.8              | Third-party component: KRB5                                  | PAC parsing in MIT Kerberos 5 (aka krb5) before 1.19.4 and 1.20.x before 1.20.1 has integer overflows that may lead to remote code execution (in KDC, kadmind, or a GSS or Kerberos application server) on 32-bit platforms (which have a resultant heap-based buffer overflow) and cause a denial of service on other platforms. This occurs in krb5_pac_parse in lib/krb5/krb/pac.c. Heimdal before 7.7.1 has "a similar bug."                                                                                                                                                                                                                                                                                                                                            | [CVE-2022-42898](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2022-42898) |
-| Palette 4.4.8              | Third-party component: CLI Tool runc                         | Runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier due to an internal file descriptor leak an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace allowing for a container escape by giving access to the host file system.                                                                                                                                                                                                                                                                                                                                                                                    | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                    |
-| Palette 4.4.8              | Third-party component: Hashicorp go-getter library           | HashiCorp’s go-getter library can be coerced into executing Git update on an existing maliciously modified Git Configuration potentially leading to arbitrary code execution.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6257](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                     | [8.4](https://nvd.nist.gov/vuln/detail/CVE-2024-6257)                                                    |
-| Palette 4.4.8              | Third-party component: OpenSSH Server                        | A security regression (CVE-2006-5051) was discovered in OpenSSH's server (sshd). There is a race condition which can lead to sshd to handle some signals in an unsafe manner.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               | [CVE-2024-6387](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                     | [8.1](https://nvd.nist.gov/vuln/detail/CVE-2024-6387)                                                    |
-| Palette 4.4.8              | Third-party component: Ncurses                               | Ncurses before 6.4 20230408 when used by a setuid application allows local users to trigger security-relevant memory corruption via malformed data in a terminfo database file that is found in $HOME/.terminfo or reached via the TERMINFO or TERM environment variable.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                   | [CVE-2023-29491](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29491)                                                    |
-| Palette 4.4.8              | Third-party component: Unix                                  | On Unix platforms the Go runtime does not behave differently when a binary is started with the setuid/setgid bits. This can be dangerous in certain cases such as when dumping memory state or assuming the status of standard i/o file descriptors.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-29403](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-29403)                                                    |
-| Palette 4.4.8              | Third-party component: Linux Kernel                          | In the Linux kernel the following vulnerability has been resolved: `bpf:` Defer the free of inner map when necessary When updating or deleting an inner map in map array or map htab the map may still be accessed by non-sleepable program or sleepable program. However `bpf_map_fd_put_ptr()` decreases the ref-counter of the inner map directly through `bpf_map_put()` if the ref-counter is the last one (which is true for most cases) the inner map will be freed by `ops->map_free()` in a kworker. But for now most `.map_free()` callbacks don't use synchronize_rcu() or its variants to wait for the elapse of a RCU grace period so after the invocation of ops->map_free completes the bpf program which is accessing the inner map may incur use-after-free problem. | [CVE-2023-52447](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-52447)                                                    |
-| Palette 4.4.8              | Third-party component: glibc library                         | A heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when the openlog function was not called or called with the ident argument set to NULL and the program name (the basename of argv[0]) is bigger than 1024 bytes resulting in an application crash or local privilege escalation. This issue affects glibc 2.36 and newer.                                                                                                                                                                                                                                                                                                                  | [CVE-2023-6246](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-6246)                                                    |
-| Palette 4.4.8              | Third-party component: GNU C Library                         | A buffer overflow was discovered in the GNU C Library's dynamic loader ld.so while processing the GLIBC_TUNABLES environment variable                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-4911](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                     | [7.8](https://nvd.nist.gov/vuln/detail/CVE-2023-4911)                                                    |
-| Palette 4.4.8              | Third-party component: OpenSSL                               | The function `PEM_read_bio_ex()` reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE") any header data and the payload data. If the function succeeds then the "name_out" "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case `PEM_read_bio_ex()` will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                     | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                                   |
-| Palette 4.4.8              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0 the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                        | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                                   |
-| Palette 4.4.8              | Third-party component: glibc library                         | An off-by-one heap-based buffer overflow was found in the \_\_vsyslog_internal function of the glibc library. This function is called by the syslog and vsyslog functions. This issue occurs when these functions are called with a message bigger than INT_MAX bytes leading to an incorrect calculation of the buffer size to store the message resulting in an application crash. This issue affects glibc 2.37 and newer.                                                                                                                                                                                                                                                                                                                                               | [CVE-2023-6779](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-6779)                                                    |
-| Palette 4.4.8              | Third-party component: Certifi                               | Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi prior to version 2023.07.22 recognizes "e-Tugra" root certificates. e-Tugra's root certificates were subject to an investigation prompted by reporting of security issues in their systems. Certifi 2023.07.22 removes root certificates from "e-Tugra" from the root store.                                                                                                                                                                                                                                                                                                                                 | [CVE-2023-37920](https://nvd.nist.gov/vuln/detail/CVE-2023-37920)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-37920)                                                    |
-| Palette 4.4.8              | Third-party component: Open-telemetry-Go                     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                    | [CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                                    |
-| Palette 4.4.8              | Third-party component: OpenSSL                               | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                                    |
-| Palette 4.4.8              | Third-party component: Go Project                            | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                                    |
-| Palette 4.4.8              | Third-party component: Python 3.11 through 3.11.4            | An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath() the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier but that filename is no longer rejected in Python 3.11.x.                                                                                                                                                                                                                                                                                                                                                                                          | [CVE-2023-41105](https://nvd.nist.gov/vuln/detail/CVE-2023-41105)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-41105)                                                    |
-| Palette 4.4.8              | Third-party component: Python                                | An issue in the urllib.parse component of Python before 3.11.4 allows attackers to bypass blocklisting methods by supplying a URL that starts with blank characters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | [CVE-2023-24329](https://nvd.nist.gov/vuln/detail/CVE-2023-24329)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-24329)                                                   |
-| Palette 4.4.8              | Third-party component: DNS Protocol                          | Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses aka the "KeyTrap" issue. One of the concerns is that when there is a zone with many DNSKEY and RRSIG records the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.                                                                                                                                                                                                                                                                                                                                           | [CVE-2023-50387](https://nvd.nist.gov/vuln/detail/CVE-2023-50387)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-50387)                                                   |
-| Palette 4.4.8              | Third-party component: urllib3                               | An issue was discovered in urllib3 before 1.26.5. When provided with a URL containing many @ characters in the authority component the authority regular expression exhibits catastrophic backtracking.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | [CVE-2021-33503](https://nvd.nist.gov/vuln/detail/CVE-2021-33503)                                                   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2021-33503)                                                    |
-| Palette 4.4.8              | Third-party component: OpenSSL                               | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME CMS and PKCS7 streaming capabilities but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                                     | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                                    |
-| Palette 4.4.8              | Third-party component: Go-yaml v2                            | An issue in the Unmarshal function in Go-Yaml v3 causes the program to crash when attempting to deserialize invalid input.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  | [CVE-2022-28948](https://nvd.nist.gov/vuln/detail/CVE-2022-28948)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-28948)                                                    |
-| Palette 4.4.8              | Third-party component: Go Project                            | Before Go 1.20 the RSA based TLS key exchanges used the math/big library which is not constant time. RSA blinding was applied to prevent timing attacks but analysis shows this may not have been fully effective. In particular it appears as if the removal of PKCS#1 padding may leak timing information which in turn could be used to recover session key bits. In Go 1.20 the crypto/tls library switched to a fully constant time RSA implementation which we do not believe exhibits any timing side channels.                                                                                                                                                                                                                                                      | [CVE-2023-45287](https://nvd.nist.gov/vuln/detail/CVE-2023-45287)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45287)                                                    |
-| Palette 4.4.8              | Third-party component: Diffie-Hellman Key Agreement Protocol | The Diffie-Hellman Key Agreement Protocol allows use of long exponents that arguably make certain calculations unnecessarily expensive because the 1996 van Oorschot and Wiener paper found that "(appropriately) short exponents" can be used when there are adequate subgroup constraints and these short exponents can lead to less expensive calculations than for long exponents. This issue is different from CVE-2002-20001 because it is based on an observation about exponent size rather than an observation about numbers that are not public keys.                                                                                                                                                                                                             | [CVE-2022-40735](https://nvd.nist.gov/vuln/detail/CVE-2022-40735)                                                    | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-40735)                                                    |
-| Palette 4.4.8              | Third-party component: OpenSSL                               | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                              | [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                                     | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                                    |
-| Palette 4.4.8              | Third-party component: Linux Kernel                          | A flaw was found in the ATA over Ethernet (AoE) driver in the Linux kernel. The `aoecmd_cfg_pkts()` function improperly updates the refcnt on `struct net_device` and a use-after-free can be triggered by racing between the free on the struct and the access through the `skbtxq` global queue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                            | [CVE-2023-6270](https://nvd.nist.gov/vuln/detail/CVE-2023-6270)                                                     | [7.0](https://nvd.nist.gov/vuln/detail/CVE-2023-6270)                                                    |
+| Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type                        | Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | CVE ID                                                            | CVSS Severity                                          | Impact                                                                                                                                                                                                   |
+|------------------|---------------|----------------------------|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|--------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+| 2/8/23           | 2/4/24        | Palette 4.4.8              | Third-party component: OpenSSL            | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)  |                                                                                                                                                                                                          |
+| 10/12/23         | 2/18/24       | Palette 4.4.8              | Third-party component: Open-telemetry-Go  | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                  | [CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | CVE exists in k8s version 1.28.11.  For customer workload clusters, workaround is to use k8s version 1.29+ For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                      |
+| 3/22/23          | 6/21/24       | Palette 4.4.8              | Third-party component: OpenSSL            | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)  |                                                                                                                                                                                                          |
+| 10/11/23         | 4/28/24       | Palette 4.4.8              | Third-party component:  Go Project        | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                             | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | CVE exists in coredns that’s being used in k8s 1.28.11.  For customer workload clusters, workaround is to use k8s version 1.29+ For Palette Self Hosted cluster, a future release will upgrade to 1.29+. |
+| 2/28/23          | 6/21/24       | Palette 4.4.8              | Third-party component: OpenSSL            | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)  |                                                                                                                                                                                                          |
+| 11/20/23         | 11/20/23      | Palette 4.4.8              |  Third-party component: Open-telemetry-Go | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                     | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11.  Impacts all vsphere clusters. There is no workaround.                                                                      |
+| 2/8/23           | 2/4/24        | Palette 4.4.8              | Third-party component: OpenSSL            | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                            | [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)   | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)  | This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.                                                        |
 <!-- prettier-ignore-end -->
diff --git a/docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md b/docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md
new file mode 100644
index 0000000000..ebf191f7d9
--- /dev/null
+++ b/docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md
@@ -0,0 +1,9 @@
+---
+sidebar_label: "CVE-2024-21626"
+title: "CVE-2024-21626"
+description: "Lifecycle of CVE-2024-21626"
+hide_table_of_contents: false
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
diff --git a/docs/docs-content/security-bulletins/life-cycle/life-cycle.md b/docs/docs-content/security-bulletins/life-cycle/life-cycle.md
new file mode 100644
index 0000000000..0cceb31070
--- /dev/null
+++ b/docs/docs-content/security-bulletins/life-cycle/life-cycle.md
@@ -0,0 +1,10 @@
+---
+sidebar_label: "CVE Life Cycle Reports"
+title: "CVE Life Cycle Reports"
+description: "Lifecycle of CVE-2024-21626"
+hide_table_of_contents: false
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+unlisted: true
+tags: ["security", "cve"]
+---

From c79f20e1b2d0538e9f8c75cbd267cec0bbc9c476 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 17:16:47 -0700
Subject: [PATCH 09/19] chore: updates

---
 .../security-bulletins/cve-reports.md         | 33 ++++++++++++++-----
 1 file changed, 24 insertions(+), 9 deletions(-)

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 2d584559d2..f0684ffd00 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -29,13 +29,28 @@ regarding any third-party components. For vulnerabilities originating in our pro
 workarounds where applicable
 
 <!-- prettier-ignore-start -->
-| Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type                        | Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     | CVE ID                                                            | CVSS Severity                                          | Impact                                                                                                                                                                                                   |
-|------------------|---------------|----------------------------|-------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------|--------------------------------------------------------|----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-| 2/8/23           | 2/4/24        | Palette 4.4.8              | Third-party component: OpenSSL            | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)  |                                                                                                                                                                                                          |
-| 10/12/23         | 2/18/24       | Palette 4.4.8              | Third-party component: Open-telemetry-Go  | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                  | [CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | CVE exists in k8s version 1.28.11.  For customer workload clusters, workaround is to use k8s version 1.29+ For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                      |
-| 3/22/23          | 6/21/24       | Palette 4.4.8              | Third-party component: OpenSSL            | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                | [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)  |                                                                                                                                                                                                          |
-| 10/11/23         | 4/28/24       | Palette 4.4.8              | Third-party component:  Go Project        | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                             | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | CVE exists in coredns that’s being used in k8s 1.28.11.  For customer workload clusters, workaround is to use k8s version 1.29+ For Palette Self Hosted cluster, a future release will upgrade to 1.29+. |
-| 2/28/23          | 6/21/24       | Palette 4.4.8              | Third-party component: OpenSSL            | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                       | [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)   | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)  |                                                                                                                                                                                                          |
-| 11/20/23         | 11/20/23      | Palette 4.4.8              |  Third-party component: Open-telemetry-Go | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                     | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11.  Impacts all vsphere clusters. There is no workaround.                                                                      |
-| 2/8/23           | 2/4/24        | Palette 4.4.8              | Third-party component: OpenSSL            | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                            | [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)   | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)  | This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.                                                        |
+
+|Initial Pub Date                                                                                                                                                       |Modified Date|Impacted Product & Version|Vulnerability Type                      |Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |CVE ID                                                                    |CVSS Severity                                                                             |Official Summary                                                                                                                                                                                                                                                   |
+|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|--------------------------|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+|1/32/24                                                                                                                                                                |2/18/24      |                          |Third-party component: kube-proxy       |runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)         |8.6                                                                                       |CVE exists in kube-proxy 1.28.11.  Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                               |
+|2/28/23                                                                                                                                                                |11/25/23     |                          |Third-party component: CoreDNS          |A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)         |7.5                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11.  Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
+|10/25/23                                                                                                                                                               |10/25/23     |                          |Third-party component: CoreDNS          |The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |[GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g)  |7.5                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
+|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.a             |Third-party component: OpenSSL          |The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2022-4450                                             |
+|10/12/23                                                                                                                                                               |2/18/24      |Palette 4.4.a             |Third-party component: Open-telemetry-Go|OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels \`http.user_agent\` and \`http.method\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                    |CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                                                |
+|3/22/23                                                                                                                                                                |6/21/24      |Palette 4.4.a             |Third-party component: OpenSSL          |A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0464                                            |
+|10/11/23                                                                                                                                                               |4/28/24      |Palette 4.4.a             |Third-party component:   Go project              |A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                    |CVE exists in coredns that’s being used in k8s 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                           |
+|2/28/23                                                                                                                                                                |6/21/24      |Palette 4.4.a             |Third-party component: OpenSSL          |The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |[CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0215|
+|11/20/23                                                                                                                                                               |11/20/23     |Palette 4.4.a             |Third-party component:      Open-telemetry-Go            |OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels \`net.peer.sock.addr\` and \`net.peer.sock.port\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                    |CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround.                                                                                                                                 |
+|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.a             |Third-party component: OpenSSL          |There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)           |[7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                     |This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.                                                                                                                  |
+|12/8/20                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).|[CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971)           |5.9                                                                                       |[This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2020-1971](https://ubuntu.com/security/CVE-2020-1971)|
+|3/25/21                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |[CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449)           |5.9                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3449                                             |
+|8/24/12                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)           |9.8                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3711                                             |
+|3/15/22                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)           |7.5                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. See https://ubuntu.com/security/CVE-2023-0286                                                 |
+|1/31/22                                                                                                                                                                |11/6/23      |                          |Third-party component: Ubuntu           |In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)         |9.1                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: https://ubuntu.com/security/CVE-2021-45079|
+|11/14/23                                                                                                                                                               |1/19/24      |                          |Third-party component: VSphere-CSI      |A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)           |8.8                                                                                       |CVE reported in vsphere-csi 3.2.0. Govulncheck shows it is non-impacting.                                                                                                                                                                                          |
+|10/10/23                                                                                                                                                               |6/27/24      |                          |Third-party component: CAPI             |The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)         |7.5                                                                                       |CVE reported in coredns and kube-vip. Govulncheck shows it is non-impacting.                                                                 
+|6/21/23                                                                                                                                                                |11/6/24      |                          |Third-party component: CAPI             |Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)         |7.5                                                                                       |CVE reported in virtual cluster capi provider. Govulncheck shows it is non-impacting.                                                                                                                                                                              |
+|1/23/17                                                                                                                                                                |1/26/12      |                          |Third-party component: CAPI             |The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)           |7.5                                                                                       |This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.                                                                                                                                  |
+|9/12/23                                                                                                                                                                |9/12/23      |                          |Third-party component: VSphere-CSI      |github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604)| | CVE reported in vsphere-csi 3.2.0, and k8s 1.28.11. Govulncheck shows it is non-impacting.|
+
 <!-- prettier-ignore-end -->

From 3fe4dcdd9c69a316b2361c1f23e7df9a2a42476f Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 17:22:04 -0700
Subject: [PATCH 10/19] chore: fix

---
 .../security-bulletins/cve-reports.md         | 34 +++++++++----------
 1 file changed, 17 insertions(+), 17 deletions(-)

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index f0684ffd00..3b05fe9b45 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -32,25 +32,25 @@ workarounds where applicable
 
 |Initial Pub Date                                                                                                                                                       |Modified Date|Impacted Product & Version|Vulnerability Type                      |Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |CVE ID                                                                    |CVSS Severity                                                                             |Official Summary                                                                                                                                                                                                                                                   |
 |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|--------------------------|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
-|1/32/24                                                                                                                                                                |2/18/24      |                          |Third-party component: kube-proxy       |runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)         |8.6                                                                                       |CVE exists in kube-proxy 1.28.11.  Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                               |
-|2/28/23                                                                                                                                                                |11/25/23     |                          |Third-party component: CoreDNS          |A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)         |7.5                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11.  Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
+|1/32/24                                                                                                                                                                |2/18/24      |                          |Third-party component: kube-proxy       |runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)         |[8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                                                       |CVE exists in kube-proxy 1.28.11.  Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                               |
+|2/28/23                                                                                                                                                                |11/25/23     |                          |Third-party component: CoreDNS          |A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11.  Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
 |10/25/23                                                                                                                                                               |10/25/23     |                          |Third-party component: CoreDNS          |The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |[GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g)  |7.5                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
-|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.a             |Third-party component: OpenSSL          |The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2022-4450                                             |
-|10/12/23                                                                                                                                                               |2/18/24      |Palette 4.4.a             |Third-party component: Open-telemetry-Go|OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels \`http.user_agent\` and \`http.method\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                    |CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                                                |
-|3/22/23                                                                                                                                                                |6/21/24      |Palette 4.4.a             |Third-party component: OpenSSL          |A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0464                                            |
-|10/11/23                                                                                                                                                               |4/28/24      |Palette 4.4.a             |Third-party component:   Go project              |A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                    |CVE exists in coredns that’s being used in k8s 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                           |
-|2/28/23                                                                                                                                                                |6/21/24      |Palette 4.4.a             |Third-party component: OpenSSL          |The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |[CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0215|
-|11/20/23                                                                                                                                                               |11/20/23     |Palette 4.4.a             |Third-party component:      Open-telemetry-Go            |OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels \`net.peer.sock.addr\` and \`net.peer.sock.port\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                    |CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround.                                                                                                                                 |
-|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.a             |Third-party component: OpenSSL          |There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)           |[7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                     |This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.                                                                                                                  |
-|12/8/20                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).|[CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971)           |5.9                                                                                       |[This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2020-1971](https://ubuntu.com/security/CVE-2020-1971)|
-|3/25/21                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |[CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449)           |5.9                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3449                                             |
-|8/24/12                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)           |9.8                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3711                                             |
-|3/15/22                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)           |7.5                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. See https://ubuntu.com/security/CVE-2023-0286                                                 |
-|1/31/22                                                                                                                                                                |11/6/23      |                          |Third-party component: Ubuntu           |In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)         |9.1                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: https://ubuntu.com/security/CVE-2021-45079|
+|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.8             |Third-party component: OpenSSL          |The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2022-4450                                             |
+|10/12/23                                                                                                                                                               |2/18/24      |Palette 4.4.8             |Third-party component: Open-telemetry-Go|OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels \`http.user_agent\` and \`http.method\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                    |CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                                                |
+|3/22/23                                                                                                                                                                |6/21/24      |Palette 4.4.8             |Third-party component: OpenSSL          |A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0464                                            |
+|10/11/23                                                                                                                                                               |4/28/24      |Palette 4.4.8             |Third-party component:   Go project              |A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                    |CVE exists in coredns that’s being used in k8s 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                           |
+|2/28/23                                                                                                                                                                |6/21/24      |Palette 4.4.8             |Third-party component: OpenSSL          |The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |[CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0215|
+|11/20/23                                                                                                                                                               |11/20/23     |Palette 4.4.8             |Third-party component:      Open-telemetry-Go            |OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels \`net.peer.sock.addr\` and \`net.peer.sock.port\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                    |CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround.                                                                                                                                 |
+|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.8             |Third-party component: OpenSSL          |There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)           |[7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                     |This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.                                                                                                                  |
+|12/8/20                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).|[CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971)           |[5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971)                                                                                       |[This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2020-1971](https://ubuntu.com/security/CVE-2020-1971)|
+|3/25/21                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |[CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449)           |[5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3449                                             |
+|8/24/12                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)           |[9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3711                                             |
+|3/15/22                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. See https://ubuntu.com/security/CVE-2023-0286                                                 |
+|1/31/22                                                                                                                                                                |11/6/23      |                          |Third-party component: Ubuntu           |In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)         |[9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: https://ubuntu.com/security/CVE-2021-45079|
 |11/14/23                                                                                                                                                               |1/19/24      |                          |Third-party component: VSphere-CSI      |A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)           |8.8                                                                                       |CVE reported in vsphere-csi 3.2.0. Govulncheck shows it is non-impacting.                                                                                                                                                                                          |
-|10/10/23                                                                                                                                                               |6/27/24      |                          |Third-party component: CAPI             |The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)         |7.5                                                                                       |CVE reported in coredns and kube-vip. Govulncheck shows it is non-impacting.                                                                 
-|6/21/23                                                                                                                                                                |11/6/24      |                          |Third-party component: CAPI             |Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)         |7.5                                                                                       |CVE reported in virtual cluster capi provider. Govulncheck shows it is non-impacting.                                                                                                                                                                              |
-|1/23/17                                                                                                                                                                |1/26/12      |                          |Third-party component: CAPI             |The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)           |7.5                                                                                       |This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.                                                                                                                                  |
+|10/10/23                                                                                                                                                               |6/27/24      |                          |Third-party component: CAPI             |The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)                                                                                       |CVE reported in coredns and kube-vip. Govulncheck shows it is non-impacting.                                                                 
+|6/21/23                                                                                                                                                                |11/6/24      |                          |Third-party component: CAPI             |Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)                                                                                      |CVE reported in virtual cluster capi provider. Govulncheck shows it is non-impacting.                                                                                                                                                                              |
+|1/23/17                                                                                                                                                                |1/26/12      |                          |Third-party component: CAPI             |The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)                                                                                       |This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.                                                                                                                                  |
 |9/12/23                                                                                                                                                                |9/12/23      |                          |Third-party component: VSphere-CSI      |github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604)| | CVE reported in vsphere-csi 3.2.0, and k8s 1.28.11. Govulncheck shows it is non-impacting.|
 
 <!-- prettier-ignore-end -->

From 16ead37aa7dd09caa26b54697e3bec6c86557935 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 17:29:11 -0700
Subject: [PATCH 11/19] chore: missing URLs

---
 docs/docs-content/security-bulletins/cve-reports.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 3b05fe9b45..6c8355d2c7 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -1,7 +1,7 @@
 ---
 sidebar_label: "CVE Reports"
 title: "CVE Reports"
-description: "Security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette"
+description: "Security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette and Palette VerteX"
 icon: ""
 hide_table_of_contents: true
 sidebar_position: 0
@@ -11,7 +11,7 @@ tags: ["security", "cve"]
 
 # Security Bulletins
 
-The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette solution and
+The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX solution and
 third-party component vulnerabilities, which we have become aware of. Some of the listed vulnerabilities below have been
 fixed in new versions of our products and released in the last month. These vulnerabilities are discovered via our Bug
 Bounty program, our security monitoring program, or reported to us by our supply chain.
@@ -34,7 +34,7 @@ workarounds where applicable
 |-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|--------------------------|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
 |1/32/24                                                                                                                                                                |2/18/24      |                          |Third-party component: kube-proxy       |runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)         |[8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                                                       |CVE exists in kube-proxy 1.28.11.  Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                               |
 |2/28/23                                                                                                                                                                |11/25/23     |                          |Third-party component: CoreDNS          |A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11.  Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
-|10/25/23                                                                                                                                                               |10/25/23     |                          |Third-party component: CoreDNS          |The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |[GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g)  |7.5                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
+|10/25/23                                                                                                                                                               |10/25/23     |                          |Third-party component: CoreDNS          |The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |[GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g)  |[7.5](https://github.com/advisories/GHSA-m425-mq94-257g)                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
 |2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.8             |Third-party component: OpenSSL          |The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2022-4450                                             |
 |10/12/23                                                                                                                                                               |2/18/24      |Palette 4.4.8             |Third-party component: Open-telemetry-Go|OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels \`http.user_agent\` and \`http.method\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                    |CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                                                |
 |3/22/23                                                                                                                                                                |6/21/24      |Palette 4.4.8             |Third-party component: OpenSSL          |A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0464                                            |
@@ -47,7 +47,7 @@ workarounds where applicable
 |8/24/12                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)           |[9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3711                                             |
 |3/15/22                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. See https://ubuntu.com/security/CVE-2023-0286                                                 |
 |1/31/22                                                                                                                                                                |11/6/23      |                          |Third-party component: Ubuntu           |In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)         |[9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: https://ubuntu.com/security/CVE-2021-45079|
-|11/14/23                                                                                                                                                               |1/19/24      |                          |Third-party component: VSphere-CSI      |A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)           |8.8                                                                                       |CVE reported in vsphere-csi 3.2.0. Govulncheck shows it is non-impacting.                                                                                                                                                                                          |
+|11/14/23                                                                                                                                                               |1/19/24      |                          |Third-party component: VSphere-CSI      |A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)           |[8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)                                                                                       |CVE reported in vsphere-csi 3.2.0. Govulncheck shows it is non-impacting.                                                                                                                                                                                          |
 |10/10/23                                                                                                                                                               |6/27/24      |                          |Third-party component: CAPI             |The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)                                                                                       |CVE reported in coredns and kube-vip. Govulncheck shows it is non-impacting.                                                                 
 |6/21/23                                                                                                                                                                |11/6/24      |                          |Third-party component: CAPI             |Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)                                                                                      |CVE reported in virtual cluster capi provider. Govulncheck shows it is non-impacting.                                                                                                                                                                              |
 |1/23/17                                                                                                                                                                |1/26/12      |                          |Third-party component: CAPI             |The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)                                                                                       |This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.                                                                                                                                  |

From fe3da33baa8bd9a1b9b3d0d7e27a7c2980a1d7de Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 17:43:20 -0700
Subject: [PATCH 12/19] chore: updated prettier to exclude cve-page

---
 .prettierignore                                     | 3 ++-
 docs/docs-content/security-bulletins/cve-reports.md | 8 ++++----
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/.prettierignore b/.prettierignore
index c4f6caeef6..c4e6c2e26d 100644
--- a/.prettierignore
+++ b/.prettierignore
@@ -11,4 +11,5 @@ docs/api-content/**/*.json
 
 # Troublesome files
 tsconfig.json
-src/components/IconMapper/dynamicFontAwesomeImports.js
\ No newline at end of file
+src/components/IconMapper/dynamicFontAwesomeImports.js
+docs/docs-content/security-bulletins/cve-reports.md
\ No newline at end of file
diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index 6c8355d2c7..cf0aadb47a 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -28,10 +28,10 @@ To fix all the vulnerabilities impacting your products, we recommends patching y
 regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and
 workarounds where applicable
 
-<!-- prettier-ignore-start -->
 
-|Initial Pub Date                                                                                                                                                       |Modified Date|Impacted Product & Version|Vulnerability Type                      |Vulnerability Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |CVE ID                                                                    |CVSS Severity                                                                             |Official Summary                                                                                                                                                                                                                                                   |
-|-----------------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|--------------------------|----------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|--------------------------------------------------------------------------|------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
+
+|Initial Pub Date |Modified Date|Impacted Product & Version|Vulnerability Type   |Vulnerability Summary   |CVE ID    |CVSS Severity      |Official Summary     |
+|-----------------|-------------|--------------------------|---------------------|------------------------|----------|-------------------|---------------------|
 |1/32/24                                                                                                                                                                |2/18/24      |                          |Third-party component: kube-proxy       |runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)         |[8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                                                       |CVE exists in kube-proxy 1.28.11.  Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                               |
 |2/28/23                                                                                                                                                                |11/25/23     |                          |Third-party component: CoreDNS          |A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11.  Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
 |10/25/23                                                                                                                                                               |10/25/23     |                          |Third-party component: CoreDNS          |The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |[GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g)  |[7.5](https://github.com/advisories/GHSA-m425-mq94-257g)                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
@@ -53,4 +53,4 @@ workarounds where applicable
 |1/23/17                                                                                                                                                                |1/26/12      |                          |Third-party component: CAPI             |The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)                                                                                       |This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.                                                                                                                                  |
 |9/12/23                                                                                                                                                                |9/12/23      |                          |Third-party component: VSphere-CSI      |github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604)| | CVE reported in vsphere-csi 3.2.0, and k8s 1.28.11. Govulncheck shows it is non-impacting.|
 
-<!-- prettier-ignore-end -->
+

From ff4f981733da535bbc1535374f9bb8ba36a2905f Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 17:49:29 -0700
Subject: [PATCH 13/19] chore: added N/A versus leaving blank

---
 docs/docs-content/security-bulletins/cve-reports.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
index cf0aadb47a..127ecb6a28 100644
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ b/docs/docs-content/security-bulletins/cve-reports.md
@@ -51,6 +51,6 @@ workarounds where applicable
 |10/10/23                                                                                                                                                               |6/27/24      |                          |Third-party component: CAPI             |The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)                                                                                       |CVE reported in coredns and kube-vip. Govulncheck shows it is non-impacting.                                                                 
 |6/21/23                                                                                                                                                                |11/6/24      |                          |Third-party component: CAPI             |Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)                                                                                      |CVE reported in virtual cluster capi provider. Govulncheck shows it is non-impacting.                                                                                                                                                                              |
 |1/23/17                                                                                                                                                                |1/26/12      |                          |Third-party component: CAPI             |The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)                                                                                       |This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.                                                                                                                                  |
-|9/12/23                                                                                                                                                                |9/12/23      |                          |Third-party component: VSphere-CSI      |github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604)| | CVE reported in vsphere-csi 3.2.0, and k8s 1.28.11. Govulncheck shows it is non-impacting.|
+|9/12/23                                                                                                                                                                |9/12/23      |                          |Third-party component: VSphere-CSI      |github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604)| N/A | CVE reported in vsphere-csi 3.2.0, and k8s 1.28.11. Govulncheck shows it is non-impacting.|
 
 

From 512aa5577281c92754ec4d833e2351fdc3ba17e9 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Tue, 16 Jul 2024 19:43:03 -0700
Subject: [PATCH 14/19] docs: updated CVEs

---
 .../api-content/api-docs/edge-v1/emc-api.json |  105 +-
 docs/api-content/api-docs/v1/api.json         | 2181 +++++++++--------
 .../security-bulletins/cve-reports.md         |   56 -
 .../life-cycle/cve-2024-21626.md              |    9 -
 .../life-cycle/life-cycle.md                  |   10 -
 .../reports/cve-2015-8855.md                  |   17 +
 .../reports/cve-2020-1971.md                  |   17 +
 .../reports/cve-2021-3449.md                  |   17 +
 .../reports/cve-2021-3711.md                  |   17 +
 .../reports/cve-2021-45079.md                 |   17 +
 .../reports/cve-2022-0778.md                  |   17 +
 .../reports/cve-2022-25883.md                 |   17 +
 .../reports/cve-2022-41723.md                 |   17 +
 .../reports/cve-2022-4450.md                  |   17 +
 .../reports/cve-2023-0215.md                  |   17 +
 .../reports/cve-2023-0286.md                  |   17 +
 .../reports/cve-2023-0464.md                  |   17 +
 .../reports/cve-2023-39325.md                 |   17 +
 .../reports/cve-2023-44487.md                 |   17 +
 .../reports/cve-2023-45142.md                 |   17 +
 .../reports/cve-2023-47108.md                 |   17 +
 .../reports/cve-2023-5528.md                  |   17 +
 .../reports/cve-2024-21626.md                 |   17 +
 .../reports/ghsa-m425-mq94-257g.md            |   17 +
 .../reports/prisma-2022-0227.md               |   17 +
 .../security-bulletins/reports/reports.md     |   54 +
 .../security-bulletins/security-bulletins.md  |    8 +-
 docs/docs-content/security/security.md        |    2 +-
 redirects.js                                  |    4 +
 29 files changed, 1618 insertions(+), 1151 deletions(-)
 delete mode 100644 docs/docs-content/security-bulletins/cve-reports.md
 delete mode 100644 docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md
 delete mode 100644 docs/docs-content/security-bulletins/life-cycle/life-cycle.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2015-8855.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2020-1971.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2021-3449.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2021-3711.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2021-45079.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-0778.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-25883.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-41723.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2022-4450.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0215.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0286.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-0464.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-39325.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-44487.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-45142.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-47108.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-5528.md
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2024-21626.md
 create mode 100644 docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md
 create mode 100644 docs/docs-content/security-bulletins/reports/prisma-2022-0227.md
 create mode 100644 docs/docs-content/security-bulletins/reports/reports.md

diff --git a/docs/api-content/api-docs/edge-v1/emc-api.json b/docs/api-content/api-docs/edge-v1/emc-api.json
index 33de2e5c17..789970a2de 100644
--- a/docs/api-content/api-docs/edge-v1/emc-api.json
+++ b/docs/api-content/api-docs/edge-v1/emc-api.json
@@ -19,7 +19,7 @@
       "post": {
         "description": "Creates a cluster with the provided cluster configuration",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Creates a cluster with the provided cluster configuration",
         "operationId": "v1CreateCluster",
@@ -51,7 +51,7 @@
       "patch": {
         "description": "Updates a cluster with the provided cluster configuration",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Updates a cluster with the provided cluster configuration",
         "operationId": "v1UpdateCluster",
@@ -85,7 +85,7 @@
       "get": {
         "description": "list the details of the cluster’s packs.",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "list the details of the cluster’s packs.",
         "operationId": "v1ClusterApplications",
@@ -121,7 +121,7 @@
       "get": {
         "description": "Get Cluster Certificates Info",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Get Cluster Certificates Info",
         "operationId": "v1CertificateDetails",
@@ -145,7 +145,7 @@
       "get": {
         "description": "Get Edge Cluster details",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Get Edge Cluster details",
         "operationId": "v1ClusterGet",
@@ -175,7 +175,7 @@
       "get": {
         "description": "List cluster events",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "List cluster events",
         "operationId": "v1GetClusterEvents",
@@ -212,7 +212,7 @@
       "put": {
         "description": "Updates a cluster with the provided cluster configuration",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Updates a cluster with the provided cluster configuration",
         "operationId": "v1UpdateClusterProfiles",
@@ -246,7 +246,7 @@
       "post": {
         "description": "Validate cluster profile variables",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Validate cluster profile variables",
         "operationId": "v1ValidateClusterProfileVariables",
@@ -280,7 +280,7 @@
       "get": {
         "description": "Get Harbor Content Details",
         "tags": [
-          "content"
+          "edge-mgmt"
         ],
         "summary": "List existing Harbor Content Details",
         "operationId": "v1HarborContentsDetails",
@@ -298,7 +298,7 @@
       "get": {
         "description": "Get Harbor Content Sync Status",
         "tags": [
-          "content"
+          "edge-mgmt"
         ],
         "summary": "List Harbor Content Sync Status",
         "operationId": "v1HarborContentsSyncStatusDetails",
@@ -316,7 +316,7 @@
       "get": {
         "description": "Gets the harbor health status",
         "tags": [
-          "content"
+          "edge-mgmt"
         ],
         "summary": "Gets the harbor health status",
         "operationId": "V1HarborHealth",
@@ -340,7 +340,7 @@
       "post": {
         "description": "Renew Cluster Certificates",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Renew Cluster Certificates",
         "operationId": "v1RenewCerts",
@@ -364,7 +364,7 @@
       "put": {
         "description": "Update cluster settings",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Update cluster settings",
         "operationId": "v1EdgeNativeClusterSettings",
@@ -404,7 +404,7 @@
       "get": {
         "description": "parses the cluster-config archive.",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "parses the cluster-config archive.",
         "operationId": "V1ClusterConfigArchiveEmbedded",
@@ -428,7 +428,7 @@
       "get": {
         "description": "parses the cluster-config archive if it exists.",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "parses the cluster-config archive if it exists.",
         "operationId": "v1ClusterConfigArchiveOverriden",
@@ -452,7 +452,7 @@
       "get": {
         "description": "Get K8s Cluster Nodes",
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "A list of the K8s Cluster Nodes",
         "operationId": "v1ClusterNodes",
@@ -476,7 +476,7 @@
       "get": {
         "description": "Ping an endpoint",
         "tags": [
-          "troubleshoot"
+          "edge-mgmt"
         ],
         "summary": "Ping an endpoint",
         "operationId": "v1PingHost",
@@ -507,7 +507,7 @@
       "get": {
         "description": "Display route that IP packets take to a network host",
         "tags": [
-          "troubleshoot"
+          "edge-mgmt"
         ],
         "summary": "Display route that IP packets take to a network host",
         "operationId": "v1TraceRouteHost",
@@ -538,7 +538,7 @@
       "get": {
         "description": "Get edge host details",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Get edge host info",
         "operationId": "v1EdgeHostInfo",
@@ -568,7 +568,7 @@
       "post": {
         "description": "Reboot edge host",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Reboot edge host",
         "operationId": "v1EdgeHostActionReboot",
@@ -592,7 +592,7 @@
       "post": {
         "description": "Reset edge host",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Reset edge host",
         "operationId": "v1EdgeHostActionReset",
@@ -622,7 +622,7 @@
       "post": {
         "description": "Shutdown edge host",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Shutdown edge host",
         "operationId": "v1EdgeHostActionShutdown",
@@ -649,7 +649,7 @@
           "multipart/form-data"
         ],
         "tags": [
-          "cluster"
+          "edge-mgmt"
         ],
         "summary": "Uploads the cluster config archive and extracts it to the required location on the edge host.",
         "operationId": "V1ClusterConfigUpload",
@@ -685,7 +685,7 @@
           "multipart/form-data"
         ],
         "tags": [
-          "content"
+          "edge-mgmt"
         ],
         "summary": "Uploads an archive file and extracts it to the required location on the edge host.",
         "operationId": "V1ContentUpload",
@@ -718,7 +718,7 @@
       "get": {
         "description": "Get edge host configurations.",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Get edge host configurations.",
         "operationId": "V1EdgeHostConfigurationsGet",
@@ -745,7 +745,7 @@
       },
       "put": {
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Update Edge Host configurations",
         "operationId": "V1EdgeHostConfigurationsUpdate",
@@ -786,7 +786,7 @@
       "get": {
         "description": "Edge host configurations status",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Edge host configurations status",
         "operationId": "v1EdgeHostConfigurationStatus",
@@ -814,7 +814,7 @@
           "application/json"
         ],
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Download edge host Logs",
         "operationId": "v1EdgeHostDownloadLogs",
@@ -845,7 +845,7 @@
       "get": {
         "description": "List last 'logCount' edge host error logs",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "List last 'logCount' edge host error logs",
         "operationId": "V1EdgeHostErrorLogs",
@@ -884,7 +884,7 @@
       "post": {
         "description": "Start edge host log collection",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Start edge host log collection",
         "operationId": "v1EdgeHostGenerateLogs",
@@ -908,7 +908,7 @@
       "get": {
         "description": "Edge host log collection status",
         "tags": [
-          "host"
+          "edge-mgmt"
         ],
         "summary": "Edge host log collection status",
         "operationId": "v1EdgeHostGenerateLogsStatus",
@@ -932,7 +932,7 @@
       "get": {
         "description": "Get life cycle events of cluster and edge host",
         "tags": [
-          "events"
+          "edge-mgmt"
         ],
         "summary": "Get life cycle events of cluster and edge host",
         "operationId": "v1GetLifecycleEvents",
@@ -956,7 +956,7 @@
       "get": {
         "description": "Ping Service",
         "tags": [
-          "troubleshoot"
+          "ping"
         ],
         "summary": "Ping Service",
         "operationId": "V1Ping",
@@ -980,7 +980,7 @@
       "get": {
         "description": "Get current logged in user's information",
         "tags": [
-          "user"
+          "users"
         ],
         "summary": "Get current logged in user's information",
         "operationId": "V1CurrentUser",
@@ -1002,7 +1002,7 @@
       "patch": {
         "description": "Patches the current logged in user's configuration",
         "tags": [
-          "user"
+          "users"
         ],
         "summary": "Patches the current logged in user's configuration",
         "operationId": "v1PatchCurrentUser",
@@ -1036,7 +1036,7 @@
       "post": {
         "description": "Authenticates the user with the specified credentials",
         "tags": [
-          "user"
+          "users"
         ],
         "summary": "Authenticates the user with the specified credentials",
         "operationId": "V1UserLogin",
@@ -1089,7 +1089,7 @@
     "/v1/users/default/logout": {
       "post": {
         "tags": [
-          "user"
+          "users"
         ],
         "summary": "Logs out the user from the system",
         "operationId": "V1UserLogout",
@@ -1122,7 +1122,7 @@
       "post": {
         "description": "Resets the user's password",
         "tags": [
-          "user"
+          "users"
         ],
         "summary": "Resets the user's password",
         "operationId": "V1UserPasswordReset",
@@ -1161,7 +1161,7 @@
     "/v1/users/default/token/renewal": {
       "post": {
         "tags": [
-          "user"
+          "users"
         ],
         "summary": "Refreshes the authentication token of the user",
         "operationId": "V1UserTokenRenewal",
@@ -2188,7 +2188,7 @@
           "$ref": "#/definitions/v1UpdateStrategy"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove master taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove master taint this will not be used for worker pools",
           "type": "boolean"
         }
       }
@@ -2286,7 +2286,7 @@
       "type": "object",
       "properties": {
         "addresses": {
-          "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- \u003e 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n",
+          "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- > 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n",
           "type": "object",
           "additionalProperties": {
             "type": "string"
@@ -3036,7 +3036,7 @@
       "description": "Unauthorized"
     },
     "v1UpdateStrategy": {
-      "description": "UpdatesStrategy will be used to translate to RollingUpdateStrategy of a MachineDeployment We'll start with default values for the translation, can expose more details later Following is details of parameters translated from the type ScaleOut =\u003e maxSurge=1, maxUnavailable=0 ScaleIn =\u003e maxSurge=0, maxUnavailable=1",
+      "description": "UpdatesStrategy will be used to translate to RollingUpdateStrategy of a MachineDeployment We'll start with default values for the translation, can expose more details later Following is details of parameters translated from the type ScaleOut => maxSurge=1, maxUnavailable=0 ScaleIn => maxSurge=0, maxUnavailable=1",
       "type": "object",
       "properties": {
         "type": {
@@ -3185,5 +3185,24 @@
       "name": "Authorization",
       "in": "header"
     }
-  }
+  },
+  "tags": [
+    {
+      "name": "edge-mgmt",
+      "x-displayName": "Edge Mgmt"
+    },
+    {
+      "name": "ping",
+      "x-displayName": "Ping"
+    },
+    {
+      "name": "users",
+      "x-displayName": "Users"
+    }
+  ],
+  "servers": [
+    {
+      "url": "https://edge-host-ip:5080"
+    }
+  ]
 }
\ No newline at end of file
diff --git a/docs/api-content/api-docs/v1/api.json b/docs/api-content/api-docs/v1/api.json
index d8375ff770..acbe522928 100644
--- a/docs/api-content/api-docs/v1/api.json
+++ b/docs/api-content/api-docs/v1/api.json
@@ -2579,7 +2579,7 @@
           "type": "boolean"
         },
         "controlPlaneLoadBalancer": {
-          "description": "ControlPlaneLoadBalancer specifies how API server elb will be configured, this field is optional, not provided, \"\", default =\u003e \"Internet-facing\" \"Internet-facing\" =\u003e \"Internet-facing\" \"internal\" =\u003e \"internal\" For spectro saas setup we require to talk to the apiserver from our cluster so ControlPlaneLoadBalancer should be \"\", not provided or \"Internet-facing\"",
+          "description": "ControlPlaneLoadBalancer specifies how API server elb will be configured, this field is optional, not provided, \"\", default => \"Internet-facing\" \"Internet-facing\" => \"Internet-facing\" \"internal\" => \"internal\" For spectro saas setup we require to talk to the apiserver from our cluster so ControlPlaneLoadBalancer should be \"\", not provided or \"Internet-facing\"",
           "type": "string"
         },
         "region": {
@@ -2989,7 +2989,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean",
           "x-omitempty": false
         }
@@ -3933,7 +3933,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean",
           "x-omitempty": false
         }
@@ -9278,7 +9278,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -9871,7 +9871,7 @@
           "uniqueItems": true
         },
         "useControlPlaneAsWorker": {
-          "description": "If IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "If IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean",
           "x-omitempty": false
         }
@@ -9918,7 +9918,7 @@
           "uniqueItems": true
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean",
           "x-omitempty": false
         },
@@ -11359,7 +11359,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -11749,7 +11749,7 @@
           "type": "boolean"
         },
         "controlPlaneLoadBalancer": {
-          "description": "ControlPlaneLoadBalancer specifies how API server elb will be configured, this field is optional, not provided, \"\", default =\u003e \"Internet-facing\" \"Internet-facing\" =\u003e \"Internet-facing\" \"internal\" =\u003e \"internal\" For spectro saas setup we require to talk to the apiserver from our cluster so ControlPlaneLoadBalancer should be \"\", not provided or \"Internet-facing\"",
+          "description": "ControlPlaneLoadBalancer specifies how API server elb will be configured, this field is optional, not provided, \"\", default => \"Internet-facing\" \"Internet-facing\" => \"Internet-facing\" \"internal\" => \"internal\" For spectro saas setup we require to talk to the apiserver from our cluster so ControlPlaneLoadBalancer should be \"\", not provided or \"Internet-facing\"",
           "type": "string"
         },
         "encryptionConfig": {
@@ -11978,7 +11978,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean",
           "x-omitempty": false
         }
@@ -12553,7 +12553,7 @@
           "additionalProperties": {
             "type": "string"
           },
-          "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- \u003e 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n",
+          "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- > 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n",
           "type": "object"
         },
         "deviceModel": {
@@ -12578,7 +12578,7 @@
           "additionalProperties": {
             "type": "string"
           },
-          "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- \u003e 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n",
+          "description": "Addresses is a map of PCI device entry name to its addresses.\nExample entry would be \"11:00.0 VGA compatible controller [0300]: NVIDIA\nCorporation Device [10de:1eb1] (rev a1)\"- > 0000_11_00_0\" The address is\nBDF (Bus Device Function) identifier format seperated by underscores. The\nfirst 4 bits are almost always 0000. In the above example 11 is Bus, 00\nis Device,0 is function. The values of these addreses are expected in hexadecimal\nformat\n",
           "type": "object"
         },
         "model": {
@@ -13038,7 +13038,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -13451,7 +13451,7 @@
           "type": "integer"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -15435,7 +15435,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         },
         "xslTemplate": {
@@ -16270,7 +16270,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -16692,7 +16692,7 @@
           "description": "Rolling update strategy for this machine pool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "If IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "If IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean",
           "x-omitempty": false
         }
@@ -19986,7 +19986,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -20448,7 +20448,7 @@
           "$ref": "#/definitions/v1MaasCloudAccount"
         },
         "name": {
-          "description": "Name for the private gateway \u0026 cloud account",
+          "description": "Name for the private gateway & cloud account",
           "type": "string"
         },
         "shareWithProjects": {
@@ -20519,7 +20519,7 @@
           "$ref": "#/definitions/v1OpenStackCloudAccount"
         },
         "name": {
-          "description": "Name for the private gateway \u0026 cloud account",
+          "description": "Name for the private gateway & cloud account",
           "type": "string"
         },
         "shareWithProjects": {
@@ -20571,7 +20571,7 @@
           "$ref": "#/definitions/v1VsphereCloudAccount"
         },
         "name": {
-          "description": "Name for the private gateway \u0026 cloud account",
+          "description": "Name for the private gateway & cloud account",
           "type": "string"
         },
         "shareWithProjects": {
@@ -24406,7 +24406,7 @@
       "type": "object"
     },
     "v1ResourceUsageMeteringDataPoint": {
-      "description": "min and max count for machines \u0026 edgehost for the given period",
+      "description": "min and max count for machines & edgehost for the given period",
       "properties": {
         "activeEdgehosts": {
           "format": "int64",
@@ -31930,7 +31930,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -32383,7 +32383,7 @@
       "uniqueItems": true
     },
     "v1UpdateStrategy": {
-      "description": "UpdatesStrategy will be used to translate to RollingUpdateStrategy of a MachineDeployment We'll start with default values for the translation, can expose more details later Following is details of parameters translated from the type ScaleOut =\u003e maxSurge=1, maxUnavailable=0 ScaleIn =\u003e maxSurge=0, maxUnavailable=1",
+      "description": "UpdatesStrategy will be used to translate to RollingUpdateStrategy of a MachineDeployment We'll start with default values for the translation, can expose more details later Following is details of parameters translated from the type ScaleOut => maxSurge=1, maxUnavailable=0 ScaleIn => maxSurge=0, maxUnavailable=1",
       "properties": {
         "type": {
           "description": "update strategy, either ScaleOut or ScaleIn if empty, will default to RollingUpdateScaleOut",
@@ -33389,7 +33389,7 @@
           "description": "dataVolumeTemplates is a list of dataVolumes that the VirtualMachineInstance template can reference. DataVolumes in this list are dynamically created for the VirtualMachine and are tied to the VirtualMachine's life-cycle."
         },
         "persist": {
-          "description": "If 'true' add the disk to the Virtual Machine \u0026 Virtual Machine Instance, else add the disk to the Virtual Machine Instance only",
+          "description": "If 'true' add the disk to the Virtual Machine & Virtual Machine Instance, else add the disk to the Virtual Machine Instance only",
           "type": "boolean"
         }
       },
@@ -33452,7 +33452,7 @@
     "v1VMRemoveVolumeEntity": {
       "properties": {
         "persist": {
-          "description": "If 'true' remove the disk from the Virtual Machine \u0026 Virtual Machine Instance, else remove the disk from the Virtual Machine Instance only",
+          "description": "If 'true' remove the disk from the Virtual Machine & Virtual Machine Instance, else remove the disk from the Virtual Machine Instance only",
           "type": "boolean"
         },
         "removeVolumeOptions": {
@@ -33842,7 +33842,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean"
         }
       },
@@ -34912,7 +34912,7 @@
           "$ref": "#/definitions/v1VmBlockSize"
         },
         "bootOrder": {
-          "description": "BootOrder is an integer value \u003e 0, used to determine ordering of boot devices. Lower values take precedence. Each disk or interface that has a boot order must have a unique value. Disks without a boot order are not tried if a disk with a boot order exists.",
+          "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices. Lower values take precedence. Each disk or interface that has a boot order must have a unique value. Disks without a boot order are not tried if a disk with a boot order exists.",
           "format": "int32",
           "type": "integer"
         },
@@ -35253,7 +35253,7 @@
       "type": "object"
     },
     "v1VmFieldsV1": {
-      "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:\u003cname\u003e', where \u003cname\u003e is the name of a field in a struct, or key in a map 'v:\u003cvalue\u003e', where \u003cvalue\u003e is the exact json formatted value of a list item 'i:\\\u003cindex\u003e', where \\\u003cindex\u003e is position of a item in a list 'k:\u003ckeys\u003e', where \u003ckeys\u003e is a map of  a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff",
+      "description": "FieldsV1 stores a set of fields in a data structure like a Trie, in JSON format.\n\nEach key is either a '.' representing the field itself, and will always map to an empty set, or a string representing a sub-field or item. The string will follow one of these four formats: 'f:<name>', where <name> is the name of a field in a struct, or key in a map 'v:<value>', where <value> is the exact json formatted value of a list item 'i:\\<index>', where \\<index> is position of a item in a list 'k:<keys>', where <keys> is a map of  a list item's key fields to their unique values If a key maps to an empty Fields value, the field that key represents is part of the set.\n\nThe exact format is defined in sigs.k8s.io/structured-merge-diff",
       "properties": {
         "Raw": {
           "items": {
@@ -35533,7 +35533,7 @@
           "type": "integer"
         },
         "bootOrder": {
-          "description": "BootOrder is an integer value \u003e 0, used to determine ordering of boot devices. Lower values take precedence. Each interface or disk that has a boot order must have a unique value. Interfaces without a boot order are not tried.",
+          "description": "BootOrder is an integer value > 0, used to determine ordering of boot devices. Lower values take precedence. Each interface or disk that has a boot order must have a unique value. Interfaces without a boot order are not tried.",
           "format": "int32",
           "type": "integer"
         },
@@ -35848,7 +35848,7 @@
           "type": "boolean"
         },
         "networkName": {
-          "description": "References to a NetworkAttachmentDefinition CRD object. Format: \u003cnetworkName\u003e, \u003cnamespace\u003e/\u003cnetworkName\u003e. If namespace is not specified, VMI namespace is assumed.",
+          "description": "References to a NetworkAttachmentDefinition CRD object. Format: <networkName>, <namespace>/<networkName>. If namespace is not specified, VMI namespace is assumed.",
           "type": "string"
         }
       },
@@ -36202,7 +36202,7 @@
       "type": "object"
     },
     "v1VmPodAffinityTerm": {
-      "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key \u003ctopologyKey\u003e matches that of any node on which a pod of the set of pods is running",
+      "description": "Defines a set of pods (namely those matching the labelSelector relative to the given namespace(s)) that this pod should be co-located (affinity) or not co-located (anti-affinity) with, where co-located is defined as running on a node whose value of the label with key <topologyKey> matches that of any node on which a pod of the set of pods is running",
       "properties": {
         "labelSelector": {
           "$ref": "#/definitions/v1VmLabelSelector"
@@ -36289,7 +36289,7 @@
           "type": "string"
         },
         "port": {
-          "description": "Number of port to expose for the virtual machine. This must be a valid port number, 0 \u003c x \u003c 65536.",
+          "description": "Number of port to expose for the virtual machine. This must be a valid port number, 0 < x < 65536.",
           "format": "int32",
           "type": "integer"
         },
@@ -36406,7 +36406,7 @@
       "type": "object"
     },
     "v1VmQuantity": {
-      "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n\u003cquantity\u003e        ::= \u003csignedNumber\u003e\u003csuffix\u003e\n  (Note that \u003csuffix\u003e may be empty, from the \"\" case in \u003cdecimalSI\u003e.)\n\u003cdigit\u003e           ::= 0 | 1 | ... | 9 \u003cdigits\u003e          ::= \u003cdigit\u003e | \u003cdigit\u003e\u003cdigits\u003e \u003cnumber\u003e          ::= \u003cdigits\u003e | \u003cdigits\u003e.\u003cdigits\u003e | \u003cdigits\u003e. | .\u003cdigits\u003e \u003csign\u003e            ::= \"+\" | \"-\" \u003csignedNumber\u003e    ::= \u003cnumber\u003e | \u003csign\u003e\u003cnumber\u003e \u003csuffix\u003e          ::= \u003cbinarySI\u003e | \u003cdecimalExponent\u003e | \u003cdecimalSI\u003e \u003cbinarySI\u003e        ::= Ki | Mi | Gi | Ti | Pi | Ei\n  (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n\u003cdecimalSI\u003e       ::= m | \"\" | k | M | G | T | P | E\n  (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n\u003cdecimalExponent\u003e ::= \"e\" \u003csignedNumber\u003e | \"E\" \u003csignedNumber\u003e\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n  a. No precision is lost\n  b. No fractional digits will be emitted\n  c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n  1.5 will be serialized as \"1500m\"\n  1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.",
+      "description": "Quantity is a fixed-point representation of a number. It provides convenient marshaling/unmarshaling in JSON and YAML, in addition to String() and AsInt64() accessors.\n\nThe serialization format is:\n\n<quantity>        ::= <signedNumber><suffix>\n  (Note that <suffix> may be empty, from the \"\" case in <decimalSI>.)\n<digit>           ::= 0 | 1 | ... | 9 <digits>          ::= <digit> | <digit><digits> <number>          ::= <digits> | <digits>.<digits> | <digits>. | .<digits> <sign>            ::= \"+\" | \"-\" <signedNumber>    ::= <number> | <sign><number> <suffix>          ::= <binarySI> | <decimalExponent> | <decimalSI> <binarySI>        ::= Ki | Mi | Gi | Ti | Pi | Ei\n  (International System of units; See: http://physics.nist.gov/cuu/Units/binary.html)\n<decimalSI>       ::= m | \"\" | k | M | G | T | P | E\n  (Note that 1024 = 1Ki but 1000 = 1k; I didn't choose the capitalization.)\n<decimalExponent> ::= \"e\" <signedNumber> | \"E\" <signedNumber>\n\nNo matter which of the three exponent forms is used, no quantity may represent a number greater than 2^63-1 in magnitude, nor may it have more than 3 decimal places. Numbers larger or more precise will be capped or rounded up. (E.g.: 0.1m will rounded up to 1m.) This may be extended in the future if we require larger or smaller quantities.\n\nWhen a Quantity is parsed from a string, it will remember the type of suffix it had, and will use the same type again when it is serialized.\n\nBefore serializing, Quantity will be put in \"canonical form\". This means that Exponent/suffix will be adjusted up or down (with a corresponding increase or decrease in Mantissa) such that:\n  a. No precision is lost\n  b. No fractional digits will be emitted\n  c. The exponent (or suffix) is as large as possible.\nThe sign will be omitted unless the number is negative.\n\nExamples:\n  1.5 will be serialized as \"1500m\"\n  1.5Gi will be serialized as \"1536Mi\"\n\nNote that the quantity will NEVER be internally represented by a floating point number. That is the whole point of this exercise.\n\nNon-canonical values will still parse as long as they are well formed, but will be re-emitted in their canonical form. (So always use canonical form, or don't diff.)\n\nThis format is intended to make it difficult to use these numbers without writing some sort of special handling code in the hopes that that will cause implementors to also use a fixed point implementation.",
       "type": "string"
     },
     "v1VmRTCTimer": {
@@ -36705,7 +36705,7 @@
       "type": "object"
     },
     "v1VmToleration": {
-      "description": "The pod this Toleration is attached to tolerates any taint that matches the triple \u003ckey,value,effect\u003e using the matching operator \u003coperator\u003e.",
+      "description": "The pod this Toleration is attached to tolerates any taint that matches the triple <key,value,effect> using the matching operator <operator>.",
       "properties": {
         "effect": {
           "description": "Effect indicates the taint effect to match. Empty means match all taint effects. When specified, allowed values are NoSchedule, PreferNoSchedule and NoExecute.",
@@ -36743,7 +36743,7 @@
           "type": "integer"
         },
         "topologyKey": {
-          "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each \u003ckey, value\u003e as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.",
+          "description": "TopologyKey is the key of node labels. Nodes that have a label with this key and identical values are considered to be in the same topology. We consider each <key, value> as a \"bucket\", and try to put balanced number of pods into each bucket. It's a required field.",
           "type": "string"
         },
         "whenUnsatisfiable": {
@@ -36927,7 +36927,7 @@
           "type": "string"
         },
         "subdomain": {
-          "description": "If specified, the fully qualified vmi hostname will be \"\u003chostname\u003e.\u003csubdomain\u003e.\u003cpod namespace\u003e.svc.\u003ccluster domain\u003e\". If not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi, no matter if the vmi itself can pick up a hostname.",
+          "description": "If specified, the fully qualified vmi hostname will be \"<hostname>.<subdomain>.<pod namespace>.svc.<cluster domain>\". If not specified, the vmi will not have a domainname at all. The DNS entry will resolve to the vmi, no matter if the vmi itself can pick up a hostname.",
           "type": "string"
         },
         "terminationGracePeriodSeconds": {
@@ -37748,7 +37748,7 @@
           "description": "rolling update strategy for this machinepool if not specified, will use ScaleOut"
         },
         "useControlPlaneAsWorker": {
-          "description": "if IsControlPlane==true \u0026\u0026 useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
+          "description": "if IsControlPlane==true && useControlPlaneAsWorker==true, then will remove control plane taint this will not be used for worker pools",
           "type": "boolean",
           "x-omitempty": false
         }
@@ -38985,7 +38985,7 @@
         ],
         "summary": "Retrieves a list of API keys",
         "tags": [
-          "v1"
+          "apiKeys"
         ]
       },
       "post": {
@@ -39017,7 +39017,7 @@
         ],
         "summary": "Create an API key",
         "tags": [
-          "v1"
+          "apiKeys"
         ]
       }
     },
@@ -39039,7 +39039,7 @@
         ],
         "summary": "Deletes the specified API key",
         "tags": [
-          "v1"
+          "apiKeys"
         ]
       },
       "get": {
@@ -39062,7 +39062,7 @@
         ],
         "summary": "Returns the specified API key",
         "tags": [
-          "v1"
+          "apiKeys"
         ]
       },
       "parameters": [
@@ -39100,7 +39100,7 @@
         ],
         "summary": "Activate or de-active the specified API key",
         "tags": [
-          "v1"
+          "apiKeys"
         ]
       },
       "put": {
@@ -39129,7 +39129,7 @@
         ],
         "summary": "Update the specified API key",
         "tags": [
-          "v1"
+          "apiKeys"
         ]
       }
     },
@@ -39169,7 +39169,7 @@
         ],
         "summary": "Revoke or re-activate the API key access",
         "tags": [
-          "v1"
+          "apiKeys"
         ]
       }
     },
@@ -39215,7 +39215,7 @@
         ],
         "summary": "Creates a application deployment in the virtual cluster",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       }
     },
@@ -39261,7 +39261,7 @@
         ],
         "summary": "Creates a application deployment in one of virtual clusters in the cluster group",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       }
     },
@@ -39291,7 +39291,7 @@
         ],
         "summary": "Deletes the specified application deployment",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       },
       "get": {
@@ -39322,7 +39322,7 @@
         ],
         "summary": "Returns the specified application deployment",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       },
       "parameters": [
@@ -39364,7 +39364,7 @@
         ],
         "summary": "Returns profile of the specified application deployment",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       },
       "parameters": [
@@ -39408,7 +39408,7 @@
         ],
         "summary": "Updates the specified application deployment profile",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       }
     },
@@ -39453,7 +39453,7 @@
         ],
         "summary": "Apply the application deployment profile updates",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       }
     },
@@ -39486,7 +39486,7 @@
         ],
         "summary": "Returns the specified application deployment profile tier information",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       },
       "parameters": [
@@ -39537,7 +39537,7 @@
         ],
         "summary": "Updates the specified application deployment profile tier information",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       }
     },
@@ -39570,7 +39570,7 @@
         ],
         "summary": "Retrieves a list of manifests of the specified application deployment profile tier",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       },
       "parameters": [
@@ -39619,7 +39619,7 @@
         ],
         "summary": "Returns the specified application deployment tier manifest information",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       },
       "parameters": [
@@ -39677,7 +39677,7 @@
         ],
         "summary": "Updates the specified application deployment tier manifest information",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       }
     },
@@ -39710,7 +39710,7 @@
         ],
         "summary": "Retrieves a list of profile versions of the specified application deployment",
         "tags": [
-          "v1"
+          "appDeployments"
         ]
       },
       "parameters": [
@@ -39765,7 +39765,7 @@
         ],
         "summary": "Creates a application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -39798,7 +39798,7 @@
         ],
         "summary": "Retrieves a list of application profile macros",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -39828,7 +39828,7 @@
         ],
         "summary": "Deletes the specified application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "get": {
@@ -39859,7 +39859,7 @@
         ],
         "summary": "Returns the specified application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "parameters": [
@@ -39902,7 +39902,7 @@
         ],
         "summary": "Updates the specified application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -39957,7 +39957,7 @@
         ],
         "summary": "Clones the specified application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -40009,7 +40009,7 @@
         ],
         "summary": "Validates the specified application profile clone",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -40055,7 +40055,7 @@
         ],
         "summary": "Updates the specified application profile metadata",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -40088,7 +40088,7 @@
         ],
         "summary": "Retrieves a list of tiers of the specified application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "parameters": [
@@ -40141,7 +40141,7 @@
         ],
         "summary": "Updates app tier of the specified application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "post": {
@@ -40185,7 +40185,7 @@
         ],
         "summary": "Adds tier to the specified application profile",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -40215,7 +40215,7 @@
         ],
         "summary": "Deletes the specified application profile tier",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "get": {
@@ -40246,7 +40246,7 @@
         ],
         "summary": "Returns the specified application profile tier information",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "parameters": [
@@ -40297,7 +40297,7 @@
         ],
         "summary": "Updates the specified application profile tier",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -40330,7 +40330,7 @@
         ],
         "summary": "Retrieves a list of manifests of the specified application profile tier",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "parameters": [
@@ -40390,7 +40390,7 @@
         ],
         "summary": "Adds manifest to the specified application profile tier",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -40420,7 +40420,7 @@
         ],
         "summary": "Deletes the specified application profile tier manifest",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "get": {
@@ -40451,7 +40451,7 @@
         ],
         "summary": "Returns the specified application profile tier manifest information",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "parameters": [
@@ -40509,7 +40509,7 @@
         ],
         "summary": "Updates the specified application profile tier manifest information",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       }
     },
@@ -40542,7 +40542,7 @@
         ],
         "summary": "Returns the specified application profile tier resolved values",
         "tags": [
-          "v1"
+          "appProfiles"
         ]
       },
       "parameters": [
@@ -40668,7 +40668,7 @@
         ],
         "summary": "Retrieves the list of audit logs",
         "tags": [
-          "v1"
+          "audits"
         ]
       }
     },
@@ -40701,7 +40701,7 @@
         ],
         "summary": "Returns the specified audit log",
         "tags": [
-          "v1"
+          "audits"
         ]
       },
       "parameters": [
@@ -40743,7 +40743,7 @@
         ],
         "summary": "Returns the specified system audit message",
         "tags": [
-          "v1"
+          "audits"
         ]
       },
       "parameters": [
@@ -40798,7 +40798,7 @@
         ],
         "summary": "Updates the specified user message for the specified audit",
         "tags": [
-          "v1"
+          "audits"
         ]
       }
     },
@@ -40834,7 +40834,7 @@
         },
         "summary": "Authenticates the user for the specified crendentials",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -40859,7 +40859,7 @@
         },
         "summary": "Returns the user organization details",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -40877,7 +40877,7 @@
         },
         "summary": "Idp authorization code callback",
         "tags": [
-          "v1"
+          "auth"
         ]
       },
       "parameters": [
@@ -40931,7 +40931,7 @@
         },
         "summary": "Identity provider logout url for the Oidc",
         "tags": [
-          "v1"
+          "auth"
         ]
       },
       "parameters": [
@@ -40996,7 +40996,7 @@
         },
         "summary": "Identity provider callback url for the SMAL authentication",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41043,7 +41043,7 @@
         },
         "summary": "Identity provider logout url for the SMAL",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41061,7 +41061,7 @@
         },
         "summary": "Returns a list of user's organizations",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41105,7 +41105,7 @@
         },
         "summary": "Updates and Activates the specified user password using the password token",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41149,7 +41149,7 @@
         },
         "summary": "Resets the user password using the password token",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41167,7 +41167,7 @@
         },
         "summary": "Refreshes authentication token",
         "tags": [
-          "v1"
+          "auth"
         ]
       },
       "parameters": [
@@ -41201,7 +41201,7 @@
         },
         "summary": "Returns a list of predefined Identity Provider (IDP)",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41226,7 +41226,7 @@
         },
         "summary": "Returns a list of supported sso logins",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41244,7 +41244,7 @@
         },
         "summary": "Returns a list of supported sso auth providers",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41262,7 +41262,7 @@
         },
         "summary": "Returns Authorization token. Works as a callback url for the system defined sso apps",
         "tags": [
-          "v1"
+          "auth"
         ]
       },
       "parameters": [
@@ -41325,7 +41325,7 @@
         },
         "summary": "Returns No Content. Sends the user organization information via email",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41365,7 +41365,7 @@
         },
         "summary": "Creates request to reset password via email",
         "tags": [
-          "v1"
+          "auth"
         ]
       }
     },
@@ -41437,7 +41437,7 @@
         ],
         "summary": "Retrieves a list of AWS cloud accounts",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "post": {
@@ -41482,7 +41482,7 @@
         ],
         "summary": "Creates an AWS cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -41512,7 +41512,7 @@
         ],
         "summary": "Deletes the specified AWS account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -41549,7 +41549,7 @@
         ],
         "summary": "Returns the specified AWS account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -41593,7 +41593,7 @@
         ],
         "summary": "Updates the specified AWS account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -41665,7 +41665,7 @@
         ],
         "summary": "Retrieves a list of azure cloud accounts",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "post": {
@@ -41710,7 +41710,7 @@
         ],
         "summary": "Create azure cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -41740,7 +41740,7 @@
         ],
         "summary": "Deletes the specified azure account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -41771,7 +41771,7 @@
         ],
         "summary": "Returns the specified azure cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -41815,7 +41815,7 @@
         ],
         "summary": "Updates the specified azure account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -41887,7 +41887,7 @@
         ],
         "summary": "Retrieves a list of cloud accounts by cloud type",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -41941,7 +41941,7 @@
         ],
         "summary": "Creates an cloud account of specific cloud type",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -41971,7 +41971,7 @@
         ],
         "summary": "Deletes the specified account by cloud type",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -42002,7 +42002,7 @@
         ],
         "summary": "Returns the specified account by cloud type",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42053,7 +42053,7 @@
         ],
         "summary": "Updates the specified account by cloud type",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -42125,7 +42125,7 @@
         ],
         "summary": "Retrieves a list of gcp cloud accounts",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "post": {
@@ -42170,7 +42170,7 @@
         ],
         "summary": "Creates a GCP cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -42200,7 +42200,7 @@
         ],
         "summary": "Deletes the specified GCP account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -42231,7 +42231,7 @@
         ],
         "summary": "Returns the specified GCP cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42276,7 +42276,7 @@
         ],
         "summary": "Updates the specified GCP account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -42348,7 +42348,7 @@
         ],
         "summary": "Retrieves a list of Maas cloud accounts",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "post": {
@@ -42393,7 +42393,7 @@
         ],
         "summary": "Creates an Maas cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -42423,7 +42423,7 @@
         ],
         "summary": "Deletes the specified Maas account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -42454,7 +42454,7 @@
         ],
         "summary": "Returns the specified Maas account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42499,7 +42499,7 @@
         ],
         "summary": "Patches the specified CloudAccount Maas",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "put": {
@@ -42534,7 +42534,7 @@
         ],
         "summary": "Updates the specified Maas account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -42567,7 +42567,7 @@
         ],
         "summary": "Get the maas azs for a given account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42608,7 +42608,7 @@
         ],
         "summary": "Get the maas domains for a given account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42649,7 +42649,7 @@
         ],
         "summary": "Get the maas pools for a given account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42690,7 +42690,7 @@
         ],
         "summary": "Get the maas subnets for a given account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42731,7 +42731,7 @@
         ],
         "summary": "Get the maas tags for a given account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42811,7 +42811,7 @@
         ],
         "summary": "Retrieves a list of OpenStack cloud accounts",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "post": {
@@ -42856,7 +42856,7 @@
         ],
         "summary": "Creates a OpenStack cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -42886,7 +42886,7 @@
         ],
         "summary": "Deletes the specified OpenStack account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -42917,7 +42917,7 @@
         ],
         "summary": "Returns the specified OpenStack account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -42961,7 +42961,7 @@
         ],
         "summary": "Updates the specified OpenStack account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -43009,7 +43009,7 @@
         ],
         "summary": "Get the openstack azs for a given account and region",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43065,7 +43065,7 @@
         ],
         "summary": "Get the openstack keypairs for a given account and scope",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43121,7 +43121,7 @@
         ],
         "summary": "Get the openstack keypairs for a given account and scope",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43177,7 +43177,7 @@
         ],
         "summary": "Get the openstack networks for a given account and scope",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43218,7 +43218,7 @@
         ],
         "summary": "Get the openstack projects for a given account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43259,7 +43259,7 @@
         ],
         "summary": "Get the openstack regions for a given account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43333,7 +43333,7 @@
         ],
         "summary": "Retrieves a list of cloud accounts summary",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -43405,7 +43405,7 @@
         ],
         "summary": "Retrieves a list of Tencent cloud accounts",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "post": {
@@ -43450,7 +43450,7 @@
         ],
         "summary": "Creates an Tencent cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -43480,7 +43480,7 @@
         ],
         "summary": "Deletes the specified Tencent account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -43511,7 +43511,7 @@
         ],
         "summary": "Returns the specified Tencent account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43555,7 +43555,7 @@
         ],
         "summary": "Updates the specified Tencent account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -43627,7 +43627,7 @@
         ],
         "summary": "Retrieves a list of vSphere cloud accounts",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "post": {
@@ -43672,7 +43672,7 @@
         ],
         "summary": "Creates a vSphere cloud account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -43702,7 +43702,7 @@
         ],
         "summary": "Deletes the specified vSphere account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "get": {
@@ -43733,7 +43733,7 @@
         ],
         "summary": "Returns the specified vSphere account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43778,7 +43778,7 @@
         ],
         "summary": "Updates the specified VSphere account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -43811,7 +43811,7 @@
         ],
         "summary": "Get the vSphere computecluster resources for the given overlord account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43867,9 +43867,9 @@
             "Authorization": []
           }
         ],
-        "summary": "Get the vSphere datacenters \u0026 datacluster for the given overlord account",
+        "summary": "Get the vSphere datacenters & datacluster for the given overlord account",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       },
       "parameters": [
@@ -43923,7 +43923,7 @@
         ],
         "summary": "Update the geolocation annotation",
         "tags": [
-          "v1"
+          "cloudaccounts"
         ]
       }
     },
@@ -43956,7 +43956,7 @@
         ],
         "summary": "Returns the specified AKS cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44011,7 +44011,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44066,7 +44066,7 @@
         ],
         "summary": "Creates an AKS cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44096,7 +44096,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44147,7 +44147,7 @@
         ],
         "summary": "Updates the specified AKS cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44219,7 +44219,7 @@
         ],
         "summary": "Retrieves a list of AKS machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44279,7 +44279,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44309,7 +44309,7 @@
         ],
         "summary": "Deletes the specified Azure machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -44340,7 +44340,7 @@
         ],
         "summary": "Returns the specified AKS machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44398,7 +44398,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44431,7 +44431,7 @@
         ],
         "summary": "Returns the specified AWS cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44486,7 +44486,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44541,7 +44541,7 @@
         ],
         "summary": "Creates an AWS cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44571,7 +44571,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44622,7 +44622,7 @@
         ],
         "summary": "Updates the specified AWS cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44694,7 +44694,7 @@
         ],
         "summary": "Retrieves a list of AWS machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44754,7 +44754,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44784,7 +44784,7 @@
         ],
         "summary": "Deletes the specified AWS machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -44815,7 +44815,7 @@
         ],
         "summary": "Returns the specified AWS machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44873,7 +44873,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -44906,7 +44906,7 @@
         ],
         "summary": "Returns the specified Azure cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -44961,7 +44961,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45016,7 +45016,7 @@
         ],
         "summary": "Creates an Azure cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45046,7 +45046,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -45097,7 +45097,7 @@
         ],
         "summary": "Updates the specified Azure cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45170,7 +45170,7 @@
         ],
         "summary": "Retrieves a list of Azure machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -45230,7 +45230,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45260,7 +45260,7 @@
         ],
         "summary": "Deletes the specified Azure machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -45292,7 +45292,7 @@
         ],
         "summary": "Returns the specified Azure machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -45350,7 +45350,7 @@
         ],
         "summary": "Updates the specified machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45383,7 +45383,7 @@
         ],
         "summary": "Returns the specified Custom cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -45452,7 +45452,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45514,7 +45514,7 @@
         ],
         "summary": "Creates an Custom cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45544,7 +45544,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -45602,7 +45602,7 @@
         ],
         "summary": "Updates the specified Custom cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45674,7 +45674,7 @@
         ],
         "summary": "Retrieves a list of Custom machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -45741,7 +45741,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45771,7 +45771,7 @@
         ],
         "summary": "Deletes the specified Custom machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -45802,7 +45802,7 @@
         ],
         "summary": "Returns the specified Custom machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -45867,7 +45867,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45929,7 +45929,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -45962,7 +45962,7 @@
         ],
         "summary": "Returns the specified edge-native cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46017,7 +46017,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46072,7 +46072,7 @@
         ],
         "summary": "Creates a edge-native cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46102,7 +46102,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46153,7 +46153,7 @@
         ],
         "summary": "Updates the specified edge-native cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46186,7 +46186,7 @@
         ],
         "summary": "Retrieves a list of edge-native machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46246,7 +46246,7 @@
         ],
         "summary": "Adds the edge-native machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46276,7 +46276,7 @@
         ],
         "summary": "Deletes the specified edge-native machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -46307,7 +46307,7 @@
         ],
         "summary": "Returns the specified edge-native machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46365,7 +46365,7 @@
         ],
         "summary": "Updates the specified machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46398,7 +46398,7 @@
         ],
         "summary": "Returns the specified EKS cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46453,7 +46453,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46499,7 +46499,7 @@
         ],
         "summary": "Updates EKS cloud config's fargate profiles",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46554,7 +46554,7 @@
         ],
         "summary": "Creates an EKS cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46584,7 +46584,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46635,7 +46635,7 @@
         ],
         "summary": "Updates the specified EKS cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46707,7 +46707,7 @@
         ],
         "summary": "Retrieves a list of EKS machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46767,7 +46767,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46797,7 +46797,7 @@
         ],
         "summary": "Deletes the specified EKS machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -46828,7 +46828,7 @@
         ],
         "summary": "Returns the specified EKS machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46886,7 +46886,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -46919,7 +46919,7 @@
         ],
         "summary": "Returns the specified GCP cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -46974,7 +46974,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47029,7 +47029,7 @@
         ],
         "summary": "Creates a Gcp cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47059,7 +47059,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47110,7 +47110,7 @@
         ],
         "summary": "Updates the specified GCP cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47182,7 +47182,7 @@
         ],
         "summary": "Retrieves a list of GCP machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47242,7 +47242,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47272,7 +47272,7 @@
         ],
         "summary": "Deletes the specified GCP machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -47303,7 +47303,7 @@
         ],
         "summary": "Returns the specified GCP machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47361,7 +47361,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47394,7 +47394,7 @@
         ],
         "summary": "Returns the specified Generic cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47449,7 +47449,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47504,7 +47504,7 @@
         ],
         "summary": "Creates a generic cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47534,7 +47534,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47585,7 +47585,7 @@
         ],
         "summary": "Updates the specified generic cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47657,7 +47657,7 @@
         ],
         "summary": "Retrieves a list of Generic machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47717,7 +47717,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47747,7 +47747,7 @@
         ],
         "summary": "Deletes the specified machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -47778,7 +47778,7 @@
         ],
         "summary": "Returns the specified generic machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47836,7 +47836,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47869,7 +47869,7 @@
         ],
         "summary": "Returns the specified GKE cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -47924,7 +47924,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -47979,7 +47979,7 @@
         ],
         "summary": "Creates an GKE cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48009,7 +48009,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48060,7 +48060,7 @@
         ],
         "summary": "Updates the specified GKE cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48132,7 +48132,7 @@
         ],
         "summary": "Retrieves a list of GKE machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48192,7 +48192,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48222,7 +48222,7 @@
         ],
         "summary": "Deletes the specified Gcp machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -48253,7 +48253,7 @@
         ],
         "summary": "Returns the specified GKE machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48311,7 +48311,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48344,7 +48344,7 @@
         ],
         "summary": "Returns the specified Maas cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48399,7 +48399,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48454,7 +48454,7 @@
         ],
         "summary": "Creates an Maas cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48484,7 +48484,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48535,7 +48535,7 @@
         ],
         "summary": "Updates the specified Maas cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48607,7 +48607,7 @@
         ],
         "summary": "Retrieves a list of Maas machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48667,7 +48667,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48697,7 +48697,7 @@
         ],
         "summary": "Deletes the specified Maas machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -48728,7 +48728,7 @@
         ],
         "summary": "Returns the specified Maas machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48786,7 +48786,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48819,7 +48819,7 @@
         ],
         "summary": "Returns the specified OpenStack cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -48874,7 +48874,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48929,7 +48929,7 @@
         ],
         "summary": "Creates a OpenStack cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -48959,7 +48959,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49010,7 +49010,7 @@
         ],
         "summary": "Updates the specified OpenStack cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49043,7 +49043,7 @@
         ],
         "summary": "Retrieves a list of OpenStack machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49103,7 +49103,7 @@
         ],
         "summary": "Adds the OpenStack machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49133,7 +49133,7 @@
         ],
         "summary": "Deletes the specified OpenStack machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -49164,7 +49164,7 @@
         ],
         "summary": "Returns the specified OpenStack machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49222,7 +49222,7 @@
         ],
         "summary": "Updates the specified machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49255,7 +49255,7 @@
         ],
         "summary": "Returns the specified TKE cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49310,7 +49310,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49365,7 +49365,7 @@
         ],
         "summary": "Creates an TKE cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49395,7 +49395,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49446,7 +49446,7 @@
         ],
         "summary": "Updates the specified TKE cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49518,7 +49518,7 @@
         ],
         "summary": "Retrieves a list of TKE machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49578,7 +49578,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49608,7 +49608,7 @@
         ],
         "summary": "Deletes the specified Tencent machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -49639,7 +49639,7 @@
         ],
         "summary": "Returns the specified Tke machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49697,7 +49697,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49730,7 +49730,7 @@
         ],
         "summary": "Returns the specified Virtual cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49785,7 +49785,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49840,7 +49840,7 @@
         ],
         "summary": "Creates a virtual cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49870,7 +49870,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -49921,7 +49921,7 @@
         ],
         "summary": "Updates the specified virtual cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -49993,7 +49993,7 @@
         ],
         "summary": "Retrieves a list of virtual machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -50053,7 +50053,7 @@
         ],
         "summary": "Adds the machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50083,7 +50083,7 @@
         ],
         "summary": "Deletes the specified virtual machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -50114,7 +50114,7 @@
         ],
         "summary": "Returns the specified virtual machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -50172,7 +50172,7 @@
         ],
         "summary": "Updates the specified machine to the cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50218,7 +50218,7 @@
         ],
         "summary": "Updates and resizes the virtual cluster",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50251,7 +50251,7 @@
         ],
         "summary": "Returns the specified vSphere cloud config",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -50306,7 +50306,7 @@
         ],
         "summary": "Updates the cluster configuration information",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50361,7 +50361,7 @@
         ],
         "summary": "Creates a vSphere cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50391,7 +50391,7 @@
         ],
         "summary": "Deletes the specified machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -50442,7 +50442,7 @@
         ],
         "summary": "Updates the specified vSphere cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50514,7 +50514,7 @@
         ],
         "summary": "Retrieves a list of vSphere machines",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -50574,7 +50574,7 @@
         ],
         "summary": "Adds the vSphere machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50604,7 +50604,7 @@
         ],
         "summary": "Deletes the specified vSphere machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "get": {
@@ -50635,7 +50635,7 @@
         ],
         "summary": "Returns the specified vSphere machine",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -50693,7 +50693,7 @@
         ],
         "summary": "Updates the specified machine to cloud config's machine pool",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50760,7 +50760,7 @@
         ],
         "summary": "Updates the specified machine maintenance",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50827,7 +50827,7 @@
         ],
         "summary": "Updates the specified machine maintenance",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       }
     },
@@ -50860,7 +50860,7 @@
         ],
         "summary": "Returns the specified cloud config's machine pools and machine uid",
         "tags": [
-          "v1"
+          "cloudconfigs"
         ]
       },
       "parameters": [
@@ -50913,7 +50913,7 @@
         ],
         "summary": "Retrieves AWS external id and account id",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -50958,7 +50958,7 @@
         ],
         "summary": "Validate the specified AWS account credentials",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51004,7 +51004,7 @@
         ],
         "summary": "validates aws cloud watch credentials",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51046,7 +51046,7 @@
         ],
         "summary": "Retrieves AWS cloud account usage cost from cost explorer.",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51101,7 +51101,7 @@
         ],
         "summary": "Get AWS Volume Size",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51149,7 +51149,7 @@
         ],
         "summary": "Retrieves a list of AWS policies for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51200,7 +51200,7 @@
         ],
         "summary": "Validate the aws policy arns validate",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51245,7 +51245,7 @@
         ],
         "summary": "Validate AWS properties",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51285,7 +51285,7 @@
         ],
         "summary": "Retrieves a list of AWS regions for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51332,7 +51332,7 @@
         ],
         "summary": "Retrieves a list of AWS availability zones for the specified region",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51380,7 +51380,7 @@
         ],
         "summary": "Copies the specified image from one region to another region",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51438,7 +51438,7 @@
         ],
         "summary": "Check if Aws cluster name is valid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51486,7 +51486,7 @@
         ],
         "summary": "Returns AWS image for the specified AMI name",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51553,7 +51553,7 @@
         ],
         "summary": "Retrieves a list of AWS instance types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51600,7 +51600,7 @@
         ],
         "summary": "Retrieves a list of AWS keypairs",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51657,7 +51657,7 @@
         ],
         "summary": "Validate the specified AWS keypair",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51711,7 +51711,7 @@
         ],
         "summary": "Get AWS KMS key by Id",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51758,7 +51758,7 @@
         ],
         "summary": "Retrieves a list of AWS KMS keys for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51815,7 +51815,7 @@
         ],
         "summary": "Validate an Aws KMS key for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51855,7 +51855,7 @@
         ],
         "summary": "Retrieves a list of AWS storage types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51902,7 +51902,7 @@
         ],
         "summary": "Retrieves a list of VPCs for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -51947,7 +51947,7 @@
         ],
         "summary": "Validate the AWS S3 bucket",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52000,7 +52000,7 @@
         ],
         "summary": "Retrieves a list of AWS security groups for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52041,7 +52041,7 @@
         ],
         "summary": "Get all AWS Volume Types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52087,7 +52087,7 @@
         ],
         "summary": "Check if Azure account is valid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52126,7 +52126,7 @@
         ],
         "summary": "Retrieves a list of Azure groups",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52171,7 +52171,7 @@
         ],
         "summary": "Retrieves a list of Azure regions",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52232,7 +52232,7 @@
         ],
         "summary": "Retrieves a list of Azure instance types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52272,7 +52272,7 @@
         ],
         "summary": "Retrieves a list of Azure storage types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52344,7 +52344,7 @@
         ],
         "summary": "Check if Azure cluster name is valid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52404,7 +52404,7 @@
         ],
         "summary": "Retrieves a list of Azure virtual network list for the sepcified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52458,7 +52458,7 @@
         ],
         "summary": "Retrieves a list of Azure resource group for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52510,7 +52510,7 @@
         ],
         "summary": "Retrieves a list of Azure zones for the specified region",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52565,7 +52565,7 @@
         ],
         "summary": "Get Azure private DNS zones for the given resource group",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52619,7 +52619,7 @@
         ],
         "summary": "Get Azure storage accounts",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52680,7 +52680,7 @@
         ],
         "summary": "Get Azure storage containers",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52720,7 +52720,7 @@
         ],
         "summary": "Get Azure storage account types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52761,7 +52761,7 @@
         ],
         "summary": "Retrieves a list of Azure subscription list for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52801,7 +52801,7 @@
         ],
         "summary": "Returns the Azure vhd url for the specified vhd location",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52834,7 +52834,7 @@
         ],
         "summary": "Returns the custom cloud types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52881,7 +52881,7 @@
         ],
         "summary": "Registers the custom cloud type",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52918,7 +52918,7 @@
         ],
         "summary": "Deletes the custom cloud type",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -52951,7 +52951,7 @@
         ],
         "summary": "Returns valid keys for the cloud account used for custom cloud type",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53003,7 +53003,7 @@
         ],
         "summary": "Update the custom cloud type cloud account keys",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53033,7 +53033,7 @@
         ],
         "summary": "Delete the custom cloud type bootstrap",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "get": {
@@ -53064,7 +53064,7 @@
         ],
         "summary": "Returns the custom cloud type bootstrap",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53115,7 +53115,7 @@
         ],
         "summary": "Update the custom cloud type bootstrap",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53145,7 +53145,7 @@
         ],
         "summary": "Delete the custom cloud type cloud provider",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "get": {
@@ -53176,7 +53176,7 @@
         ],
         "summary": "Returns the custom cloud type cloud provider",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53227,7 +53227,7 @@
         ],
         "summary": "Update the custom cloud type cloud provider",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53257,7 +53257,7 @@
         ],
         "summary": "Delete the custom cloud type control plane",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "get": {
@@ -53288,7 +53288,7 @@
         ],
         "summary": "Returns the custom cloud type control plane",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53339,7 +53339,7 @@
         ],
         "summary": "Update the custom cloud type control plane",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53369,7 +53369,7 @@
         ],
         "summary": "Delete the custom cloud type cluster template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "get": {
@@ -53400,7 +53400,7 @@
         ],
         "summary": "Returns the custom cloud type cluster template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53451,7 +53451,7 @@
         ],
         "summary": "Update the custom cloud type cluster template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53481,7 +53481,7 @@
         ],
         "summary": "Delete the custom cloud type controlPlane pool template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "get": {
@@ -53512,7 +53512,7 @@
         ],
         "summary": "Returns the custom cloud type controlPlane pool template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53563,7 +53563,7 @@
         ],
         "summary": "Update the custom cloud type controlPlane pool template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53593,7 +53593,7 @@
         ],
         "summary": "Delete the custom cloud type worker pool template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "get": {
@@ -53624,7 +53624,7 @@
         ],
         "summary": "Returns the custom cloud type worker pool template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53675,7 +53675,7 @@
         ],
         "summary": "Update the custom cloud type worker pool template",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53717,7 +53717,7 @@
         ],
         "summary": "Returns the custom cloud type logo",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53768,7 +53768,7 @@
         ],
         "summary": "Update the custom cloud type logo",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53801,7 +53801,7 @@
         ],
         "summary": "Returns the custom cloud type meta",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "parameters": [
@@ -53847,7 +53847,7 @@
         ],
         "summary": "Update the custom cloud type meta",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53892,7 +53892,7 @@
         ],
         "summary": "Validate the specified CoxEdge account credentials",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53925,7 +53925,7 @@
         ],
         "summary": "Retrieves a list of default base urls",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -53971,7 +53971,7 @@
         ],
         "summary": "Retrieves a list of environments for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "post": {
@@ -54011,7 +54011,7 @@
         ],
         "summary": "Retrieves a list of environments for baseUrl and apiKey",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54051,7 +54051,7 @@
         ],
         "summary": "Retrieves a list of organizations for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "post": {
@@ -54091,7 +54091,7 @@
         ],
         "summary": "Retrieves a list of organizations for baseUrl and apiKey",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54148,7 +54148,7 @@
         ],
         "summary": "Retrieves a list of CoxEdge regions for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54202,7 +54202,7 @@
         ],
         "summary": "Retrieves a list of CoxEdge instance types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54248,7 +54248,7 @@
         ],
         "summary": "Retrieves a list of services for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       },
       "post": {
@@ -54288,7 +54288,7 @@
         ],
         "summary": "Retrieves a list of services for baseUrl and apiKey",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54333,7 +54333,7 @@
         ],
         "summary": "Validate EKS properties",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54378,7 +54378,7 @@
         ],
         "summary": "Validate the specified GCP account credentials",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54423,7 +54423,7 @@
         ],
         "summary": "Validate the specified GCP az",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54468,7 +54468,7 @@
         ],
         "summary": "Validate the specified GCP bucket name credentials",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54518,7 +54518,7 @@
         ],
         "summary": "Validates the image with tag",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54558,7 +54558,7 @@
         ],
         "summary": "Returns the Gcp image url for the specified image location",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54598,7 +54598,7 @@
         ],
         "summary": "Retrieves a list of GCP projects for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54645,7 +54645,7 @@
         ],
         "summary": "Retrieves a list of GCP regions",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54699,7 +54699,7 @@
         ],
         "summary": "Retrieves a list of GCP networks for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54753,7 +54753,7 @@
         ],
         "summary": "Retrieves a list of GCP zones for the specified account and region",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54805,7 +54805,7 @@
         ],
         "summary": "Validate the specified GCP project",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54852,7 +54852,7 @@
         ],
         "summary": "Retrieves a list of GCP zones for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54897,7 +54897,7 @@
         ],
         "summary": "Validate GCP properties",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54958,7 +54958,7 @@
         ],
         "summary": "Retrieves a list of GCP instance types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -54998,7 +54998,7 @@
         ],
         "summary": "Retrieves a list of Gcp storage types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55044,7 +55044,7 @@
         ],
         "summary": "Check if Maas account is valid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55083,7 +55083,7 @@
         ],
         "summary": "Retrieves a list of Maas zones for a particular account uid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55122,7 +55122,7 @@
         ],
         "summary": "Retrieves a list of Maas domains",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55161,7 +55161,7 @@
         ],
         "summary": "Retrieves a list of Maas pools for a particular account uid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55200,7 +55200,7 @@
         ],
         "summary": "Retrieves a list of Maas subnets for a particular account uid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55239,7 +55239,7 @@
         ],
         "summary": "Retrieves a list of Maas tags for a particular account uid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55285,7 +55285,7 @@
         ],
         "summary": "Check if OpenStack account is valid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55342,7 +55342,7 @@
         ],
         "summary": "Retrieves a list of OpenStack azs for a particular account uid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55399,7 +55399,7 @@
         ],
         "summary": "Returns the OpenStack flavors",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55456,7 +55456,7 @@
         ],
         "summary": "Returns the OpenStack keypair",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55513,7 +55513,7 @@
         ],
         "summary": "Returns the OpenStack networks",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55552,7 +55552,7 @@
         ],
         "summary": "Returns the OpenStack projects",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55591,7 +55591,7 @@
         ],
         "summary": "Returns the OpenStack regions",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55636,7 +55636,7 @@
         ],
         "summary": "Validate the specified Tencent account credentials",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55676,7 +55676,7 @@
         ],
         "summary": "Retrieves a list of Tencent regions for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55744,7 +55744,7 @@
         ],
         "summary": "Retrieves a list of Tencent instance types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55791,7 +55791,7 @@
         ],
         "summary": "Retrieves a list of keypairs for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55838,7 +55838,7 @@
         ],
         "summary": "Retrieves a list of secutity groups for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55892,7 +55892,7 @@
         ],
         "summary": "Retrieves a list of Tencent storage types",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55939,7 +55939,7 @@
         ],
         "summary": "Retrieves a list of VPCs for the specified account",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -55986,7 +55986,7 @@
         ],
         "summary": "Retrieves a list of Tencent availability zones for the specified region",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56032,7 +56032,7 @@
         ],
         "summary": "Check if Vsphere account is valid",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56071,7 +56071,7 @@
         ],
         "summary": "Returns the vsphere data centers",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56125,7 +56125,7 @@
         ],
         "summary": "Returns the resources for vsphere compute cluster",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56167,7 +56167,7 @@
         ],
         "summary": "Retrieves vsphere env",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56228,7 +56228,7 @@
         ],
         "summary": "Retrieves the cloud instance spot price based on zone and timestamp for a specific cloud",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56282,7 +56282,7 @@
         ],
         "summary": "Returns the cloud compute rate",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56342,7 +56342,7 @@
         ],
         "summary": "Returns the cloud storage rate",
         "tags": [
-          "v1"
+          "clouds"
         ]
       }
     },
@@ -56388,7 +56388,7 @@
         ],
         "summary": "Create cluster groups",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       }
     },
@@ -56421,7 +56421,7 @@
         ],
         "summary": "Get cluster group developer credit usage by scope",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       },
       "parameters": [
@@ -56466,7 +56466,7 @@
         ],
         "summary": "Retrieves a list of cluster groups host cluster summary",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       }
     },
@@ -56499,7 +56499,7 @@
         ],
         "summary": "Retrieves a list of cluster groups host cluster metadata",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       }
     },
@@ -56541,7 +56541,7 @@
         ],
         "summary": "Validates the cluster groups name",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       }
     },
@@ -56571,7 +56571,7 @@
         ],
         "summary": "Deletes the specified cluster group",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       },
       "get": {
@@ -56602,7 +56602,7 @@
         ],
         "summary": "Returns the specified cluster groups",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       },
       "parameters": [
@@ -56655,7 +56655,7 @@
         ],
         "summary": "Updates cluster reference and host cluster config",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       }
     },
@@ -56700,7 +56700,7 @@
         ],
         "summary": "Updates the specified cluster groups meta",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       }
     },
@@ -56733,7 +56733,7 @@
         ],
         "summary": "Returns the specified clustergroup's profile packs resolved values",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       },
       "parameters": [
@@ -56788,7 +56788,7 @@
         ],
         "summary": "Returns the associated profiles of a specified cluster group",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       },
       "parameters": [
@@ -56832,7 +56832,7 @@
         ],
         "summary": "Updates the specified cluster groups profiles",
         "tags": [
-          "v1"
+          "clustergroups"
         ]
       }
     },
@@ -56878,7 +56878,7 @@
         ],
         "summary": "Creates a cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -56918,7 +56918,7 @@
         ],
         "summary": "Deletes list of cluster profiles",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -56970,7 +56970,7 @@
         ],
         "summary": "Imports a cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57035,7 +57035,7 @@
         ],
         "summary": "Imports a cluster profile via file",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57075,7 +57075,7 @@
         ],
         "summary": "Validates cluster profile import",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57108,7 +57108,7 @@
         ],
         "summary": "Retrieves a list of macros",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57157,7 +57157,7 @@
         ],
         "summary": "Validates the cluster profile metadata",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57197,7 +57197,7 @@
         ],
         "summary": "Validates cluster profile packs",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57227,7 +57227,7 @@
         ],
         "summary": "Deletes the specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "get": {
@@ -57258,7 +57258,7 @@
         ],
         "summary": "Returns a specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -57308,7 +57308,7 @@
         ],
         "summary": "Updates the specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57363,7 +57363,7 @@
         ],
         "summary": "Creates a clone of the specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57416,7 +57416,7 @@
         ],
         "summary": "Validates the cluster profile clone",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57458,7 +57458,7 @@
         ],
         "summary": "Export the specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -57520,7 +57520,7 @@
         ],
         "summary": "Downloads the specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -57586,7 +57586,7 @@
         ],
         "summary": "Updates the specified cluster profile metadata",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57638,7 +57638,7 @@
         ],
         "summary": "Updates cluster profile packs ref",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57671,7 +57671,7 @@
         ],
         "summary": "Returns the specified cluster profile packs",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -57730,7 +57730,7 @@
         ],
         "summary": "Adds a new pack to the specified cluster profile and returns the created pack uid",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57763,7 +57763,7 @@
         ],
         "summary": "Returns the specified cluster profile pack manifests",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -57811,7 +57811,7 @@
         ],
         "summary": "Returns the specified cluster profile packs resolved values",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -57857,7 +57857,7 @@
         ],
         "summary": "Deletes the specified pack information in the cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "get": {
@@ -57888,7 +57888,7 @@
         ],
         "summary": "Returns the specified cluster profile pack",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -57939,7 +57939,7 @@
         ],
         "summary": "Updates the specified pack information in the cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -57993,7 +57993,7 @@
         ],
         "summary": "Returns the specified cluster profile pack configuration",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -58026,7 +58026,7 @@
         ],
         "summary": "Returns the associated manifests for the specified profile's pack",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -58086,7 +58086,7 @@
         ],
         "summary": "Adds manifest to the profiles packs and returns the added manifests uid",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -58116,7 +58116,7 @@
         ],
         "summary": "Deletes the specified cluster profile pack manifest",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "get": {
@@ -58147,7 +58147,7 @@
         ],
         "summary": "Returns the specified cluster profile pack manifest",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -58205,7 +58205,7 @@
         ],
         "summary": "Updates the specified manifest of the profile's pack",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -58245,7 +58245,7 @@
         ],
         "summary": "Publishes the specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -58287,7 +58287,7 @@
         ],
         "summary": "Downloads the specified cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -58343,7 +58343,7 @@
         ],
         "summary": "Validates specified cluster profile packs",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -58380,7 +58380,7 @@
         ],
         "summary": "Deletes the specified cluster profile variables",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "get": {
@@ -58411,7 +58411,7 @@
         ],
         "summary": "Retrieve a list of variables defined for the cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "parameters": [
@@ -58455,7 +58455,7 @@
         ],
         "summary": "Update specific variables defined for a cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       },
       "put": {
@@ -58490,7 +58490,7 @@
         ],
         "summary": "Update the variables defined for a cluster profile",
         "tags": [
-          "v1"
+          "clusterprofiles"
         ]
       }
     },
@@ -58551,7 +58551,7 @@
         ],
         "summary": "Retrieves a list of application deployments filter summary Supported filter fields - [\"appDeploymentName\", \"clusterUid\", \"tags\"] Supported sort fields - [\"appDeploymentName\", \"creationTimestamp\", \"lastModifiedTimestamp\"]",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58612,7 +58612,7 @@
         ],
         "summary": "Retrieves a list of application profiles filter summary Supported filter fields - [\"profileName\", \"tags\"] Supported sort fields - [\"profileName\", \"creationTimestamp\", \"lastModifiedTimestamp\"]",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58645,7 +58645,7 @@
         ],
         "summary": "Retrieves a list of application profile metadata",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58685,7 +58685,7 @@
         ],
         "summary": "Retrieves a list of edgehosts summary",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58723,7 +58723,7 @@
         ],
         "summary": "Retrieves a list of cloud accounts metadata",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58790,7 +58790,7 @@
         ],
         "summary": "Retrieves a list of cluster summary for a given cluster group",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58857,7 +58857,7 @@
         ],
         "summary": "Retrieves a list of cluster summary for a given cluster group",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58918,7 +58918,7 @@
         ],
         "summary": "Retrieves a list of cluster profiles filter summary Supported filter fields - [\"profileName\", \"tags\", \"profileType\", \"environment\"] Supported sort fields - [\"profileName\", \"environment\", \"profileType\", \"creationTimestamp\", \"lastModifiedTimestamp\"]",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58951,7 +58951,7 @@
         ],
         "summary": "Retrieves a list of cluster profiles metadata",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -58984,7 +58984,7 @@
         ],
         "summary": "Retrieves a specified cluster profile summary",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       },
       "parameters": [
@@ -59053,7 +59053,7 @@
         ],
         "summary": "Retrieves a list of Edgehosts summary with provided search filter. Supported fields as per schema /v1/dashboard/edgehosts/search/schema",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59086,7 +59086,7 @@
         ],
         "summary": "Retrieves a schema for the Edgehost search filter",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59147,7 +59147,7 @@
         ],
         "summary": "Retrieves a list of PCG summary with provided search filter. Supported fields as per schema /v1/dashboard/pcgs/search/schema",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59180,7 +59180,7 @@
         ],
         "summary": "Retrieves a schema for the PCG search filter",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59243,7 +59243,7 @@
         ],
         "summary": "Retrieves a list of project summary",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       },
       "post": {
@@ -59301,7 +59301,7 @@
           }
         ],
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59340,7 +59340,7 @@
         ],
         "summary": "Retrieves a list of projects metadata",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59402,7 +59402,7 @@
         ],
         "summary": "Retrieves a list of cluster summary with provided filter spec Supported filter fields - [\"cpuUsage\", \"memoryUsage\", \"clusterName\", \"tags\", \"healthState\", \"clusterStates\", \"isDeleted\", \"environments\", \"metricPeriod\"] Supported sort fields - [\"environment\", \"clusterName\", \"memoryUsage\", \"healthState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59442,7 +59442,7 @@
         ],
         "summary": "Retrieves spectro clusters cloud cost summary information",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59496,7 +59496,7 @@
         ],
         "summary": "Retrieves a list of running, non rbac configured clusters in a workspace",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59538,7 +59538,7 @@
         ],
         "summary": "Retrieves a list of cluster summary metadata",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       },
       "post": {
@@ -59576,7 +59576,7 @@
         ],
         "summary": "Retrieves a list of cluster summary",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59616,7 +59616,7 @@
         ],
         "summary": "Retrieves a list of cluster metadata with provided search filter spec Supported sort fields - [\"environment\", \"clusterName\", \"clusterState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59649,7 +59649,7 @@
         ],
         "summary": "Retrieves a schema for the cluster metadata search filter",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59714,7 +59714,7 @@
         ],
         "summary": "Retrieves a list of clusters with the desired repave state",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59754,7 +59754,7 @@
         ],
         "summary": "Retrieves spectro clusters resource consumption",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59794,7 +59794,7 @@
         ],
         "summary": "Retrieves spectro clusters resources cost summary information",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59834,7 +59834,7 @@
         ],
         "summary": "Retrieves spectro clusters resources usage summary information",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59895,7 +59895,7 @@
         ],
         "summary": "Retrieves a list of cluster summary with provided search filter spec Supported sort fields - [\"environment\", \"clusterName\", \"memoryUsage\", \"healthState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -59953,7 +59953,7 @@
         ],
         "summary": "Export and download the list of cluster summary with matching search filter and download as a file(csv)",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       },
       "post": {
@@ -60009,7 +60009,7 @@
         ],
         "summary": "Export the list of cluster summary with matching search filter and download as a file(csv) Supported sort fields - [\"environment\", \"clusterName\", \"healthState\", \"creationTimestamp\", \"lastModifiedTimestamp\"]",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60042,7 +60042,7 @@
         ],
         "summary": "Retrieves a supported input values for the cluster search filter",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60075,7 +60075,7 @@
         ],
         "summary": "Retrieves a schema for the cluster search filter",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60108,7 +60108,7 @@
         ],
         "summary": "Retrieves a list of Virtual machine enabled clusters",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60141,7 +60141,7 @@
         ],
         "summary": "Returns the specified cluster summary",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       },
       "parameters": [
@@ -60204,7 +60204,7 @@
         ],
         "summary": "Retrieves the specified cluster cost summary",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       },
       "parameters": [
@@ -60245,7 +60245,7 @@
         ],
         "summary": "Returns the specified cluster summary overview",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       },
       "parameters": [
@@ -60301,7 +60301,7 @@
         ],
         "summary": "Retrieves specified spectro cluster resource consumption",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60349,7 +60349,7 @@
         ],
         "summary": "Retrieves specified cluster workloads",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60397,7 +60397,7 @@
         ],
         "summary": "Retrieves specified cluster workload clusterrolebindings",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60445,7 +60445,7 @@
         ],
         "summary": "Retrieves specified cluster workload cronjobs",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60493,7 +60493,7 @@
         ],
         "summary": "Retrieves specified cluster workload daemonsets",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60541,7 +60541,7 @@
         ],
         "summary": "Retrieves specified cluster workload deployments",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60589,7 +60589,7 @@
         ],
         "summary": "Retrieves specified cluster workload jobs",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60637,7 +60637,7 @@
         ],
         "summary": "Retrieves specified cluster workload namespaces",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60685,7 +60685,7 @@
         ],
         "summary": "Retrieves specified cluster workload pods",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60733,7 +60733,7 @@
         ],
         "summary": "Retrieves specified cluster workload rolebindings",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60781,7 +60781,7 @@
         ],
         "summary": "Retrieves specified cluster workload statefulsets",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60814,7 +60814,7 @@
         ],
         "summary": "Retrieves a list of workspace",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60862,7 +60862,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload clusterrolebindings",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60910,7 +60910,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload cronjobs",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -60958,7 +60958,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload daemonsets",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -61006,7 +61006,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload deployments",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -61054,7 +61054,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload jobs",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -61102,7 +61102,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload namespaces",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -61150,7 +61150,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload pods",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -61198,7 +61198,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload rolebindings",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -61246,7 +61246,7 @@
         ],
         "summary": "Retrieves specified workspace clusters workload statefulsets",
         "tags": [
-          "v1"
+          "dashboard"
         ]
       }
     },
@@ -61292,7 +61292,7 @@
         ],
         "summary": "sync data to cloud watch",
         "tags": [
-          "v1"
+          "datasinks"
         ]
       }
     },
@@ -61336,7 +61336,7 @@
         ],
         "summary": "Retrieve the Complete Edgehost Metadata List",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "post": {
@@ -61380,7 +61380,7 @@
         ],
         "summary": "Create the edge host device",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61431,7 +61431,7 @@
         ],
         "summary": "Retrieves a list of edge hosts metadata matching the filter condition",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61471,7 +61471,7 @@
         ],
         "summary": "Registers the edge host device",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61504,7 +61504,7 @@
         ],
         "summary": "Retrieves a list of edge hosts tags",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61537,7 +61537,7 @@
         ],
         "summary": "Retrieves a list of edge tokens",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "post": {
@@ -61581,7 +61581,7 @@
         ],
         "summary": "Create the edge token",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61611,7 +61611,7 @@
         ],
         "summary": "Deletes the specified edge token",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "get": {
@@ -61642,7 +61642,7 @@
         ],
         "summary": "Returns the specified edge token",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "parameters": [
@@ -61686,7 +61686,7 @@
         ],
         "summary": "Updates the specified edge token",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61732,7 +61732,7 @@
         ],
         "summary": "Revoke or re-activate the edge token access",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61762,7 +61762,7 @@
         ],
         "summary": "Deletes the specified edge host device",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "get": {
@@ -61800,7 +61800,7 @@
         ],
         "summary": "Returns the specified edge host device",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "parameters": [
@@ -61843,7 +61843,7 @@
         ],
         "summary": "Updates the specified edge host device",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61873,7 +61873,7 @@
         ],
         "summary": "Deassociate the clusters to the edge host",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "parameters": [
@@ -61916,7 +61916,7 @@
         ],
         "summary": "Associate the clusters to the edge host",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -61961,7 +61961,7 @@
         ],
         "summary": "Updates the edge host health",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62006,7 +62006,7 @@
         ],
         "summary": "Update the specified edge host device host check sum",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62051,7 +62051,7 @@
         ],
         "summary": "Update the specified edge host device host pairing key",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62096,7 +62096,7 @@
         ],
         "summary": "Updates the specified edge host device meta",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62150,7 +62150,7 @@
         ],
         "summary": "Returns the specified edge host's manifest",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62195,7 +62195,7 @@
         ],
         "summary": "Patch update specified edge host's packs status",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62234,7 +62234,7 @@
         ],
         "summary": "Returns the associated profiles of a specified edge host device",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "parameters": [
@@ -62277,7 +62277,7 @@
         ],
         "summary": "Associate cluster profiles to the specified edge host device",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62322,7 +62322,7 @@
         ],
         "summary": "Reset the cluster through edge host",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62364,7 +62364,7 @@
         ],
         "summary": "Download the specified edge host device spc",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       },
       "parameters": [
@@ -62417,7 +62417,7 @@
         ],
         "summary": "Updates the specified edge host device vsphere properties",
         "tags": [
-          "v1"
+          "edgehosts"
         ]
       }
     },
@@ -62490,7 +62490,7 @@
         ],
         "summary": "Returns a paginated list of component events based on request parameters",
         "tags": [
-          "v1"
+          "events"
         ]
       },
       "post": {
@@ -62535,7 +62535,7 @@
         ],
         "summary": "Creates a component event",
         "tags": [
-          "v1"
+          "events"
         ]
       }
     },
@@ -62576,7 +62576,7 @@
         ],
         "summary": "Creates the component events in bulk",
         "tags": [
-          "v1"
+          "events"
         ]
       }
     },
@@ -62606,7 +62606,7 @@
         ],
         "summary": "Delete all the components events for the specified related object",
         "tags": [
-          "v1"
+          "events"
         ]
       },
       "get": {
@@ -62677,7 +62677,7 @@
         ],
         "summary": "Returns a list of components events for the specified related object",
         "tags": [
-          "v1"
+          "events"
         ]
       },
       "parameters": [
@@ -62730,7 +62730,7 @@
         ],
         "summary": "Retrieves the list of features",
         "tags": [
-          "v1"
+          "features"
         ]
       }
     },
@@ -62776,7 +62776,7 @@
         ],
         "summary": "Update a feature",
         "tags": [
-          "v1"
+          "features"
         ]
       }
     },
@@ -62830,7 +62830,7 @@
         ],
         "summary": "Returns a list of Filters",
         "tags": [
-          "v1"
+          "filters"
         ]
       }
     },
@@ -62869,7 +62869,7 @@
         ],
         "summary": "Returns a list of Filters metadata",
         "tags": [
-          "v1"
+          "filters"
         ]
       }
     },
@@ -62915,7 +62915,7 @@
         ],
         "summary": "Creates a Tag filter",
         "tags": [
-          "v1"
+          "filters"
         ]
       }
     },
@@ -62945,7 +62945,7 @@
         ],
         "summary": "Delete the specified Filter object",
         "tags": [
-          "v1"
+          "filters"
         ]
       },
       "get": {
@@ -62976,7 +62976,7 @@
         ],
         "summary": "Returns the specified Filter object",
         "tags": [
-          "v1"
+          "filters"
         ]
       },
       "parameters": [
@@ -63019,7 +63019,7 @@
         ],
         "summary": "Updates a Tag filter",
         "tags": [
-          "v1"
+          "filters"
         ]
       }
     },
@@ -63119,7 +63119,7 @@
         ],
         "summary": "Retrieves the list of metrics for a specified resource kind",
         "tags": [
-          "v1"
+          "metrics"
         ]
       }
     },
@@ -63168,7 +63168,7 @@
         ],
         "summary": "Deletes the metrics of the specified resource",
         "tags": [
-          "v1"
+          "metrics"
         ]
       },
       "get": {
@@ -63268,7 +63268,7 @@
         ],
         "summary": "Returns the metrics for a specified resource uid",
         "tags": [
-          "v1"
+          "metrics"
         ]
       }
     },
@@ -63335,7 +63335,7 @@
         ],
         "summary": "Returns a paginated list of notifications based on request parameters",
         "tags": [
-          "v1"
+          "notifications"
         ]
       }
     },
@@ -63376,7 +63376,7 @@
         ],
         "summary": "Creates a notification event",
         "tags": [
-          "v1"
+          "notifications"
         ]
       }
     },
@@ -63443,7 +63443,7 @@
         ],
         "summary": "Returns a list of notifications for the specified related object",
         "tags": [
-          "v1"
+          "notifications"
         ]
       },
       "parameters": [
@@ -63502,7 +63502,7 @@
         ],
         "summary": "Updates the specified notification for the acknowledgment",
         "tags": [
-          "v1"
+          "notifications"
         ]
       }
     },
@@ -63534,7 +63534,7 @@
         ],
         "summary": "Updates the specified notification action as done",
         "tags": [
-          "v1"
+          "notifications"
         ]
       }
     },
@@ -63572,7 +63572,7 @@
         ],
         "summary": "Retrieves a list of overlords owned by the tenant",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -63605,7 +63605,7 @@
         ],
         "summary": "Returns the manifests required for the private gateway installation",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -63667,7 +63667,7 @@
         ],
         "summary": "create the maas cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "put": {
@@ -63702,7 +63702,7 @@
         ],
         "summary": "update the maas cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -63757,7 +63757,7 @@
         ],
         "summary": "validate the maas cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -63811,7 +63811,7 @@
         ],
         "summary": "create the maas cloud config for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "put": {
@@ -63846,7 +63846,7 @@
         ],
         "summary": "update the maas cloud config for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -63879,7 +63879,7 @@
         ],
         "summary": "Returns the specified maas private gateway cluster profile",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -63924,7 +63924,7 @@
         ],
         "summary": "migrate all the clusters from source overlord to target overlord",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -63957,7 +63957,7 @@
         ],
         "summary": "Returns the manifests required for the private gateway installation",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64019,7 +64019,7 @@
         ],
         "summary": "create the OpenStack cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "put": {
@@ -64054,7 +64054,7 @@
         ],
         "summary": "update the OpenStack cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64109,7 +64109,7 @@
         ],
         "summary": "validate the OpenStack cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64163,7 +64163,7 @@
         ],
         "summary": "create the OpenStack cloud config for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "put": {
@@ -64198,7 +64198,7 @@
         ],
         "summary": "update the OpenStack cloud config for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64231,7 +64231,7 @@
         ],
         "summary": "Returns the specified OpenStack private gateway cluster profile",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64282,7 +64282,7 @@
         ],
         "summary": "Returns the pairing code for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64315,7 +64315,7 @@
         ],
         "summary": "Returns the manifests required for the private gateway installation",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64356,7 +64356,7 @@
         ],
         "summary": "Returns overlord's ova information",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64410,7 +64410,7 @@
         ],
         "summary": "create the vSphere cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "put": {
@@ -64445,7 +64445,7 @@
         ],
         "summary": "update the vSphere cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64500,7 +64500,7 @@
         ],
         "summary": "validate the vSphere cloudaccount for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64554,7 +64554,7 @@
         ],
         "summary": "create the vSphere cloud config for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "put": {
@@ -64589,7 +64589,7 @@
         ],
         "summary": "update the vSphere cloud config for the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64622,7 +64622,7 @@
         ],
         "summary": "Returns the specified vsphere private gateway cluster profile",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64663,7 +64663,7 @@
         ],
         "summary": "Retrieves a list of IP Pools for the specified private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64715,7 +64715,7 @@
         ],
         "summary": "Creates an IP pool defintion for the sepcified private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64745,7 +64745,7 @@
         ],
         "summary": "Deletes the private gateways's specified IP Pool data",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64794,7 +64794,7 @@
         ],
         "summary": "Updates the private gateways's specified IP Pool data",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -64827,7 +64827,7 @@
         ],
         "summary": "Retrieves the vSphere computecluster resources for the specified private gateway's account",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64878,9 +64878,9 @@
             "Authorization": []
           }
         ],
-        "summary": "Retrieves the vSphere datacenters \u0026 datacluster for the specified private gateway's account",
+        "summary": "Retrieves the vSphere datacenters & datacluster for the specified private gateway's account",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -64921,7 +64921,7 @@
         ],
         "summary": "delete the private gateway",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "get": {
@@ -64952,7 +64952,7 @@
         ],
         "summary": "Returns the specified private gateway's for the given uid",
         "tags": [
-          "v1"
+          "overlords"
         ]
       },
       "parameters": [
@@ -65005,7 +65005,7 @@
         ],
         "summary": "update the private gateway's metadata",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -65046,7 +65046,7 @@
         ],
         "summary": "reset the private gateway by disaaociating the private gateway's resources",
         "tags": [
-          "v1"
+          "overlords"
         ]
       }
     },
@@ -65085,7 +65085,7 @@
         ],
         "summary": "Deletes the packs",
         "tags": [
-          "v1"
+          "packs"
         ]
       },
       "get": {
@@ -65155,7 +65155,7 @@
         ],
         "summary": "Retrieves a list of packs",
         "tags": [
-          "v1"
+          "packs"
         ]
       }
     },
@@ -65216,7 +65216,7 @@
         ],
         "summary": "Retrieves a list of packs based on filter",
         "tags": [
-          "v1"
+          "packs"
         ]
       }
     },
@@ -65249,7 +65249,7 @@
         ],
         "summary": "Retrieves a list of packs",
         "tags": [
-          "v1"
+          "packs"
         ]
       },
       "parameters": [
@@ -65332,7 +65332,7 @@
         ],
         "summary": "Returns the logo for a specified pack",
         "tags": [
-          "v1"
+          "packs"
         ]
       },
       "parameters": [
@@ -65374,7 +65374,7 @@
         ],
         "summary": "Returns the specified pack",
         "tags": [
-          "v1"
+          "packs"
         ]
       },
       "parameters": [
@@ -65416,7 +65416,7 @@
         ],
         "summary": "Returns the readme of a specified pack",
         "tags": [
-          "v1"
+          "packs"
         ]
       },
       "parameters": [
@@ -65465,7 +65465,7 @@
         ],
         "summary": "Returns the private gateway manifest link",
         "tags": [
-          "v1"
+          "pcg"
         ]
       }
     },
@@ -65514,7 +65514,7 @@
         ],
         "summary": "Registers the pcg",
         "tags": [
-          "v1"
+          "pcg"
         ]
       }
     },
@@ -65556,7 +65556,7 @@
         ],
         "summary": "Returns the pcg ally manifest",
         "tags": [
-          "v1"
+          "pcg"
         ]
       },
       "parameters": [
@@ -65606,7 +65606,7 @@
         ],
         "summary": "Returns the pcg jet manifest",
         "tags": [
-          "v1"
+          "pcg"
         ]
       },
       "parameters": [
@@ -65658,7 +65658,7 @@
         ],
         "summary": "Retrieves a list of permissions",
         "tags": [
-          "v1"
+          "permissions"
         ]
       }
     },
@@ -65731,7 +65731,7 @@
         ],
         "summary": "Retrieves a list of projects",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "post": {
@@ -65775,7 +65775,7 @@
         ],
         "summary": "Creates a project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -65800,7 +65800,7 @@
         ],
         "summary": "Retrieves a list of supported alerts for a project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -65836,7 +65836,7 @@
         ],
         "summary": "Deletes the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "get": {
@@ -65859,7 +65859,7 @@
         ],
         "summary": "Returns the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "parameters": [
@@ -65896,7 +65896,7 @@
         ],
         "summary": "Updates the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -65918,7 +65918,7 @@
         ],
         "summary": "Deletes the specified alert to the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "parameters": [
@@ -65970,7 +65970,7 @@
         ],
         "summary": "Create the specified alert to the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "put": {
@@ -65999,7 +65999,7 @@
         ],
         "summary": "Upsert the specified alert to the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -66021,7 +66021,7 @@
         ],
         "summary": "Deletes the specified alert of the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "get": {
@@ -66044,7 +66044,7 @@
         ],
         "summary": "Get the specified alert of the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "parameters": [
@@ -66093,7 +66093,7 @@
         ],
         "summary": "Update the specified alert of the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -66124,7 +66124,7 @@
         ],
         "summary": "Delete the macros for the specified project by macro name",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "get": {
@@ -66147,7 +66147,7 @@
         ],
         "summary": "List the macros of the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "parameters": [
@@ -66184,7 +66184,7 @@
         ],
         "summary": "Update the macros for the specified project by macro name",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "post": {
@@ -66213,7 +66213,7 @@
         ],
         "summary": "Create or add new macros for the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "put": {
@@ -66242,7 +66242,7 @@
         ],
         "summary": "Update the macros of the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -66281,7 +66281,7 @@
         ],
         "summary": "Update the metadata of the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -66306,7 +66306,7 @@
         ],
         "summary": "Get project cluster settings",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "parameters": [
@@ -66359,7 +66359,7 @@
         ],
         "summary": "Update project clusters nodes auto remediation setting",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -66398,7 +66398,7 @@
         ],
         "summary": "Update the teams association to the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -66437,7 +66437,7 @@
         ],
         "summary": "Update the users association to the specified project",
         "tags": [
-          "v1"
+          "projects"
         ]
       }
     },
@@ -66462,7 +66462,7 @@
         ],
         "summary": "Validate and returns active resource of project before delete",
         "tags": [
-          "v1"
+          "projects"
         ]
       },
       "parameters": [
@@ -66542,7 +66542,7 @@
         ],
         "summary": "Retrieves a list of Helm registries",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -66599,7 +66599,7 @@
         ],
         "summary": "Creates a helm registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -66671,7 +66671,7 @@
         ],
         "summary": "Retrieves a list of helm registries as summary",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -66729,7 +66729,7 @@
         ],
         "summary": "Check if helm registry is valid",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -66759,7 +66759,7 @@
         ],
         "summary": "Deletes the specified helm registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "get": {
@@ -66790,7 +66790,7 @@
         ],
         "summary": "Returns the specified Helm registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -66833,7 +66833,7 @@
         ],
         "summary": "Updates the specified helm registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -66884,7 +66884,7 @@
         ],
         "summary": "Sync Helm registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -66918,7 +66918,7 @@
         ],
         "summary": "Get helm registry sync status",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -66959,7 +66959,7 @@
         ],
         "summary": "Retrieves a list of registries metadata",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67024,7 +67024,7 @@
         ],
         "summary": "Creates a basic oci registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67069,7 +67069,7 @@
         ],
         "summary": "Check if oci registry is valid",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67121,7 +67121,7 @@
         ],
         "summary": "Creates a ecr registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67166,7 +67166,7 @@
         ],
         "summary": "Check if ecr registry is valid",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67199,7 +67199,7 @@
         ],
         "summary": "Creates a image registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67232,7 +67232,7 @@
         ],
         "summary": "Retrieves a oci registries summary",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67265,7 +67265,7 @@
         ],
         "summary": "Returns the information of specified oci registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67308,7 +67308,7 @@
         ],
         "summary": "Deletes the specified basic oci registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "get": {
@@ -67339,7 +67339,7 @@
         ],
         "summary": "Returns the basic oci registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67382,7 +67382,7 @@
         ],
         "summary": "Updates the specified basic oci registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67433,7 +67433,7 @@
         ],
         "summary": "Sync oci registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67467,7 +67467,7 @@
         ],
         "summary": "Get oci registry sync status",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67505,7 +67505,7 @@
         ],
         "summary": "Deletes the specified ecr registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "get": {
@@ -67536,7 +67536,7 @@
         ],
         "summary": "Returns the specified ecr registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67579,7 +67579,7 @@
         ],
         "summary": "Updates the specified ecr registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67630,7 +67630,7 @@
         ],
         "summary": "Sync ecr registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67664,7 +67664,7 @@
         ],
         "summary": "Get ecr registry sync status",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67744,7 +67744,7 @@
         ],
         "summary": "Retrieves a list of Pack registries",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67807,7 +67807,7 @@
         ],
         "summary": "Creates a pack registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67879,7 +67879,7 @@
         ],
         "summary": "Retrieves a list of pack registries as summary",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -67937,7 +67937,7 @@
         ],
         "summary": "Check if pack registry is valid",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -67967,7 +67967,7 @@
         ],
         "summary": "Deletes the specified pack registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "get": {
@@ -67998,7 +67998,7 @@
         ],
         "summary": "Returns the specified Pack registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -68041,7 +68041,7 @@
         ],
         "summary": "Updates the specified pack registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -68092,7 +68092,7 @@
         ],
         "summary": "Sync Pack registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       }
     },
@@ -68126,7 +68126,7 @@
         ],
         "summary": "Get pack registry sync status",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -68167,7 +68167,7 @@
         ],
         "summary": "Returns the specified system scope registry configuration",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -68205,7 +68205,7 @@
         ],
         "summary": "Deletes the specified registry",
         "tags": [
-          "v1"
+          "registries"
         ]
       },
       "parameters": [
@@ -68285,7 +68285,7 @@
         ],
         "summary": "Retrieves a list of roles",
         "tags": [
-          "v1"
+          "roles"
         ]
       },
       "post": {
@@ -68329,7 +68329,7 @@
         ],
         "summary": "Creates a role with specified permissions",
         "tags": [
-          "v1"
+          "roles"
         ]
       }
     },
@@ -68351,7 +68351,7 @@
         ],
         "summary": "Deletes the specified role",
         "tags": [
-          "v1"
+          "roles"
         ]
       },
       "get": {
@@ -68374,7 +68374,7 @@
         ],
         "summary": "Returns the specified role",
         "tags": [
-          "v1"
+          "roles"
         ]
       },
       "parameters": [
@@ -68411,7 +68411,7 @@
         ],
         "summary": "Updates the specified role",
         "tags": [
-          "v1"
+          "roles"
         ]
       }
     },
@@ -68459,7 +68459,7 @@
         ],
         "summary": "Clone the role",
         "tags": [
-          "v1"
+          "roles"
         ]
       }
     },
@@ -68527,7 +68527,7 @@
         ],
         "summary": "Returns a latest version for a given service name",
         "tags": [
-          "v1"
+          "services"
         ]
       }
     },
@@ -68620,7 +68620,7 @@
         ],
         "summary": "Returns a service manifest for a given service name and version",
         "tags": [
-          "v1"
+          "services"
         ]
       }
     },
@@ -68666,7 +68666,7 @@
         ],
         "summary": "Creates an AKS cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -68717,7 +68717,7 @@
         ],
         "summary": "Get AKS cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -68757,7 +68757,7 @@
         ],
         "summary": "Validates AKS cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -68803,7 +68803,7 @@
         ],
         "summary": "Creates an AWS cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -68849,7 +68849,7 @@
         ],
         "summary": "Imports an AWS cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -68900,7 +68900,7 @@
         ],
         "summary": "Get AWS cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -68940,7 +68940,7 @@
         ],
         "summary": "Validates AWS cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -68986,7 +68986,7 @@
         ],
         "summary": "Creates an Azure cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69032,7 +69032,7 @@
         ],
         "summary": "Imports an Azure cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69083,7 +69083,7 @@
         ],
         "summary": "Get Azure cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69123,7 +69123,7 @@
         ],
         "summary": "Validates Azure cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69178,7 +69178,7 @@
         ],
         "summary": "Creates a Custom cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69227,7 +69227,7 @@
         ],
         "summary": "Validates Custom cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69273,7 +69273,7 @@
         ],
         "summary": "Creates an EdgeNative cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69319,7 +69319,7 @@
         ],
         "summary": "Imports an EdgeNative cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69370,7 +69370,7 @@
         ],
         "summary": "Get edge-native cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69410,7 +69410,7 @@
         ],
         "summary": "Validates edge-native cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69456,7 +69456,7 @@
         ],
         "summary": "Creates an EKS cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69507,7 +69507,7 @@
         ],
         "summary": "Get EKS cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69547,7 +69547,7 @@
         ],
         "summary": "Validates EKS cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69580,7 +69580,7 @@
         ],
         "summary": "Returns the cluster object references based on locationUid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -69623,7 +69623,7 @@
         ],
         "summary": "Change cluster backup location",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69672,7 +69672,7 @@
         ],
         "summary": "Download log fetcher logs for cluster by log fetcher uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -69741,7 +69741,7 @@
         ],
         "summary": "Update log fetcher logs by log fetcher uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69787,7 +69787,7 @@
         ],
         "summary": "Creates a GCP cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69833,7 +69833,7 @@
         ],
         "summary": "Imports a GCP cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69884,7 +69884,7 @@
         ],
         "summary": "Get GCP cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69924,7 +69924,7 @@
         ],
         "summary": "Validates GCP cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -69971,7 +69971,7 @@
         ],
         "summary": "Imports a cluster of any cloud type in generic way",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70022,7 +70022,7 @@
         ],
         "summary": "Get generic cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70068,7 +70068,7 @@
         ],
         "summary": "Creates an GKE cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70119,7 +70119,7 @@
         ],
         "summary": "Get GKE cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70159,7 +70159,7 @@
         ],
         "summary": "Validates GKE cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70205,7 +70205,7 @@
         ],
         "summary": "Creates a MAAS cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70251,7 +70251,7 @@
         ],
         "summary": "Imports a Maas cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70302,7 +70302,7 @@
         ],
         "summary": "Get maas cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70342,7 +70342,7 @@
         ],
         "summary": "Validates MAAS cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70388,7 +70388,7 @@
         ],
         "summary": "Creates a OpenStack cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70434,7 +70434,7 @@
         ],
         "summary": "Imports an OpenStack cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70485,7 +70485,7 @@
         ],
         "summary": "Get openstack cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70525,7 +70525,7 @@
         ],
         "summary": "Validates OpenStack cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70574,7 +70574,7 @@
         ],
         "summary": "Downloads the cluster definition archive file",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70620,7 +70620,7 @@
         ],
         "summary": "Creates a Tke cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70671,7 +70671,7 @@
         ],
         "summary": "Get TKE cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70711,7 +70711,7 @@
         ],
         "summary": "Validates TKE cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70744,7 +70744,7 @@
         ],
         "summary": "Get cluster settings by context",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70786,7 +70786,7 @@
         ],
         "summary": "Validates the cluster name",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70826,7 +70826,7 @@
         ],
         "summary": "Validates spectro cluster packs",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70872,7 +70872,7 @@
         ],
         "summary": "Creates a virtual cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70916,7 +70916,7 @@
         ],
         "summary": "Get the cluster pack values yaml",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -70956,7 +70956,7 @@
         ],
         "summary": "Validates virtual cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71002,7 +71002,7 @@
         ],
         "summary": "Creates a vSphere cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71048,7 +71048,7 @@
         ],
         "summary": "Imports a vSphere cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71099,7 +71099,7 @@
         ],
         "summary": "Get vSphere cluster estimated rate information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71139,7 +71139,7 @@
         ],
         "summary": "Validates vSphere cluster create operation",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71175,7 +71175,7 @@
         ],
         "summary": "Deletes the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "get": {
@@ -71238,7 +71238,7 @@
         ],
         "summary": "Returns the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -71280,7 +71280,7 @@
         ],
         "summary": "Get the cluster asset doc",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -71329,7 +71329,7 @@
         ],
         "summary": "Associate the assets for the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71371,7 +71371,7 @@
         ],
         "summary": "Returns the specified cluster's kube config file",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -71410,7 +71410,7 @@
         ],
         "summary": "Deletes the cluster's frp kube config client data",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "get": {
@@ -71450,7 +71450,7 @@
         ],
         "summary": "Returns the specified cluster's frp kube config file",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -71494,7 +71494,7 @@
         ],
         "summary": "Updates the cluster's frp kube config data",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71543,7 +71543,7 @@
         ],
         "summary": "Returns the specified cluster's kube config file",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -71587,7 +71587,7 @@
         ],
         "summary": "Updates the cluster's manifest data",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71617,7 +71617,7 @@
         ],
         "summary": "Deletes the cluster's kube config client data",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "get": {
@@ -71657,7 +71657,7 @@
         ],
         "summary": "Returns the specified cluster's kube config client file",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -71701,7 +71701,7 @@
         ],
         "summary": "Updates the cluster's kube config client data",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71734,7 +71734,7 @@
         ],
         "summary": "Returns the specified cluster's manifest data",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -71778,7 +71778,7 @@
         ],
         "summary": "Updates the specified cluster's manifest data",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71824,7 +71824,7 @@
         ],
         "summary": "Updates the specified cluster meta attribute",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71870,7 +71870,7 @@
         ],
         "summary": "Updates the specified cluster controlPlane health check timeout",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71916,7 +71916,7 @@
         ],
         "summary": "Updates the specified cluster host config",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -71962,7 +71962,7 @@
         ],
         "summary": "Updates the specified cluster Life cycle configuration",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72008,7 +72008,7 @@
         ],
         "summary": "Updates the specified cluster OS patch configuration",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72041,7 +72041,7 @@
         ],
         "summary": "Retrieves namespaces for the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72085,7 +72085,7 @@
         ],
         "summary": "Updates namespaces for the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72118,7 +72118,7 @@
         ],
         "summary": "Retrieves the specified namespace of the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72169,7 +72169,7 @@
         ],
         "summary": "Updates the specified namespace of the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72202,7 +72202,7 @@
         ],
         "summary": "Retrieves RBAC information for the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72246,7 +72246,7 @@
         ],
         "summary": "Updates RBAC information for the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72279,7 +72279,7 @@
         ],
         "summary": "Retrieves the specified RBAC of the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72330,7 +72330,7 @@
         ],
         "summary": "Updates the specified RBAC of the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72372,7 +72372,7 @@
         ],
         "summary": "Download the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72414,7 +72414,7 @@
         ],
         "summary": "Retrieves a list of edge host of edge-native cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72453,7 +72453,7 @@
         ],
         "summary": "Reset cluster backup schedule settings",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "get": {
@@ -72489,7 +72489,7 @@
         ],
         "summary": "Returns the cluster backup result",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72541,7 +72541,7 @@
         ],
         "summary": "Create cluster backup settings",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "put": {
@@ -72576,7 +72576,7 @@
         ],
         "summary": "Update cluster backup settings",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72630,7 +72630,7 @@
         ],
         "summary": "Create on demand cluster backup",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72660,7 +72660,7 @@
         ],
         "summary": "Delete cluster backup",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72713,7 +72713,7 @@
         ],
         "summary": "Returns the compliance scan of cluster, if driverType is provided then specific status of driverType will be returned",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72765,7 +72765,7 @@
         ],
         "summary": "Create cluster compliance scan",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "put": {
@@ -72800,7 +72800,7 @@
         ],
         "summary": "Update cluster compliance scan settings",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72833,7 +72833,7 @@
         ],
         "summary": "Returns the compliance scan log by cluster uid and driver type",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -72886,7 +72886,7 @@
         ],
         "summary": "Update the KubeBench compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72931,7 +72931,7 @@
         ],
         "summary": "Update the KubeHunter compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -72976,7 +72976,7 @@
         ],
         "summary": "Update the Sonobuoy compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -73021,7 +73021,7 @@
         ],
         "summary": "Update the Syft compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -73051,7 +73051,7 @@
         ],
         "summary": "Delete the compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73098,7 +73098,7 @@
         ],
         "summary": "Returns the KubeBench compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73150,7 +73150,7 @@
         ],
         "summary": "Returns the KubeHunter compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73202,7 +73202,7 @@
         ],
         "summary": "Returns the Sonobuoy compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73254,7 +73254,7 @@
         ],
         "summary": "Returns the Syft compliance scan log by uid",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73310,7 +73310,7 @@
         ],
         "summary": "Returns the image sbom of syft scan log of cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73373,7 +73373,7 @@
         ],
         "summary": "Downloads the driver cluster logs",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73459,7 +73459,7 @@
         ],
         "summary": "Create on demand cluster compliance scan",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -73492,7 +73492,7 @@
         ],
         "summary": "Get the installed helm charts of a specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73538,7 +73538,7 @@
         ],
         "summary": "Get the log fetcher for cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73591,7 +73591,7 @@
         ],
         "summary": "Create the log fetcher for cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -73624,7 +73624,7 @@
         ],
         "summary": "Get the installed manifests of a specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73670,7 +73670,7 @@
         ],
         "summary": "Returns the cluster restore of cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73732,7 +73732,7 @@
         ],
         "summary": "Create on demand cluster restore",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -73774,7 +73774,7 @@
         ],
         "summary": "Returns the specified cluster's import manifest file",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73821,7 +73821,7 @@
         ],
         "summary": "Upgrade the specified imported read only cluster with full permissions",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -73854,7 +73854,7 @@
         ],
         "summary": "Get K8Certificate for spectro cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73902,7 +73902,7 @@
         ],
         "summary": "Sets the cluster control plane nodes Kubernetes certificates for renewal",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -73935,7 +73935,7 @@
         ],
         "summary": "Returns the specified cluster's kube config file",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -73996,7 +73996,7 @@
         ],
         "summary": "Associate the assets for the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74042,7 +74042,7 @@
         ],
         "summary": "Update the specified spectro cluster metadata",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74075,7 +74075,7 @@
         ],
         "summary": "Returns available namespaces for the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -74129,7 +74129,7 @@
         ],
         "summary": "Returns k8s spectrocluster oidc",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74169,7 +74169,7 @@
         ],
         "summary": "Returns k8s dashboard url",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74223,7 +74223,7 @@
         ],
         "summary": "Returns the specified cluster's manifest",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74290,7 +74290,7 @@
         ],
         "summary": "Get specified cluster pack properties",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74340,7 +74340,7 @@
         ],
         "summary": "Updates the cluster's pack references",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74373,7 +74373,7 @@
         ],
         "summary": "Returns the specified cluster's packs resolved values",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -74435,7 +74435,7 @@
         ],
         "summary": "Patch update specified cluster's packs status",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74468,7 +74468,7 @@
         ],
         "summary": "Returns the profile updates of a specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -74514,7 +74514,7 @@
         ],
         "summary": "Remove cluster profiles from the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "get": {
@@ -74551,7 +74551,7 @@
         ],
         "summary": "Returns the associated profiles of a specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -74602,7 +74602,7 @@
         ],
         "summary": "Patch cluster profiles to the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "put": {
@@ -74644,7 +74644,7 @@
         ],
         "summary": "Associate cluster profiles to the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74690,7 +74690,7 @@
         ],
         "summary": "Returns the associated profile's pack manifests of a specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -74753,7 +74753,7 @@
         ],
         "summary": "Returns the specified cluster's profile pack configuration",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74786,7 +74786,7 @@
         ],
         "summary": "Returns the associated profiles pack manifests of the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -74844,7 +74844,7 @@
         ],
         "summary": "Updates cluster profiles pack manifests to the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74877,7 +74877,7 @@
         ],
         "summary": "Returns the estimated rate of the specified cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -74935,7 +74935,7 @@
         ],
         "summary": "Returns the spectrocluster repave approve update",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -74975,7 +74975,7 @@
         ],
         "summary": "Returns the spectrocluster repave",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75020,7 +75020,7 @@
         ],
         "summary": "reset the cluster s by deleting machine pools and condtions",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75053,7 +75053,7 @@
         ],
         "summary": "Get the cluster's status",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -75107,7 +75107,7 @@
         ],
         "summary": "Updates the specified cluster status condition",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75155,7 +75155,7 @@
         ],
         "summary": "Updates the specified cluster status conditions",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75203,7 +75203,7 @@
         ],
         "summary": "Updates the specified cluster's service endpoints information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75241,7 +75241,7 @@
         ],
         "summary": "Updates the specified cluster status as imported",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75289,7 +75289,7 @@
         ],
         "summary": "Updates the specified cluster's services information",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75322,7 +75322,7 @@
         ],
         "summary": "Returns the SPC apply information for the agent",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -75364,7 +75364,7 @@
         ],
         "summary": "Set the CanBeApplied to true on the spcApply status. CanBeApplied indicates the agent to orchestrate the spc changes",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75409,7 +75409,7 @@
         ],
         "summary": "Updates the agent patch time for the SPC changes",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75454,7 +75454,7 @@
         ],
         "summary": "Updates the cluster's upgrade status",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75501,7 +75501,7 @@
         ],
         "summary": "Validates cluster packs",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75548,7 +75548,7 @@
         ],
         "summary": "Validates if cluster gets repaved for the specified packs",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75581,7 +75581,7 @@
         ],
         "summary": "Retrieve a list of variables associated with the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -75647,7 +75647,7 @@
         ],
         "summary": "Returns the list of virtual machines",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -75701,7 +75701,7 @@
         ],
         "summary": "Create virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75768,7 +75768,7 @@
         ],
         "summary": "Returns the list of snapshots of given namespaces",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -75807,7 +75807,7 @@
         ],
         "summary": "Deletes the virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "get": {
@@ -75838,7 +75838,7 @@
         ],
         "summary": "Get virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -75899,7 +75899,7 @@
         ],
         "summary": "Updates the specified virtual machine of the cluster",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -75965,7 +75965,7 @@
         ],
         "summary": "Add volume to the virtual machine instance",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76028,7 +76028,7 @@
         ],
         "summary": "Clone virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76087,7 +76087,7 @@
         ],
         "summary": "Migrate the virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76146,7 +76146,7 @@
         ],
         "summary": "Pause the virtual machine instance",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76212,7 +76212,7 @@
         ],
         "summary": "Remove volume from the virtual machine instance",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76271,7 +76271,7 @@
         ],
         "summary": "Restart the virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76330,7 +76330,7 @@
         ],
         "summary": "Resume the virtual machine instance",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76393,7 +76393,7 @@
         ],
         "summary": "Create snapshot of virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76423,7 +76423,7 @@
         ],
         "summary": "Delete the snapshot of virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "get": {
@@ -76454,7 +76454,7 @@
         ],
         "summary": "Get virtual machine snapshot",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       },
       "parameters": [
@@ -76522,7 +76522,7 @@
         ],
         "summary": "Updates the specified snapshot of a virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76581,7 +76581,7 @@
         ],
         "summary": "Start the virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76640,7 +76640,7 @@
         ],
         "summary": "Stop the virtual machine",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76685,7 +76685,7 @@
         ],
         "summary": "Sync specified cluster workload",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76748,7 +76748,7 @@
         ],
         "summary": "Sync specified cluster workload",
         "tags": [
-          "v1"
+          "spectroclusters"
         ]
       }
     },
@@ -76773,10 +76773,7 @@
         ],
         "summary": "get the system config reverse proxy",
         "tags": [
-          "v1",
-          "system",
-          "private",
-          "docs-show"
+          "system"
         ]
       },
       "put": {
@@ -76809,10 +76806,7 @@
         ],
         "summary": "updates the system config reverse proxy",
         "tags": [
-          "v1",
-          "system",
-          "private",
-          "docs-show"
+          "system"
         ]
       }
     },
@@ -76844,9 +76838,7 @@
         ],
         "summary": "Delete a list of block listed passwords",
         "tags": [
-          "v1",
-          "system",
-          "docs-show"
+          "system"
         ]
       },
       "patch": {
@@ -76879,9 +76871,7 @@
         ],
         "summary": "List of block listed passwords",
         "tags": [
-          "v1",
-          "system",
-          "docs-show"
+          "system"
         ]
       }
     },
@@ -76953,7 +76943,7 @@
         ],
         "summary": "Retrieves a list of teams",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "post": {
@@ -76997,7 +76987,7 @@
         ],
         "summary": "Creates a team with the specified users and roles",
         "tags": [
-          "v1"
+          "teams"
         ]
       }
     },
@@ -77064,7 +77054,7 @@
         ],
         "summary": "Retrieves a list of team summary",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "post": {
@@ -77096,7 +77086,7 @@
         ],
         "summary": "Retrieves a list of teams summary with provided filter spec",
         "tags": [
-          "v1"
+          "teams"
         ]
       }
     },
@@ -77118,7 +77108,7 @@
         ],
         "summary": "Deletes the specified team",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "get": {
@@ -77141,7 +77131,7 @@
         ],
         "summary": "Returns the sepcified team",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "parameters": [
@@ -77179,7 +77169,7 @@
         ],
         "summary": "Patches the specified team",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "put": {
@@ -77208,7 +77198,7 @@
         ],
         "summary": "Updates the sepcified team",
         "tags": [
-          "v1"
+          "teams"
         ]
       }
     },
@@ -77233,7 +77223,7 @@
         ],
         "summary": "Returns the specified team's project and roles data",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "parameters": [
@@ -77271,7 +77261,7 @@
         ],
         "summary": "Updates the projects and roles for the specified team",
         "tags": [
-          "v1"
+          "teams"
         ]
       }
     },
@@ -77297,7 +77287,7 @@
         ],
         "summary": "Returns the specified individual and resource roles for a team",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "parameters": [
@@ -77336,7 +77326,7 @@
         ],
         "summary": "Add resource roles for team",
         "tags": [
-          "v1"
+          "teams"
         ]
       }
     },
@@ -77358,7 +77348,7 @@
         ],
         "summary": "Deleted the resource roles from team",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "parameters": [
@@ -77403,7 +77393,7 @@
         ],
         "summary": "Updates the resource roles for team",
         "tags": [
-          "v1"
+          "teams"
         ]
       }
     },
@@ -77428,7 +77418,7 @@
         ],
         "summary": "Returns the specified team's tenant roles",
         "tags": [
-          "v1"
+          "teams"
         ]
       },
       "parameters": [
@@ -77466,7 +77456,7 @@
         ],
         "summary": "Updates the tenant roles of the specified team",
         "tags": [
-          "v1"
+          "teams"
         ]
       }
     },
@@ -77505,7 +77495,7 @@
         ],
         "summary": "Update tenant address",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -77530,7 +77520,7 @@
         ],
         "summary": "lists the certificates for the tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -77576,7 +77566,7 @@
         ],
         "summary": "create the tenant certificate",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -77598,7 +77588,7 @@
         ],
         "summary": "deletes the tenant certificate",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "get": {
@@ -77621,7 +77611,7 @@
         ],
         "summary": "Returns the ca certificate for the tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -77664,7 +77654,7 @@
         ],
         "summary": "updates the tenant certificate",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -77686,7 +77676,7 @@
         ],
         "summary": "deletes the tenant data sink config",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "get": {
@@ -77709,7 +77699,7 @@
         ],
         "summary": "Returns data sink config of tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -77755,7 +77745,7 @@
         ],
         "summary": "create data sink config",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "put": {
@@ -77784,7 +77774,7 @@
         ],
         "summary": "updates the tenant data sink config",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -77809,7 +77799,7 @@
         ],
         "summary": "Get tenant auth token settings",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -77852,7 +77842,7 @@
         ],
         "summary": "Update tenant auth token settings",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -77888,7 +77878,7 @@
         ],
         "summary": "Tenant to accept the contract agreement",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -77918,7 +77908,7 @@
         ],
         "summary": "Deletes the aws credit account for tenants",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "get": {
@@ -77941,7 +77931,7 @@
         ],
         "summary": "Get the credit accounts for the tenants with free tier access",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -77974,7 +77964,7 @@
         ],
         "summary": "retrieves the domains for tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78011,7 +78001,7 @@
         ],
         "summary": "creates or updates domains for tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78050,7 +78040,7 @@
         ],
         "summary": "Update tenant emailId",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78075,7 +78065,7 @@
         ],
         "summary": "Get tenant level freemium configuration",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78112,7 +78102,7 @@
         ],
         "summary": "Update tenant freemium configuration",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78137,7 +78127,7 @@
         ],
         "summary": "Get tenant freemium usage",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78170,7 +78160,7 @@
         ],
         "summary": "Returns a specified invoice",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78222,7 +78212,7 @@
         ],
         "summary": "Downloads the specified invoice report",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78274,7 +78264,7 @@
         ],
         "summary": "Downloads the specified monthly invoice report",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78326,7 +78316,7 @@
         ],
         "summary": "Downloads the specified tenant usage",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78367,7 +78357,7 @@
         ],
         "summary": "Get tenant login banner settings",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78410,7 +78400,7 @@
         ],
         "summary": "Update tenant login banner settings",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78441,7 +78431,7 @@
         ],
         "summary": "Delete the macros for the specified tenant by given macro name",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "get": {
@@ -78464,7 +78454,7 @@
         ],
         "summary": "List the macros of the specified tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78501,7 +78491,7 @@
         ],
         "summary": "Update the macros for the specified tenant by given macro name",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "post": {
@@ -78530,7 +78520,7 @@
         ],
         "summary": "Create or add new macros for the specified tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "put": {
@@ -78559,7 +78549,7 @@
         ],
         "summary": "Update the macros of the specified tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78584,7 +78574,7 @@
         ],
         "summary": "Returns the oidc Spec for tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78621,7 +78611,7 @@
         ],
         "summary": "Associates the  oidc Spec for the tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78660,7 +78650,7 @@
         ],
         "summary": "creates or updates a password policy for tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78685,7 +78675,7 @@
         ],
         "summary": "Get is cluster group enabled for a specific tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78722,7 +78712,7 @@
         ],
         "summary": "Enable or Disable cluster group for a specific tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78747,7 +78737,7 @@
         ],
         "summary": "Get tenant cluster settings",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78800,7 +78790,7 @@
         ],
         "summary": "Update tenant clusters nodes auto remediation setting",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78825,7 +78815,7 @@
         ],
         "summary": "Get developer credit enabled for a specific tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78862,7 +78852,7 @@
         ],
         "summary": "update developer credit for a specific tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78887,7 +78877,7 @@
         ],
         "summary": "Get tenant fips settings",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78930,7 +78920,7 @@
         ],
         "summary": "Update tenant fips setting",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -78955,7 +78945,7 @@
         ],
         "summary": "Get all rate config for public and private cloud",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -78992,7 +78982,7 @@
         ],
         "summary": "updates the rate config for public and private cloud",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -79017,7 +79007,7 @@
         ],
         "summary": "Get tenant level resource limits configuration",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -79054,7 +79044,7 @@
         ],
         "summary": "Update tenant resource limits configuration",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -79079,7 +79069,7 @@
         ],
         "summary": "Returns the specified service provider metadata and Saml Spec for tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -79116,7 +79106,7 @@
         ],
         "summary": "Associates the specified federation metadata for the tenant",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -79141,7 +79131,7 @@
         ],
         "summary": "get sso logins for the tenants",
         "tags": [
-          "v1"
+          "tenants"
         ]
       },
       "parameters": [
@@ -79178,7 +79168,7 @@
         ],
         "summary": "enable sso logins for the tenants",
         "tags": [
-          "v1"
+          "tenants"
         ]
       }
     },
@@ -79251,7 +79241,7 @@
         ],
         "summary": "Lists users",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "post": {
@@ -79296,7 +79286,7 @@
         ],
         "summary": "Create User",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79335,7 +79325,7 @@
         ],
         "summary": "Returns the specified users location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79375,7 +79365,7 @@
         ],
         "summary": "Create a Azure location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79400,7 +79390,7 @@
         ],
         "summary": "Returns the specified Azure location",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -79438,7 +79428,7 @@
         ],
         "summary": "Updates the specified Azure location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79478,7 +79468,7 @@
         ],
         "summary": "Create a GCP location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79503,7 +79493,7 @@
         ],
         "summary": "Returns the specified GCP location",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -79541,7 +79531,7 @@
         ],
         "summary": "Updates the specified GCP location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79581,7 +79571,7 @@
         ],
         "summary": "Create a MinIO location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79606,7 +79596,7 @@
         ],
         "summary": "Returns the specified MinIO location",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -79644,7 +79634,7 @@
         ],
         "summary": "Updates the specified MinIO location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79684,7 +79674,7 @@
         ],
         "summary": "Create a S3 location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79706,7 +79696,7 @@
         ],
         "summary": "Returns the specified S3 location",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "get": {
@@ -79729,7 +79719,7 @@
         ],
         "summary": "Returns the specified S3 location",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -79767,7 +79757,7 @@
         ],
         "summary": "Updates the specified S3 location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79805,7 +79795,7 @@
         ],
         "summary": "Update the default backup location",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79827,7 +79817,7 @@
         ],
         "summary": "Deletes the specified location",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -79875,7 +79865,7 @@
         ],
         "summary": "Returns the SSH keys",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "post": {
@@ -79913,7 +79903,7 @@
         ],
         "summary": "Creates a SSH key",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -79935,7 +79925,7 @@
         ],
         "summary": "Returns the specified user ssh key",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "get": {
@@ -79958,7 +79948,7 @@
         ],
         "summary": "Returns the specified user ssh key",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -79996,7 +79986,7 @@
         ],
         "summary": "Updates the specified user ssh key",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80044,7 +80034,7 @@
         ],
         "summary": "Returns the specified vSphere DNS mapping",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80083,7 +80073,7 @@
         ],
         "summary": "Returns the specified vSphere DNS mappings",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "post": {
@@ -80121,7 +80111,7 @@
         ],
         "summary": "Create a vSphere DNS mapping",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80143,7 +80133,7 @@
         ],
         "summary": "Deletes the specified vSphere DNS mapping",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "get": {
@@ -80166,7 +80156,7 @@
         ],
         "summary": "Returns the specified vSphere DNS mapping",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -80204,7 +80194,7 @@
         ],
         "summary": "Updates the specified vSphere DNS mapping",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80235,7 +80225,7 @@
         ],
         "summary": "Revoke access of specific token(s)",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80260,7 +80250,7 @@
         ],
         "summary": "Get the system Spectro repository. Restricted to edge services",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80294,7 +80284,7 @@
         ],
         "summary": "gets users kubectl session",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80319,7 +80309,7 @@
         ],
         "summary": "Retrieves a list of users metadata",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80374,7 +80364,7 @@
         ],
         "summary": "User password change request using the user emailId",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80421,7 +80411,7 @@
         ],
         "summary": "User password reset request using the email id",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80470,7 +80460,7 @@
         ],
         "summary": "Returns the specified user summary list",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "post": {
@@ -80502,7 +80492,7 @@
         ],
         "summary": "Retrieves a list of users summary with provided filter spec",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80533,7 +80523,7 @@
         ],
         "summary": "Delete the macros for the system user by macro name",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "get": {
@@ -80556,7 +80546,7 @@
         ],
         "summary": "List the macros of the system",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "patch": {
@@ -80585,7 +80575,7 @@
         ],
         "summary": "Update the macros for the system user by macro name",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "post": {
@@ -80614,7 +80604,7 @@
         ],
         "summary": "Create or add new macros for the system user",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "put": {
@@ -80643,7 +80633,7 @@
         ],
         "summary": "Update the macros of the system",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80666,7 +80656,7 @@
         ],
         "summary": "Deletes the specified User",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "get": {
@@ -80690,7 +80680,7 @@
         ],
         "summary": "Returns the specified User",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -80729,7 +80719,7 @@
         ],
         "summary": "Patches the specified User",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "put": {
@@ -80759,7 +80749,7 @@
         ],
         "summary": "Update User",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80817,7 +80807,7 @@
         ],
         "summary": "User password change request using the user uid",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80854,7 +80844,7 @@
         ],
         "summary": "User password reset request using the user uid",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80880,7 +80870,7 @@
         ],
         "summary": "Returns the specified User Projects and Roles information",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -80919,7 +80909,7 @@
         ],
         "summary": "Updates the projects and roles for user",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -80945,7 +80935,7 @@
         ],
         "summary": "Returns the specified individual and resource roles for a user",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -80984,7 +80974,7 @@
         ],
         "summary": "Add resource roles for user",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -81006,7 +80996,7 @@
         ],
         "summary": "Deleted the resource roles from user",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -81051,7 +81041,7 @@
         ],
         "summary": "Updates the resource roles for user",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -81077,7 +81067,7 @@
         ],
         "summary": "Returns the specified individual and team roles for a user",
         "tags": [
-          "v1"
+          "users"
         ]
       },
       "parameters": [
@@ -81116,7 +81106,7 @@
         ],
         "summary": "Updates the roles for user",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -81155,7 +81145,7 @@
         ],
         "summary": "Users status login mode",
         "tags": [
-          "v1"
+          "users"
         ]
       }
     },
@@ -81201,7 +81191,7 @@
         ],
         "summary": "Create workspace",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81234,7 +81224,7 @@
         ],
         "summary": "Returns the specified team's workspaces and roles data",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "parameters": [
@@ -81278,7 +81268,7 @@
         ],
         "summary": "Updates the workspace roles for the specified team",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81312,7 +81302,7 @@
         ],
         "summary": "Returns the specified User workspaces and Roles information",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "parameters": [
@@ -81357,7 +81347,7 @@
         ],
         "summary": "Updates the workspace roles for user",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81399,7 +81389,7 @@
         ],
         "summary": "Validates the workspace name",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81429,7 +81419,7 @@
         ],
         "summary": "Deletes the specified workspace",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "get": {
@@ -81460,7 +81450,7 @@
         ],
         "summary": "Returns the specified workspace",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "parameters": [
@@ -81505,7 +81495,7 @@
         ],
         "summary": "Delete workspace backup",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "get": {
@@ -81541,7 +81531,7 @@
         ],
         "summary": "Returns the  workspace backup result",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "parameters": [
@@ -81593,7 +81583,7 @@
         ],
         "summary": "Create workspace backup settings",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "put": {
@@ -81628,7 +81618,7 @@
         ],
         "summary": "Update workspace backup settings",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81682,7 +81672,7 @@
         ],
         "summary": "Create On demand Workspace Backup",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81727,7 +81717,7 @@
         ],
         "summary": "Updates the specified workspace namespaces",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81781,7 +81771,7 @@
         ],
         "summary": "Create cluster rbac in workspace",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81811,7 +81801,7 @@
         ],
         "summary": "Deletes the specified workspace cluster rbac",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "parameters": [
@@ -81860,7 +81850,7 @@
         ],
         "summary": "Updates the specified workspace cluster rbac",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81905,7 +81895,7 @@
         ],
         "summary": "Updates the specified workspace meta",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81951,7 +81941,7 @@
         ],
         "summary": "Updates the specified workspace resource allocations",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     },
@@ -81989,7 +81979,7 @@
         ],
         "summary": "Returns the  workspace restore result",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       },
       "parameters": [
@@ -82051,7 +82041,7 @@
         ],
         "summary": "Create On demand Workspace Restore",
         "tags": [
-          "v1"
+          "workspaces"
         ]
       }
     }
@@ -82065,7 +82055,7 @@
   ],
   "securityDefinitions": {
     "ApiKey": {
-      "description": "API key authorization where API key can be generated from Palette console under Profile \u003e My API Keys",
+      "description": "API key authorization where API key can be generated from Palette console under Profile > My API Keys",
       "in": "header",
       "name": "ApiKey",
       "type": "apiKey"
@@ -82077,5 +82067,140 @@
       "type": "apiKey"
     }
   },
-  "swagger": "2.0"
+  "swagger": "2.0",
+  "tags": [
+    {
+      "name": "apiKeys",
+      "x-displayName": "Api Keys"
+    },
+    {
+      "name": "appDeployments",
+      "x-displayName": "App Deployments"
+    },
+    {
+      "name": "appProfiles",
+      "x-displayName": "App Profiles"
+    },
+    {
+      "name": "audits",
+      "x-displayName": "Audits"
+    },
+    {
+      "name": "auth",
+      "x-displayName": "Auth"
+    },
+    {
+      "name": "cloudaccounts",
+      "x-displayName": "Cloudaccounts"
+    },
+    {
+      "name": "cloudconfigs",
+      "x-displayName": "Cloudconfigs"
+    },
+    {
+      "name": "clouds",
+      "x-displayName": "Clouds"
+    },
+    {
+      "name": "clustergroups",
+      "x-displayName": "Clustergroups"
+    },
+    {
+      "name": "clusterprofiles",
+      "x-displayName": "Clusterprofiles"
+    },
+    {
+      "name": "dashboard",
+      "x-displayName": "Dashboard"
+    },
+    {
+      "name": "datasinks",
+      "x-displayName": "Datasinks"
+    },
+    {
+      "name": "edgehosts",
+      "x-displayName": "Edgehosts"
+    },
+    {
+      "name": "events",
+      "x-displayName": "Events"
+    },
+    {
+      "name": "features",
+      "x-displayName": "Features"
+    },
+    {
+      "name": "filters",
+      "x-displayName": "Filters"
+    },
+    {
+      "name": "metrics",
+      "x-displayName": "Metrics"
+    },
+    {
+      "name": "notifications",
+      "x-displayName": "Notifications"
+    },
+    {
+      "name": "overlords",
+      "x-displayName": "Overlords"
+    },
+    {
+      "name": "packs",
+      "x-displayName": "Packs"
+    },
+    {
+      "name": "pcg",
+      "x-displayName": "Pcg"
+    },
+    {
+      "name": "permissions",
+      "x-displayName": "Permissions"
+    },
+    {
+      "name": "projects",
+      "x-displayName": "Projects"
+    },
+    {
+      "name": "registries",
+      "x-displayName": "Registries"
+    },
+    {
+      "name": "roles",
+      "x-displayName": "Roles"
+    },
+    {
+      "name": "services",
+      "x-displayName": "Services"
+    },
+    {
+      "name": "spectroclusters",
+      "x-displayName": "Spectroclusters"
+    },
+    {
+      "name": "system",
+      "x-displayName": "System"
+    },
+    {
+      "name": "teams",
+      "x-displayName": "Teams"
+    },
+    {
+      "name": "tenants",
+      "x-displayName": "Tenants"
+    },
+    {
+      "name": "users",
+      "x-displayName": "Users"
+    },
+    {
+      "name": "workspaces",
+      "x-displayName": "Workspaces"
+    }
+  ],
+  "servers": [
+    {
+      "url": "https://api.spectrocloud.com"
+    }
+  ]
 }
\ No newline at end of file
diff --git a/docs/docs-content/security-bulletins/cve-reports.md b/docs/docs-content/security-bulletins/cve-reports.md
deleted file mode 100644
index 127ecb6a28..0000000000
--- a/docs/docs-content/security-bulletins/cve-reports.md
+++ /dev/null
@@ -1,56 +0,0 @@
----
-sidebar_label: "CVE Reports"
-title: "CVE Reports"
-description: "Security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette and Palette VerteX"
-icon: ""
-hide_table_of_contents: true
-sidebar_position: 0
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
-
-# Security Bulletins
-
-The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX solution and
-third-party component vulnerabilities, which we have become aware of. Some of the listed vulnerabilities below have been
-fixed in new versions of our products and released in the last month. These vulnerabilities are discovered via our Bug
-Bounty program, our security monitoring program, or reported to us by our supply chain.
-
-:::info
-
-The CVSS Severity is provided by either the third-party service provider, or NIST CVE. We do not provide the criticality
-score for third-party components. Previous security bulletins are available in the
-[Security Bulletins Archive](../unlisted/cve-reports.md).
-
-:::
-
-To fix all the vulnerabilities impacting your products, we recommends patching your instances to the latest version
-regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and
-workarounds where applicable
-
-
-
-|Initial Pub Date |Modified Date|Impacted Product & Version|Vulnerability Type   |Vulnerability Summary   |CVE ID    |CVSS Severity      |Official Summary     |
-|-----------------|-------------|--------------------------|---------------------|------------------------|----------|-------------------|---------------------|
-|1/32/24                                                                                                                                                                |2/18/24      |                          |Third-party component: kube-proxy       |runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)         |[8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)                                                                                       |CVE exists in kube-proxy 1.28.11.  Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                               |
-|2/28/23                                                                                                                                                                |11/25/23     |                          |Third-party component: CoreDNS          |A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11.  Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
-|10/25/23                                                                                                                                                               |10/25/23     |                          |Third-party component: CoreDNS          |The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                     |[GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g)  |[7.5](https://github.com/advisories/GHSA-m425-mq94-257g)                                                                                       |CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                         |
-|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.8             |Third-party component: OpenSSL          |The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2022-4450                                             |
-|10/12/23                                                                                                                                                               |2/18/24      |Palette 4.4.8             |Third-party component: Open-telemetry-Go|OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels \`http.user_agent\` and \`http.method\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)                                    |CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                                                |
-|3/22/23                                                                                                                                                                |6/21/24      |Palette 4.4.8             |Third-party component: OpenSSL          |A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0464                                            |
-|10/11/23                                                                                                                                                               |4/28/24      |Palette 4.4.8             |Third-party component:   Go project              |A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)                                    |CVE exists in coredns that’s being used in k8s 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+.                                                           |
-|2/28/23                                                                                                                                                                |6/21/24      |Palette 4.4.8             |Third-party component: OpenSSL          |The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                    |[CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)                                     |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX.  Review: https://ubuntu.com/security/CVE-2023-0215|
-|11/20/23                                                                                                                                                               |11/20/23     |Palette 4.4.8             |Third-party component:      Open-telemetry-Go            |OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels \`net.peer.sock.addr\` and \`net.peer.sock.port\` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              |[CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)                                    |CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround.                                                                                                                                 |
-|2/8/23                                                                                                                                                                 |2/4/24       |Palette 4.4.8             |Third-party component: OpenSSL          |There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         |[CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)           |[7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)                                     |This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX.                                                                                                                  |
-|12/8/20                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w).|[CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971)           |[5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971)                                                                                       |[This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2020-1971](https://ubuntu.com/security/CVE-2020-1971)|
-|3/25/21                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                  |[CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449)           |[5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3449                                             |
-|8/24/12                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k).                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                             |[CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)           |[9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Review: https://ubuntu.com/security/CVE-2021-3711                                             |
-|3/15/22                                                                                                                                                                |6/21/24      |                          |Third-party component: Ubuntu           |The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. See https://ubuntu.com/security/CVE-2023-0286                                                 |
-|1/31/22                                                                                                                                                                |11/6/23      |                          |Third-party component: Ubuntu           |In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)         |[9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)                                                                                       |This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: https://ubuntu.com/security/CVE-2021-45079|
-|11/14/23                                                                                                                                                               |1/19/24      |                          |Third-party component: VSphere-CSI      |A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                               |[CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)           |[8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)                                                                                       |CVE reported in vsphere-csi 3.2.0. Govulncheck shows it is non-impacting.                                                                                                                                                                                          |
-|10/10/23                                                                                                                                                               |6/27/24      |                          |Third-party component: CAPI             |The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          |[CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)                                                                                       |CVE reported in coredns and kube-vip. Govulncheck shows it is non-impacting.                                                                 
-|6/21/23                                                                                                                                                                |11/6/24      |                          |Third-party component: CAPI             |Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)         |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)                                                                                      |CVE reported in virtual cluster capi provider. Govulncheck shows it is non-impacting.                                                                                                                                                                              |
-|1/23/17                                                                                                                                                                |1/26/12      |                          |Third-party component: CAPI             |The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)."                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           |[CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)           |[7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)                                                                                       |This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application.                                                                                                                                  |
-|9/12/23                                                                                                                                                                |9/12/23      |                          |Third-party component: VSphere-CSI      |github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system.                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                |[PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604)| N/A | CVE reported in vsphere-csi 3.2.0, and k8s 1.28.11. Govulncheck shows it is non-impacting.|
-
-
diff --git a/docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md b/docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md
deleted file mode 100644
index ebf191f7d9..0000000000
--- a/docs/docs-content/security-bulletins/life-cycle/cve-2024-21626.md
+++ /dev/null
@@ -1,9 +0,0 @@
----
-sidebar_label: "CVE-2024-21626"
-title: "CVE-2024-21626"
-description: "Lifecycle of CVE-2024-21626"
-hide_table_of_contents: false
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-tags: ["security", "cve"]
----
diff --git a/docs/docs-content/security-bulletins/life-cycle/life-cycle.md b/docs/docs-content/security-bulletins/life-cycle/life-cycle.md
deleted file mode 100644
index 0cceb31070..0000000000
--- a/docs/docs-content/security-bulletins/life-cycle/life-cycle.md
+++ /dev/null
@@ -1,10 +0,0 @@
----
-sidebar_label: "CVE Life Cycle Reports"
-title: "CVE Life Cycle Reports"
-description: "Lifecycle of CVE-2024-21626"
-hide_table_of_contents: false
-sidebar_class_name: "hide-from-sidebar"
-toc_max_heading_level: 2
-unlisted: true
-tags: ["security", "cve"]
----
diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
new file mode 100644
index 0000000000..97f7c66598
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2015-8855"
+title: "CVE-2015-8855"
+description: "Lifecycle of CVE-2015-8855"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                             | Official Summary                                                                                                                  | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | 7/16/24     | The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-1971.md b/docs/docs-content/security-bulletins/reports/cve-2020-1971.md
new file mode 100644
index 0000000000..fe6577121a
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2020-1971.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2020-1971"
+title: "CVE-2020-1971"
+description: "Lifecycle of CVE-2020-1971"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | Official Summary                                                                                                                                                                                                                  | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | 7/16/24     | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You learn more at https://ubuntu.com/security/CVE-2020-1971. | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3449.md b/docs/docs-content/security-bulletins/reports/cve-2021-3449.md
new file mode 100644
index 0000000000..b7aa099575
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2021-3449.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2021-3449"
+title: "CVE-2021-3449"
+description: "Lifecycle of CVE-2021-3449"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | 7/16/24     | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2021-3449. | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3711.md b/docs/docs-content/security-bulletins/reports/cve-2021-3711.md
new file mode 100644
index 0000000000..82082eb953
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2021-3711.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2021-3711"
+title: "CVE-2021-3711"
+description: "Lifecycle of CVE-2021-3711"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) | 7/16/24     | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2021-3711. | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-45079.md b/docs/docs-content/security-bulletins/reports/cve-2021-45079.md
new file mode 100644
index 0000000000..891a738919
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2021-45079.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2021-45079"
+title: "CVE-2021-45079"
+description: "Lifecycle of CVE-2021-45079"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                             | Official Summary                                                                                                                                                                                                                               | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | 7/16/24     | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: You can learn more at https://ubuntu.com/security/CVE-2021-45079. | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-0778.md b/docs/docs-content/security-bulletins/reports/cve-2022-0778.md
new file mode 100644
index 0000000000..08ce7eb251
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-0778.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2022-0778"
+title: "CVE-2022-0778"
+description: "Lifecycle of CVE-2022-0778"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | 7/16/24     | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2023-0286. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
new file mode 100644
index 0000000000..fcc44f6ce6
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2022-25883"
+title: "CVE-2022-25883"
+description: "Lifecycle of CVE-2022-25883"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                        | Official Summary                                                                            | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | 7/16/24     | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | The CVE reported in virtual cluster CAPI provider. Govulncheck reports it as non-impacting. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41723.md b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md
new file mode 100644
index 0000000000..3e3a9b7ec4
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2022-41723"
+title: "CVE-2022-41723"
+description: "Lifecycle of CVE-2022-41723"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                               | Official Summary                                                                                                                                                                                                                          | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | 7/16/24     | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-4450.md b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md
new file mode 100644
index 0000000000..d4f0381dd0
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2022-4450"
+title: "CVE-2022-4450"
+description: "Lifecycle of CVE-2022-4450"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Official Summary                                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | 7/16/24     | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Additional information can be found at https://ubuntu.com/security/CVE-2022-4450 | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0215.md b/docs/docs-content/security-bulletins/reports/cve-2023-0215.md
new file mode 100644
index 0000000000..5193c8027a
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-0215.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-0215"
+title: "CVE-2023-0215"
+description: "Lifecycle of CVE-2023-0215"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                    | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | 7/16/24     | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2023-0215. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0286.md b/docs/docs-content/security-bulletins/reports/cve-2023-0286.md
new file mode 100644
index 0000000000..0b8dcc244c
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-0286.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-0286"
+title: "CVE-2023-0286"
+description: "Lifecycle of CVE-2023-0286"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                               | Official Summary                                                                                                                                  | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | 7/16/24     | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. | This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX. | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0464.md b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md
new file mode 100644
index 0000000000..b0c7811b93
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-0464"
+title: "CVE-2023-0464"
+description: "Lifecycle of CVE-2023-0464"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                           | Official Summary                                                                                                                                                                                                                                     | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | 7/16/24     | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more about this CVE at https://ubuntu.com/security/CVE-2023-0464. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-39325.md b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md
new file mode 100644
index 0000000000..2f75a6b547
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-39325"
+title: "CVE-2023-39325"
+description: "Lifecycle of CVE-2023-39325"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                              | Official Summary                                                                                                                                                                                         | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | 7/16/24     | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. | CVE exists in coredns that’s being used in k8s 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-44487.md b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md
new file mode 100644
index 0000000000..ff45e29ba2
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-44487"
+title: "CVE-2023-44487"
+description: "Lifecycle of CVE-2023-44487"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                   | Official Summary                                                                   | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | 7/16/24     | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | The CVE reported in coredns and kube-vip. Govulncheck reports it as non-impacting. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45142.md b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md
new file mode 100644
index 0000000000..cb010987ed
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-45142"
+title: "CVE-2023-45142"
+description: "Lifecycle of CVE-2023-45142"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                         | Official Summary                                                                                                                                                                    | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | 7/16/24     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. | CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-47108.md b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md
new file mode 100644
index 0000000000..07d6d4ae3c
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-47108"
+title: "CVE-2023-47108"
+description: "Lifecycle of CVE-2023-47108"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                      | Official Summary                                                                                                                   | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | 7/16/24     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. | CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-5528.md b/docs/docs-content/security-bulletins/reports/cve-2023-5528.md
new file mode 100644
index 0000000000..d5cd2546fd
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-5528.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2023-5528"
+title: "CVE-2023-5528"
+description: "Lifecycle of CVE-2023-5528"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                         | Official Summary                                                                | CVE Severity                                          | Status  |
+| --------------------------------------------------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
+| [CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | 7/16/24     | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | The CVE reported in vsphere-csi 3.2.0, Govulncheck reports it as non-impacting. | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-21626.md b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md
new file mode 100644
index 0000000000..c26c6b7668
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-2024-21626"
+title: "CVE-2024-21626"
+description: "Lifecycle of CVE-2024-21626"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Official Summary                                                                                                                                                                                                    | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | 7/16/24     | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. | CVE exists in kube-proxy 1.28.11. Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md
new file mode 100644
index 0000000000..f9a47d1a28
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "GHSA-m425-mq94-257g"
+title: "GHSA-m425-mq94-257g"
+description: "Lifecycle of GHSA-m425-mq94-257g"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                                   | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                   | Official Summary                                                                                                                                                                                                                            | CVE Severity                                             | Status  |
+| ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | ------- |
+| [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23    | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CCVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md b/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md
new file mode 100644
index 0000000000..3f9823a35d
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "Prisma-REPLACE-ME"
+title: "CVE-REPLACE-ME"
+description: "Lifecycle of CVE-REPLACE-ME"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                                     | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                        | Official Summary                                                                                        | CVE Severity | Status  |
+| -------------------------------------------------------------------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------ | ------- |
+| [PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604) | 7/16/24     | github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system. | The CVE reported in vsphere-csi 3.2.0, and Kubernetes 1.28.11. Govulncheck reports it as non-impacting. | N/A          | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md
new file mode 100644
index 0000000000..c45689d693
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/reports.md
@@ -0,0 +1,54 @@
+---
+sidebar_label: "CVE Reports"
+title: "CVE Reports"
+description: "Security bulletins for Common Vulnerabilities and Exposures (CVEs) related to Palette and Palette VerteX"
+icon: ""
+hide_table_of_contents: true
+sidebar_position: 0
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# Security Bulletins
+
+The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX solution and
+third-party component vulnerabilities, which we have become aware of. Some of the listed vulnerabilities below have been
+fixed in new versions of our products and released in the last month. These vulnerabilities are discovered via our Bug
+Bounty program, our security monitoring program, or reported to us by our supply chain.
+
+:::info
+
+The CVSS Severity is provided by either the third-party service provider, or NIST CVE. We do not provide the criticality
+score for third-party components. Previous security bulletins are available in the
+[Security Bulletins Archive](../../unlisted/cve-reports.md).
+
+:::
+
+To fix all the vulnerabilities impacting your products, we recommends patching your instances to the latest version
+regarding any third-party components. For vulnerabilities originating in our products, we will provide mitigations and
+workarounds where applicable.
+
+Click on the CVE ID to view the full details of the vulnerability.
+
+| CVE ID                                          | Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type                      | CVSS Severity                                            | Status        |
+| ----------------------------------------------- | ---------------- | ------------- | -------------------------- | --------------------------------------- | -------------------------------------------------------- | ------------- |
+| [CVE-2024-21626](./cve-2024-21626.md)           | 1/3/24           | 2/18/24       | Palette 4.4.8              | Third-party component: kube-proxy       | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)   | :mag: Ongoing |
+| [CVE-2022-41723](./cve-2022-41723.md)           | 2/28/23          | 11/25/23      | Palette 4.4.8              | Third-party component: CoreDNS          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)   | :mag: Ongoing |
+| [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23         | 10/25/23      | Palette 4.4.8              | Third-party component: CoreDNS          | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing |
+| [CVE-2022-4450](./cve-2022-4450.md)             | 2/8/23           | 2/4/24        | Palette 4.4.8              | Third-party component: OpenSSL          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450)    | :mag: Ongoing |
+| [CVE-2023-45142](./cve-2023-45142.md)           | 10/12/23         | 2/18/24       | Palette 4.4.8              | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142)   | :mag: Ongoing |
+| [CVE-2023-0464](./cve-2023-0464.md)             | 3/22/23          | 6/21/24       | Palette 4.4.8              | Third-party component: OpenSSL          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464)    | :mag: Ongoing |
+| [CVE-2023-39325](./cve-2023-39325.md)           | 10/11/23         | 4/28/24       | Palette 4.4.8              | Third-party component: Go project       | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)   | :mag: Ongoing |
+| [CVE-2023-0215](./cve-2023-0215.md)             | 2/28/23          | 6/21/24       | Palette 4.4.8              | Third-party component: OpenSSL          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215)    | :mag: Ongoing |
+| [CVE-2023-47108](./cve-2023-47108.md)           | 11/20/23         | 11/20/23      | Palette 4.4.8              | Third-party component: OpenTelemetry-Go | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108)   | :mag: Ongoing |
+| [CVE-2023-0286](./cve-2023-0286.md)             | 2/8/23           | 2/4/24        | Palette 4.4.8              | Third-party component: OpenSSL          | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286)    | :mag: Ongoing |
+| [CVE-2020-1971](./cve-2020-1971.md)             | 12/8/20          | 6/21/24       | Palette 4.4.8              | Third-party component: Ubuntu           | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971)    | :mag: Ongoing |
+| [CVE-2021-3449](./cve-2021-3449.md)             | 3/25/21          | 6/21/24       | Palette 4.4.8              | Third-party component: Ubuntu           | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449)    | :mag: Ongoing |
+| [CVE-2021-3711](./cve-2021-3711.md)             | 8/24/12          | 6/21/24       | Palette 4.4.8              | Third-party component: Ubuntu           | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711)    | :mag: Ongoing |
+| [CVE-2022-0778](./cve-2022-0778.md)             | 3/15/22          | 6/21/24       | Palette 4.4.8              | Third-party component: Ubuntu           | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778)    | :mag: Ongoing |
+| [CVE-2021-45079](./cve-2021-45079.md)           | 1/31/22          | 11/6/23       | Palette 4.4.8              | Third-party component: Ubuntu           | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079)   | :mag: Ongoing |
+| [CVE-2023-5528](./cve-2023-5528.md)             | 11/14/23         | 1/19/24       | Palette 4.4.8              | Third-party component: vSphere-CSI      | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528)    | :mag: Ongoing |
+| [CVE-2023-44487](./cve-2023-44487.md)           | 10/10/23         | 6/27/24       | Palette 4.4.8              | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487)   | :mag: Ongoing |
+| [CVE-2022-25883](./cve-2022-25883.md)           | 6/21/23          | 11/6/24       | Palette 4.4.8              | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883)   | :mag: Ongoing |
+| [CVE-2015-8855](./cve-2015-8855.md)             | 1/23/17          | 1/26/12       | Palette 4.4.8              | Third-party component: CAPI             | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855)    | :mag: Ongoing |
+| [PRISMA-2022-0227](./prisma-2022-0227.md)       | 9/12/23          | 9/12/23       | Palette 4.4.8              | Third-party component: vSphere-CSI      | N/A                                                      | :mag: Ongoing |
diff --git a/docs/docs-content/security-bulletins/security-bulletins.md b/docs/docs-content/security-bulletins/security-bulletins.md
index 004368ff13..148d3b6240 100644
--- a/docs/docs-content/security-bulletins/security-bulletins.md
+++ b/docs/docs-content/security-bulletins/security-bulletins.md
@@ -16,9 +16,9 @@ utilize in our products and services.
 
 ## Security Bulletins
 
-We release [security bulletins](./cve-reports.md) on a monthly and ad-hoc basis addressing security vulnerabilities in
-our software or related third-party components, describing their remediation when available, and providing links to the
-applicable updates for affected software when available.
+We release [security bulletins](./reports/reports.md) on a monthly and ad-hoc basis addressing security vulnerabilities
+in our software or related third-party components, describing their remediation when available, and providing links to
+the applicable updates for affected software when available.
 
 ## Security Advisories
 
@@ -29,4 +29,4 @@ security bulletin.
 
 ## Resources
 
-- [Security Bulletins](cve-reports.md)
+- [Security Bulletins](./reports/reports.md)
diff --git a/docs/docs-content/security/security.md b/docs/docs-content/security/security.md
index a6c2d51314..94b2325531 100644
--- a/docs/docs-content/security/security.md
+++ b/docs/docs-content/security/security.md
@@ -18,7 +18,7 @@ our software and services.
 
 :::tip
 
-You can find all security bulletins in the [Security Bulletins](../security-bulletins/cve-reports.md) section.
+You can find all security bulletins in the [Security Bulletins](../security-bulletins/security-bulletins.md) section.
 
 :::
 
diff --git a/redirects.js b/redirects.js
index 261cf4598e..6be64b9c50 100644
--- a/redirects.js
+++ b/redirects.js
@@ -529,6 +529,10 @@ const redirects = [
     from: "/security-bulletins/index/",
     to: "/unlisted/index/",
   },
+  {
+    from: "/security-bulletins/cve-reports/",
+    to: "/security-bulletins/reports/",
+  },
 ];
 
 module.exports = redirects;

From a2d1bdd234c96c55db3ea28c81bc533bc87d745b Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Wed, 17 Jul 2024 08:32:26 -0700
Subject: [PATCH 15/19] docs: update

---
 .../security-bulletins/reports/cve-2015-8855.md |  2 +-
 .../security-bulletins/reports/cve-2020-1971.md |  2 +-
 .../security-bulletins/reports/cve-2021-3449.md |  2 +-
 .../security-bulletins/reports/cve-2021-3711.md |  2 +-
 .../reports/cve-2021-45079.md                   |  2 +-
 .../security-bulletins/reports/cve-2022-0778.md |  2 +-
 .../reports/cve-2022-25883.md                   |  2 +-
 .../reports/cve-2022-41723.md                   |  2 +-
 .../security-bulletins/reports/cve-2022-4450.md |  2 +-
 .../security-bulletins/reports/cve-2023-0215.md |  2 +-
 .../security-bulletins/reports/cve-2023-0286.md |  2 +-
 .../security-bulletins/reports/cve-2023-0464.md |  2 +-
 .../reports/cve-2023-39325.md                   |  2 +-
 .../reports/cve-2023-44487.md                   |  2 +-
 .../reports/cve-2023-45142.md                   |  2 +-
 .../reports/cve-2023-47108.md                   |  2 +-
 .../reports/cve-2023-52425.md                   | 17 +++++++++++++++++
 .../security-bulletins/reports/cve-2023-5528.md |  2 +-
 .../reports/cve-2024-21626.md                   |  2 +-
 .../reports/ghsa-m425-mq94-257g.md              |  2 +-
 .../reports/prisma-2022-0227.md                 |  2 +-
 .../security-bulletins/reports/reports.md       |  1 +
 22 files changed, 38 insertions(+), 20 deletions(-)
 create mode 100644 docs/docs-content/security-bulletins/reports/cve-2023-52425.md

diff --git a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
index 97f7c66598..a6d9b3a436 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2015-8855.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                             | Official Summary                                                                                                                  | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                             | Our Official Summary                                                                                                              | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2015-8855](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | 7/16/24     | The semver package before 4.3.2 for Node.js allows attackers to cause a denial of service (CPU consumption) via a long version string, aka a "regular expression denial of service (ReDoS)." | This is a false positive as the CVE is in a node.js package that has the same name which is being used in the Golang application. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2015-8855) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2020-1971.md b/docs/docs-content/security-bulletins/reports/cve-2020-1971.md
index fe6577121a..59fc384c70 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2020-1971.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2020-1971.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | Official Summary                                                                                                                                                                                                                  | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        | Our Official Summary                                                                                                                                                                                                              | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2020-1971](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | 7/16/24     | The X.509 GeneralName type is a generic type for representing different types of names. One of those name types is known as EDIPartyName. OpenSSL provides a function GENERAL_NAME_cmp which compares different instances of a GENERAL_NAME to see if they are equal or not. This function behaves incorrectly when both GENERAL_NAMEs contain an EDIPARTYNAME. A NULL pointer dereference and a crash may occur leading to a possible denial of service attack. OpenSSL itself uses the GENERAL_NAME_cmp function for two purposes: 1) Comparing CRL distribution point names between an available CRL and a CRL distribution point embedded in an X509 certificate 2) When verifying that a timestamp response token signer matches the timestamp authority name (exposed via the API functions TS_RESP_verify_response and TS_RESP_verify_token) If an attacker can control both items being compared then that attacker could trigger a crash. For example if the attacker can trick a client or server into checking a malicious certificate against a malicious CRL then this may occur. Note that some applications automatically download CRLs based on a URL embedded in a certificate. This checking happens prior to the signatures on the certificate and CRL being verified. OpenSSL's s_server, s_client and verify tools have support for the "-crl_download" option which implements automatic CRL downloading and this attack has been demonstrated to work against those tools. Note that an unrelated bug means that affected versions of OpenSSL cannot parse or construct correct encodings of EDIPARTYNAME. However it is possible to construct a malformed EDIPARTYNAME that OpenSSL's parser will accept and hence trigger this attack. All OpenSSL 1.1.1 and 1.0.2 versions are affected by this issue. Other OpenSSL releases are out of support and have not been checked. Fixed in OpenSSL 1.1.1i (Affected 1.1.1-1.1.1h). Fixed in OpenSSL 1.0.2x (Affected 1.0.2-1.0.2w). | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You learn more at https://ubuntu.com/security/CVE-2020-1971. | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2020-1971) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3449.md b/docs/docs-content/security-bulletins/reports/cve-2021-3449.md
index b7aa099575..2fc4db75d7 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2021-3449.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2021-3449.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      | Our Official Summary                                                                                                                                                                                                                  | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2021-3449](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | 7/16/24     | An OpenSSL TLS server may crash if sent a maliciously crafted renegotiation ClientHello message from a client. If a TLSv1.2 renegotiation ClientHello omits the signature_algorithms extension (where it was present in the initial ClientHello), but includes a signature_algorithms_cert extension then a NULL pointer dereference will result, leading to a crash and a denial of service attack. A server is only vulnerable if it has TLSv1.2 and renegotiation enabled (which is the default configuration). OpenSSL TLS clients are not impacted by this issue. All OpenSSL 1.1.1 versions are affected by this issue. Users of these versions should upgrade to OpenSSL 1.1.1k. OpenSSL 1.0.2 is not impacted by this issue. Fixed in OpenSSL 1.1.1k (Affected 1.1.1-1.1.1j). | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2021-3449. | [5.9](https://nvd.nist.gov/vuln/detail/CVE-2021-3449) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-3711.md b/docs/docs-content/security-bulletins/reports/cve-2021-3711.md
index 82082eb953..4cbad0c021 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2021-3711.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2021-3711.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                           | Our Official Summary                                                                                                                                                                                                                  | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2021-3711](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) | 7/16/24     | In order to decrypt SM2 encrypted data an application is expected to call the API function EVP_PKEY_decrypt(). Typically an application will call this function twice. The first time, on entry, the "out" parameter can be NULL and, on exit, the "outlen" parameter is populated with the buffer size required to hold the decrypted plaintext. The application can then allocate a sufficiently sized buffer and call EVP_PKEY_decrypt() again, but this time passing a non-NULL value for the "out" parameter. A bug in the implementation of the SM2 decryption code means that the calculation of the buffer size required to hold the plaintext returned by the first call to EVP_PKEY_decrypt() can be smaller than the actual size required by the second call. This can lead to a buffer overflow when EVP_PKEY_decrypt() is called by the application a second time with a buffer that is too small. A malicious attacker who is able present SM2 content for decryption to an application could cause attacker chosen data to overflow the buffer by up to a maximum of 62 bytes altering the contents of other data held after the buffer, possibly changing application behaviour or causing the application to crash. The location of the buffer is application dependent but is typically heap allocated. Fixed in OpenSSL 1.1.1l (Affected 1.1.1-1.1.1k). | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2021-3711. | [9.8](https://nvd.nist.gov/vuln/detail/CVE-2021-3711) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2021-45079.md b/docs/docs-content/security-bulletins/reports/cve-2021-45079.md
index 891a738919..af8af84a28 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2021-45079.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2021-45079.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                             | Official Summary                                                                                                                                                                                                                               | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                             | Our Official Summary                                                                                                                                                                                                                           | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2021-45079](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | 7/16/24     | In strongSwan before 5.9.5, a malicious responder can send an EAP-Success message too early without actually authenticating the client and (in the case of EAP methods with mutual authentication and EAP-only authentication for IKEv2) even without server authentication. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS package version 5.8.2-1ubuntu3.fips.3.6 that is being used in VerteX.Review: You can learn more at https://ubuntu.com/security/CVE-2021-45079. | [9.1](https://nvd.nist.gov/vuln/detail/CVE-2021-45079) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-0778.md b/docs/docs-content/security-bulletins/reports/cve-2022-0778.md
index 08ce7eb251..09d58cf32f 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2022-0778.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-0778.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                         | Our Our Official Summary                                                                                                                                                                                                              | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2022-0778](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | 7/16/24     | The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form. It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters. Since certificate parsing happens prior to verification of the certificate signature, any process that parses an externally supplied certificate may thus be subject to a denial of service attack. The infinite loop can also be reached when parsing crafted private keys as they can contain explicit elliptic curve parameters. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2023-0286. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-0778) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
index fcc44f6ce6..6879d4d2cd 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-25883.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                        | Official Summary                                                                            | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                        | Our Official Summary                                                                        | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2022-25883](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | 7/16/24     | Versions of the package semver before 7.5.2 are vulnerable to Regular Expression Denial of Service (ReDoS) via the function new Range, when untrusted user data is provided as a range. | The CVE reported in virtual cluster CAPI provider. Govulncheck reports it as non-impacting. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-25883) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-41723.md b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md
index 3e3a9b7ec4..ff43fca0c7 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2022-41723.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-41723.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                               | Official Summary                                                                                                                                                                                                                          | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                               | Our Official Summary                                                                                                                                                                                                                      | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2022-41723](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | 7/16/24     | A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests. | CVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11.For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2022-4450.md b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md
index d4f0381dd0..693afedded 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2022-4450.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2022-4450.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Official Summary                                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                          | Our Official Summary                                                                                                                                                                                                                                  | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2022-4450](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | 7/16/24     | The function PEM_read_bio_ex() reads a PEM file from a BIO and parses and decodes the "name" (e.g. "CERTIFICATE"), any header data and the payload data. If the function succeeds then the "name_out", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data. The caller is responsible for freeing those buffers. It is possible to construct a PEM file that results in 0 bytes of payload data. In this case PEM_read_bio_ex() will return a failure code but will populate the header argument with a pointer to a buffer that has already been freed. If the caller also frees this buffer then a double free will occur. This will most likely lead to a crash. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. Additional information can be found at https://ubuntu.com/security/CVE-2022-4450 | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-4450) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0215.md b/docs/docs-content/security-bulletins/reports/cve-2023-0215.md
index 5193c8027a..d9b9f7b39e 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-0215.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-0215.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                    | Official Summary                                                                                                                                                                                                                      | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                    | Our Official Summary                                                                                                                                                                                                                  | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2023-0215](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | 7/16/24     | The public API function BIO_new_NDEF is a helper function used for streaming ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by end user applications. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more at https://ubuntu.com/security/CVE-2023-0215. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0215) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0286.md b/docs/docs-content/security-bulletins/reports/cve-2023-0286.md
index 0b8dcc244c..bfd03fd267 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-0286.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-0286.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                               | Official Summary                                                                                                                                  | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                               | Our Official Summary                                                                                                                              | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2023-0286](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | 7/16/24     | There is a type confusion vulnerability relating to X.400 address processing inside an X.509 GeneralName. X.400 addresses were parsed as an ASN1_STRING but the public structure definition for GENERAL_NAME incorrectly specified the type of the x400Address field as ASN1_TYPE. This field is subsequently interpreted by the OpenSSL function GENERAL_NAME_cmp as an ASN1_TYPE rather than an ASN1_STRING. | This is a false positive reported by twistlock only. We have confirmed this CVE is fixed in the FIPS openSSL version that’s being used in VerteX. | [7.4](https://nvd.nist.gov/vuln/detail/CVE-2023-0286) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-0464.md b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md
index b0c7811b93..ae3632345a 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-0464.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-0464.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                           | Official Summary                                                                                                                                                                                                                                     | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                           | Our Official Summary                                                                                                                                                                                                                                 | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2023-0464](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | 7/16/24     | A security vulnerability has been identified in all supported versions of OpenSSL related to the verification of X.509 certificate chains that include policy constraints. | This is a false positive reported by twistlock. We have confirmed this CVE is fixed in the FIPS openSSL version 1.1.1f-1ubuntu2.fips.22 that’s being used in VerteX. You can learn more about this CVE at https://ubuntu.com/security/CVE-2023-0464. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-0464) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-39325.md b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md
index 2f75a6b547..ab889c7701 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-39325.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-39325.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                              | Official Summary                                                                                                                                                                                         | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                              | Our Official Summary                                                                                                                                                                                     | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | 7/16/24     | A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. | CVE exists in coredns that’s being used in k8s 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-44487.md b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md
index ff45e29ba2..dfe29dad92 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-44487.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-44487.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                   | Official Summary                                                                   | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                   | Our Official Summary                                                               | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2023-44487](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | 7/16/24     | The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023. | The CVE reported in coredns and kube-vip. Govulncheck reports it as non-impacting. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-44487) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-45142.md b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md
index cb010987ed..722be49db4 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-45142.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-45142.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                         | Official Summary                                                                                                                                                                    | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                         | Our Official Summary                                                                                                                                                                | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2023-45142](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | 7/16/24     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. A handler wrapper out of the box adds labels `http.user_agent` and `http.method` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent to it. | CVE exists in k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-45142) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-47108.md b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md
index 07d6d4ae3c..f11cc54656 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-47108.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-47108.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                      | Official Summary                                                                                                                   | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                      | Our Official Summary                                                                                                               | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ---------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2023-47108](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | 7/16/24     | OpenTelemetry-Go Contrib is a collection of third-party packages for OpenTelemetry-Go. Prior to version 0.46.0, the grpc Unary Server Interceptor out of the box adds labels `net.peer.sock.addr` and `net.peer.sock.port` that have unbound cardinality. It leads to the server's potential memory exhaustion when many malicious requests are sent. | CVE exists in vsphere-csi 3.2.0, and kube-controller-manaer version 1.28.11. Impacts all vsphere clusters. There is no workaround. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-47108) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-52425.md b/docs/docs-content/security-bulletins/reports/cve-2023-52425.md
new file mode 100644
index 0000000000..8101679e07
--- /dev/null
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-52425.md
@@ -0,0 +1,17 @@
+---
+sidebar_label: "CVE-CVE-2023-52425"
+title: "CVE-CVE-2023-52425"
+description: "Lifecycle of CVE-CVE-2023-52425"
+hide_table_of_contents: true
+sidebar_class_name: "hide-from-sidebar"
+toc_max_heading_level: 2
+tags: ["security", "cve"]
+---
+
+# CVE Details
+
+We provide the most up-to-date information below.
+
+| CVE ID                                                                    | Last Update | NIST CVE Summary                                                                                                                                                                            | Our Official Summary                      | CVE Severity                                               | Status  |
+| ------------------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | ---------------------------------------------------------- | ------- |
+| [CVE-CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-52425) | 7/16/24     | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | The CVE is reported in vsphere-csi 3.2.0. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-52425) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-5528.md b/docs/docs-content/security-bulletins/reports/cve-2023-5528.md
index d5cd2546fd..d3832e350f 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-5528.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-5528.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                         | Official Summary                                                                | CVE Severity                                          | Status  |
+| CVE ID                                                          | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                         | Our Official Summary                                                            | CVE Severity                                          | Status  |
 | --------------------------------------------------------------- | ----------- | ---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------- | ----------------------------------------------------- | ------- |
 | [CVE-2023-5528](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | 7/16/24     | A security issue was discovered in Kubernetes where a user that can create pods and persistent volumes on Windows nodes may be able to escalate to admin privileges on those nodes. Kubernetes clusters are only affected if they are using an in-tree storage plugin for Windows nodes. | The CVE reported in vsphere-csi 3.2.0, Govulncheck reports it as non-impacting. | [8.8](https://nvd.nist.gov/vuln/detail/CVE-2023-5528) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/cve-2024-21626.md b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md
index c26c6b7668..220d48f376 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2024-21626.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2024-21626.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Official Summary                                                                                                                                                                                                    | CVE Severity                                           | Status  |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                              | Our Official Summary                                                                                                                                                                                                | CVE Severity                                           | Status  |
 | ----------------------------------------------------------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------ | ------- |
 | [CVE-2024-21626](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | 7/16/24     | runc is a CLI tool for spawning and running containers on Linux according to the OCI specification. In runc 1.1.11 and earlier, due to an internal file descriptor leak, an attacker could cause a newly-spawned container process (from runc exec) to have a working directory in the host filesystem namespace, allowing for a container escape by giving access to the host filesystem ("attack 2"). The same attack could be used by a malicious image to allow a container process to gain access to the host filesystem through runc run ("attack 1"). Variants of attacks 1 and 2 could be also be used to overwrite semi-arbitrary host binaries, allowing for complete container escapes ("attack 3a" and "attack 3b"). runc 1.1.12 includes patches for this issue. | CVE exists in kube-proxy 1.28.11. Affects only k8s version 1.28.11 For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md
index f9a47d1a28..b842baff81 100644
--- a/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md
+++ b/docs/docs-content/security-bulletins/reports/ghsa-m425-mq94-257g.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                                   | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                   | Official Summary                                                                                                                                                                                                                            | CVE Severity                                             | Status  |
+| CVE ID                                                                   | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                                                   | Our Official Summary                                                                                                                                                                                                                        | CVE Severity                                             | Status  |
 | ------------------------------------------------------------------------ | ----------- | -------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | -------------------------------------------------------- | ------- |
 | [GHSA-m425-mq94-257g](https://github.com/advisories/GHSA-m425-mq94-257g) | 10/25/23    | The affected releases of gRPC-Go, it is possible for an attacker to send HTTP/2 requests, cancel them, and send subsequent requests, which is valid by the HTTP/2 protocol, but would cause the gRPC-Go server to launch more concurrent method handlers than the configured maximum stream limit. | CCVE exists in coredns that’s being used in k8s 1.28.11. Affects only k8s version 1.28.11. For customer workload clusters, workaround is to use k8s version 1.29+. For Palette Self Hosted cluster, a future release will upgrade to 1.29+. | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md b/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md
index 3f9823a35d..7dacfcf88b 100644
--- a/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md
+++ b/docs/docs-content/security-bulletins/reports/prisma-2022-0227.md
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                                     | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                        | Official Summary                                                                                        | CVE Severity | Status  |
+| CVE ID                                                                     | Last Update | NIST CVE Summary                                                                                                                                                                                                                                                        | Our Official Summary                                                                                    | CVE Severity | Status  |
 | -------------------------------------------------------------------------- | ----------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------- | ------------ | ------- |
 | [PRISMA-2022-0227](https://github.com/kubernetes/kubernetes/issues/120604) | 7/16/24     | github.com/emicklei/go-restful/v3 module prior to v3.10.0 is vulnerable to Authentication Bypass by Primary Weakness. There is an inconsistency in how go-restful parses URL paths. This inconsistency could lead to several security check bypass in a complex system. | The CVE reported in vsphere-csi 3.2.0, and Kubernetes 1.28.11. Govulncheck reports it as non-impacting. | N/A          | Ongoing |
diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md
index c45689d693..48e82731d1 100644
--- a/docs/docs-content/security-bulletins/reports/reports.md
+++ b/docs/docs-content/security-bulletins/reports/reports.md
@@ -32,6 +32,7 @@ Click on the CVE ID to view the full details of the vulnerability.
 
 | CVE ID                                          | Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type                      | CVSS Severity                                            | Status        |
 | ----------------------------------------------- | ---------------- | ------------- | -------------------------- | --------------------------------------- | -------------------------------------------------------- | ------------- |
+| [CVe-2023-52425](./cve-2023-52425.md)           | 02/04/2024       | 06/14/2024    | Palette 4.4.8              | Third-party component: vSphere-CSI      | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425)   | :mag: Ongoing |
 | [CVE-2024-21626](./cve-2024-21626.md)           | 1/3/24           | 2/18/24       | Palette 4.4.8              | Third-party component: kube-proxy       | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)   | :mag: Ongoing |
 | [CVE-2022-41723](./cve-2022-41723.md)           | 2/28/23          | 11/25/23      | Palette 4.4.8              | Third-party component: CoreDNS          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)   | :mag: Ongoing |
 | [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23         | 10/25/23      | Palette 4.4.8              | Third-party component: CoreDNS          | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing |

From 543f0d6224e2e41b8e76cba064121d67afe57f79 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Wed, 17 Jul 2024 09:02:47 -0700
Subject: [PATCH 16/19] docs: added airgap

---
 docs/docs-content/security-bulletins/reports/reports.md | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md
index 48e82731d1..a852fdb2dc 100644
--- a/docs/docs-content/security-bulletins/reports/reports.md
+++ b/docs/docs-content/security-bulletins/reports/reports.md
@@ -11,10 +11,10 @@ tags: ["security", "cve"]
 
 # Security Bulletins
 
-The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX solution and
-third-party component vulnerabilities, which we have become aware of. Some of the listed vulnerabilities below have been
-fixed in new versions of our products and released in the last month. These vulnerabilities are discovered via our Bug
-Bounty program, our security monitoring program, or reported to us by our supply chain.
+The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX airgap solution
+and third-party component vulnerabilities, which we have become aware of. Some of the listed vulnerabilities below have
+been fixed in new versions of our products and released in the last month. These vulnerabilities are discovered via our
+Bug Bounty program, our security monitoring program, or reported to us by our supply chain.
 
 :::info
 

From 96c7dc78373841184c91f6f1f7d5886366b41b13 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Wed, 17 Jul 2024 09:28:53 -0700
Subject: [PATCH 17/19] docs: fixed minor issue

---
 docs/docs-content/security-bulletins/reports/reports.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md
index a852fdb2dc..c7f4c007cf 100644
--- a/docs/docs-content/security-bulletins/reports/reports.md
+++ b/docs/docs-content/security-bulletins/reports/reports.md
@@ -32,7 +32,7 @@ Click on the CVE ID to view the full details of the vulnerability.
 
 | CVE ID                                          | Initial Pub Date | Modified Date | Impacted Product & Version | Vulnerability Type                      | CVSS Severity                                            | Status        |
 | ----------------------------------------------- | ---------------- | ------------- | -------------------------- | --------------------------------------- | -------------------------------------------------------- | ------------- |
-| [CVe-2023-52425](./cve-2023-52425.md)           | 02/04/2024       | 06/14/2024    | Palette 4.4.8              | Third-party component: vSphere-CSI      | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425)   | :mag: Ongoing |
+| [CVE-2023-52425](./cve-2023-52425.md)           | 02/04/2024       | 06/14/2024    | Palette 4.4.8              | Third-party component: vSphere-CSI      | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425)   | :mag: Ongoing |
 | [CVE-2024-21626](./cve-2024-21626.md)           | 1/3/24           | 2/18/24       | Palette 4.4.8              | Third-party component: kube-proxy       | [8.6](https://nvd.nist.gov/vuln/detail/CVE-2024-21626)   | :mag: Ongoing |
 | [CVE-2022-41723](./cve-2022-41723.md)           | 2/28/23          | 11/25/23      | Palette 4.4.8              | Third-party component: CoreDNS          | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2022-41723)   | :mag: Ongoing |
 | [GHSA-m425-mq94-257g](./ghsa-m425-mq94-257g.md) | 10/25/23         | 10/25/23      | Palette 4.4.8              | Third-party component: CoreDNS          | [7.5](https://github.com/advisories/GHSA-m425-mq94-257g) | :mag: Ongoing |

From 6088e134c130c534025073262b199bec8f096ac4 Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Wed, 17 Jul 2024 09:58:26 -0700
Subject: [PATCH 18/19] docs: fix broken URL

---
 .../security-bulletins/reports/cve-2023-52425.md     | 12 ++++++------
 1 file changed, 6 insertions(+), 6 deletions(-)

diff --git a/docs/docs-content/security-bulletins/reports/cve-2023-52425.md b/docs/docs-content/security-bulletins/reports/cve-2023-52425.md
index 8101679e07..8339dd460d 100644
--- a/docs/docs-content/security-bulletins/reports/cve-2023-52425.md
+++ b/docs/docs-content/security-bulletins/reports/cve-2023-52425.md
@@ -1,7 +1,7 @@
 ---
-sidebar_label: "CVE-CVE-2023-52425"
-title: "CVE-CVE-2023-52425"
-description: "Lifecycle of CVE-CVE-2023-52425"
+sidebar_label: "CVE-2023-52425"
+title: "CVE-2023-52425"
+description: "Lifecycle of CVE-2023-52425"
 hide_table_of_contents: true
 sidebar_class_name: "hide-from-sidebar"
 toc_max_heading_level: 2
@@ -12,6 +12,6 @@ tags: ["security", "cve"]
 
 We provide the most up-to-date information below.
 
-| CVE ID                                                                    | Last Update | NIST CVE Summary                                                                                                                                                                            | Our Official Summary                      | CVE Severity                                               | Status  |
-| ------------------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | ---------------------------------------------------------- | ------- |
-| [CVE-CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-52425) | 7/16/24     | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | The CVE is reported in vsphere-csi 3.2.0. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-CVE-2023-52425) | Ongoing |
+| CVE ID                                                            | Last Update | NIST CVE Summary                                                                                                                                                                            | Our Official Summary                      | CVE Severity                                           | Status  |
+| ----------------------------------------------------------------- | ----------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ----------------------------------------- | ------------------------------------------------------ | ------- |
+| [CVE-2023-52425](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) | 7/16/24     | libexpat through 2.5.0 allows a denial of service (resource consumption) because many full reparsings are required in the case of a large token for which multiple buffer fills are needed. | The CVE is reported in vsphere-csi 3.2.0. | [7.5](https://nvd.nist.gov/vuln/detail/CVE-2023-52425) | Ongoing |

From 9d6fca25cc62eb55218e70edb111d9c2f20d6a3f Mon Sep 17 00:00:00 2001
From: Karl Cardenas <karl@spectrocloud.com>
Date: Wed, 17 Jul 2024 10:05:25 -0700
Subject: [PATCH 19/19] docs: updated intro langugae

---
 docs/docs-content/security-bulletins/reports/reports.md | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/docs/docs-content/security-bulletins/reports/reports.md b/docs/docs-content/security-bulletins/reports/reports.md
index c7f4c007cf..e4c6ee4a98 100644
--- a/docs/docs-content/security-bulletins/reports/reports.md
+++ b/docs/docs-content/security-bulletins/reports/reports.md
@@ -12,8 +12,7 @@ tags: ["security", "cve"]
 # Security Bulletins
 
 The vulnerabilities reported in this Security Bulletin include vulnerabilities within the Palette VerteX airgap solution
-and third-party component vulnerabilities, which we have become aware of. Some of the listed vulnerabilities below have
-been fixed in new versions of our products and released in the last month. These vulnerabilities are discovered via our
+and third-party component vulnerabilities, which we have become aware of. These vulnerabilities are discovered via our
 Bug Bounty program, our security monitoring program, or reported to us by our supply chain.
 
 :::info