[Bug]: Vulnerabilities #2566
Comments
|
Can you add a little bit more of context? I'm unable to find those vulnerabilities in the current image: $ trivy i quay.io/jaegertracing/jaeger-operator:1.57.0
2024-05-10T16:35:55.829+0200 INFO Need to update DB
2024-05-10T16:35:55.829+0200 INFO DB Repository: ghcr.io/aquasecurity/trivy-db
2024-05-10T16:35:55.829+0200 INFO Downloading DB...
46.03 MiB / 46.03 MiB [------------------------------------------------------------------------------------------------------------------------------------------------] 100.00% 28.88 MiB p/s 1.8s
2024-05-10T16:35:58.656+0200 INFO Vulnerability scanning is enabled
2024-05-10T16:35:58.656+0200 INFO Secret scanning is enabled
2024-05-10T16:35:58.656+0200 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2024-05-10T16:35:58.656+0200 INFO Please see also https://aquasecurity.github.io/trivy/v0.29.2/docs/secret/scanning/#recommendation for faster secret detection
2024-05-10T16:36:03.613+0200 INFO Number of language-specific files: 1
2024-05-10T16:36:03.613+0200 INFO Detecting gobinary vulnerabilities...
jaeger-operator (gobinary)
Total: 0 (UNKNOWN: 0, LOW: 0, MEDIUM: 0, HIGH: 0, CRITICAL: 0) |
|
Hi @iblancasa, |
|
Any update on this? |
|
|
|
@antoniomerlin Those vulnerabilities reported by trivy, if I'm not wrong, are related to other issues. Not the ones reported in the initial message. |
What happened?
CVE-2022-47629
CVE-2023-44487
CVE-2022-1271
We are receiving the above vulnerabilities for Jaeger due to which we are unable to use this on our production environment
Steps to reproduce
NA
Expected behavior
NA
Relevant log output
No response
Screenshot
No response
Additional context
No response
Jaeger backend version
V 1.57
SDK
No response
Pipeline
No response
Stogage backend
No response
Operating system
No response
Deployment model
No response
Deployment configs
No response
The text was updated successfully, but these errors were encountered: