Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(security): vulnerabilities found in fabric2-all-in-one #2057

Closed
zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2135
Closed

fix(security): vulnerabilities found in fabric2-all-in-one #2057

zondervancalvez opened this issue Jun 1, 2022 · 1 comment · Fixed by #2135
Assignees
Labels
bug Something isn't working dependencies Pull requests that update a dependency file Fabric good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P4 Priority 4: Low Security Related to existing or potential security vulnerabilities

Comments

@zondervancalvez
Copy link
Contributor

List of vulnerabilities found in fabric2-all-in-one image during Azure Container scan.

VULNERABILITY ID PACKAGE NAME SEVERITY
CVE-2021-36159 apk-tools CRITICAL
CVE-2021-30139 apk-tools HIGH
CVE-2022-28391 busybox CRITICAL
CVE-2021-28831 busybox HIGH
CVE-2021-42378 busybox HIGH
CVE-2021-3121 github.com/gogo/protobuf HIGH
CVE-2019-16884 github.com/opencontainers/runc HIGH
CVE-2019-19921 github.com/opencontainers/runc HIGH
CVE-2020-14040 golang.org/x/text HIGH
@petermetz petermetz added P4 Priority 4: Low dependencies Pull requests that update a dependency file Security Related to existing or potential security vulnerabilities Fabric labels Jun 2, 2022
@petermetz
Copy link
Contributor

Marking as P4 because the Fabric 2 AIO image is not meant to be used in production.

@petermetz petermetz added good-first-issue Good for newcomers Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. good-first-issue-300-advanced bug Something isn't working labels Jun 2, 2022
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2022
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2022
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2022
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 9, 2022
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 11, 2022
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 11, 2022
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Apr 27, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue May 4, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue May 4, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue May 5, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue May 9, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue May 25, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jun 29, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jun 29, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Jul 26, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 15, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Aug 15, 2023
Fixes hyperledger-cacti#2057

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue Aug 18, 2023
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes hyperledger-cacti#2057

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz pushed a commit to zondervancalvez/cactus that referenced this issue Aug 18, 2023
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes hyperledger-cacti#2057

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
petermetz pushed a commit that referenced this issue Aug 18, 2023
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes #2057

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
sandeepnRES pushed a commit to sandeepnRES/cacti that referenced this issue Dec 21, 2023
Hard to dertermine which exact vulnerabilities will this be fixing because
other pull requests also upgrade the image version of this container in
the time while the pull request for this commit was open.

Nevertheless, it is an upgrade of versions and therefore some of the CVEs
are very likely getting addressed by it.

Fixes hyperledger-cacti#2057

Co-authored-by: Peter Somogyvari <peter.somogyvari@accenture.com>

Signed-off-by: zondervancalvez <zondervan.v.calvez@accenture.com>
Signed-off-by: Peter Somogyvari <peter.somogyvari@accenture.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working dependencies Pull requests that update a dependency file Fabric good-first-issue Good for newcomers good-first-issue-300-advanced Hacktoberfest Hacktoberfest participants are welcome to take a stab at issues marked with this label. P4 Priority 4: Low Security Related to existing or potential security vulnerabilities
Projects
None yet
Development

Successfully merging a pull request may close this issue.

2 participants