[RTFACT-18737] HIGH vulnerabilities in artifactory-pro docker images Created: 11/Mar/19  Updated: 11/Mar/19

Status: Open
Project: Artifactory Binary Repository
Component/s: Docker Image
Affects Version/s: 6.8.4
Fix Version/s: None

Type: Bug Priority: Blocker
Reporter: Kenneth Brooks Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: artifactory, docker, helm


docker.bintray.io/jfrog/artifactory-pro:6.8.4 has the following vulnerabilities.

  • 23 High-level vulnerabilities.
  • 89 Medium-level vulnerabilities.
  • 52 Low-level vulnerabilities.
  • 71 Negligible-level vulnerabilities.
  • 10 Unknown-level vulnerabilities.

Our company (and I would assume most) has a stance that no images will be brought in with HIGH vulnerabilities.

Most of them are fixable via updating to newer dependencies.

Comment by Kenneth Brooks [ 11/Mar/19 ]

We used Clair as the scanning tool.


I'll try to attach info about the findings (for at least the high vulnerabilities).

Generated at Thu Nov 21 06:05:04 UTC 2019 using JIRA 7.6.16#76018-sha1:9ed376192612a49536ac834c64177a0fed6290f5.