tools(cmd-api-server): address CVE: CVE-2022-25881 #2862
Assignees
Comments
|
@zondervancalvez Could you please make the issue title unique for this one as well? |
zondervancalvez
changed the title
Hi @petermetz The title is now shortened and I've only indicated the Critical CVEs. |
@zondervancalvez Thank you very much! |
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 10, 2023
the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
5 tasks
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 10, 2023
the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 14, 2023
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 20, 2023
Fixes hyperledger#2862 Signed-ff by: zondercalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 20, 2023
Fixes hyperledger#2862 Signed-ff by: zondercalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 20, 2023
Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 20, 2023
Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
5 tasks
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 27, 2023
Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 30, 2023
Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
Nov 30, 2023
Primary Changes: Updated the https-cache-semantics to latest version inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Jan 16, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Feb 13, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Feb 28, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Feb 28, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Feb 28, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Mar 18, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Mar 18, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Mar 18, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Mar 19, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Mar 25, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Apr 1, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Apr 3, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
|
There are no vulnerabilities found anymore from the latest scan. See image below:
We can now close this issue. |
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Apr 4, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
Apr 4, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
|
@zondervancalvez Got it, thank you for confirming! |
zondervancalvez
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
May 21, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz
pushed a commit
that referenced
this issue
May 21, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes #1876 Depends On: #2865 Depends On: #2864 Depends On: #2863 Depends On: #2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
May 27, 2024
Primary Changes: Updated the https-cache-semantics to latest version inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
May 27, 2024
Primary Changes: Updated the https-cache-semantics to latest version inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
May 27, 2024
Primary Changes: Updated the https-cache-semantics to latest version inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez
added a commit
to zondervancalvez/cactus
that referenced
this issue
May 27, 2024
Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
May 29, 2024
Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
pushed a commit
to zondervancalvez/cactus
that referenced
this issue
May 29, 2024
Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz
pushed a commit
that referenced
this issue
May 29, 2024
Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: #2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
5 tasks
fazzatti
pushed a commit
to fazzatti/cacti
that referenced
this issue
Jun 24, 2024
Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES
pushed a commit
to sandeepnRES/cacti
that referenced
this issue
Jul 30, 2024
Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
sandeepnRES
pushed a commit
to sandeepnRES/cacti
that referenced
this issue
Jul 30, 2024
Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com> Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Vulnerabilities were found during the container scan of cmd-api-server image using Trivy.
See the list below:
The text was updated successfully, but these errors were encountered: