Hello @Murugesan ,
Thank you for your response.
As I mentioned in my previous response, a remote code execution vulnerability, CVE-2024-6387, was recently discovered in OpenSSH where all supported versions of Container Optimized OS and Ubuntu images on GKE run versions of OpenSSH are vulnerable to this issue. Hence there could be a chance of getting vulnerability logs in the security command center even though all the packages were up-to-date. Please refer to this GKE Security Bulletin to know more about this race condition.
In order to resolve this issue, please follow the resolution steps mentioned here. Please let me know if the issue is resolved after upgrading the GKE nodes with the latest patch versions available.
Thanks & Regards,
Manish Bavireddy.