Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(keychain-vault-server): address CVEs: CVE-2021-22946, CVE-2022-1304, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156 #2565

Closed
wants to merge 1 commit into from
Closed

fix(keychain-vault-server): address CVEs: CVE-2021-22946, CVE-2022-1304, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156 #2565

wants to merge 1 commit into from

Conversation

ruzell22
Copy link
Contributor

fixes: #2058

petermetz
petermetz requested changes Jul 24, 2023
View reviewed changes
Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ruzell22 Please make the issue title & PR title & commit subject unique (include CVE IDs that are being fixed.
Something like fix(keychain-vault-server): address CVEs: X,Y,Z...

@ruzell22 ruzell22 changed the title fix(security): vulnerabilities found in keychain-vault-server #2058 fix(keychain-vault-server): address CVEs: CVE-2021-22946, CVE-2022-1304, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156 Jul 25, 2023
@ruzell22
fix(keychain-vault-server): address CVEs: CVE-2021-22946, CVE-2022-1304
05fb935 
…, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156

fixes: hyperledger-cacti#2058

trivy scanner verified that the vulnerabilities in keychain-vault-server
is not appearing anymore. CVEs are the following
- CVE-2021-22946
- CVE-2022-1304
- CVE-2018-12886
- CVE-2022-29458
- CVE-2019-3843
- CVE-2019-3844
- CVE-2022-29458 (base)
- CVE-2022-29458 (bin)
- CVE-2020-16156

No changes was needed to be merged.

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
@ruzell22
Copy link
Contributor Author

Hello @petermetz , changed the commit title and commit message. This PR would not require to be merged because it is just a trivy scanner to check the vulnerabilities. Here is the result of the scan which shows there are 0 Critical and 0 High vulnerabilities in keychain-vault-server.

image

#2058 is now fixed and can be closed. Thank you

@ruzell22 ruzell22 requested a review from petermetz July 25, 2023 05:22
@petermetz
Copy link
Contributor

Hello @petermetz , changed the commit title and commit message. This PR would not require to be merged because it is just a trivy scanner to check the vulnerabilities. Here is the result of the scan which shows there are 0 Critical and 0 High vulnerabilities in keychain-vault-server.

image

#2058 is now fixed and can be closed. Thank you

@ruzell22 Oh, I see, great! Thank you very much!

@petermetz petermetz closed this Jul 27, 2023
@petermetz petermetz mentioned this pull request Jul 27, 2023
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@petermetz petermetz Awaiting requested review from petermetz petermetz is a code owner

@izuru0 izuru0 Awaiting requested review from izuru0 izuru0 will be requested when the pull request is marked ready for review izuru0 is a code owner

@jagpreetsinghsasan jagpreetsinghsasan Awaiting requested review from jagpreetsinghsasan jagpreetsinghsasan will be requested when the pull request is marked ready for review jagpreetsinghsasan is a code owner

@VRamakrishna VRamakrishna Awaiting requested review from VRamakrishna VRamakrishna will be requested when the pull request is marked ready for review VRamakrishna is a code owner

@outSH outSH Awaiting requested review from outSH outSH will be requested when the pull request is marked ready for review outSH is a code owner

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

fix(security): vulnerabilities found in keychain-vault-server
2 participants
@ruzell22 @petermetz