[RTFACT-18737] HIGH vulnerabilities in artifactory-pro docker images Created: 11/Mar/19  Updated: 11/Mar/19

Status: Open
Project: Artifactory Binary Repository
Component/s: Docker Image
Affects Version/s: 6.8.4
Fix Version/s: None

Type: Bug Priority: Blocker
Reporter: Kenneth Brooks Assignee: Unassigned
Resolution: Unresolved Votes: 1
Labels: artifactory, docker, helm


 Description   

docker.bintray.io/jfrog/artifactory-pro:6.8.4 has the following vulnerabilities.
 

  • 23 High-level vulnerabilities.
  • 89 Medium-level vulnerabilities.
  • 52 Low-level vulnerabilities.
  • 71 Negligible-level vulnerabilities.
  • 10 Unknown-level vulnerabilities.
     

Our company (and I would assume most) has a stance that no images will be brought in with HIGH vulnerabilities.

Most of them are fixable via updating to newer dependencies.



 Comments   
Comment by Kenneth Brooks [ 11/Mar/19 ]

We used Clair as the scanning tool.

 

I'll try to attach info about the findings (for at least the high vulnerabilities).

Generated at Mon Jul 22 09:46:13 UTC 2019 using JIRA 7.6.3#76005-sha1:8a4e38d34af948780dbf52044e7aafb13a7cae58.