search

albertodonato / query-exporter

Export Prometheus metrics from SQL queries
GNU General Public License v3.0
436 stars 101 forks source link

Security Problem CVE-2023-0266 #152

Closed carloscbl closed 1 year ago

carloscbl commented 1 year ago

Hi, Our internal security found the follow:


CVE-2023-0266 presents in this Base Image , CVE-2023-0266 is one of the Vulnerabilities which is been exploited on the wild. 

Known Exploited Vulnerabilities Catalog | CISA 

adonato/query-exporter:2.8.3

linux-libc-dev

CVE-2023-0266

5.10.127-1

{'versions': ['5.10.162-1'], 'state': 'fixed'}

The base Image doesn't seem updated in DockerHub any more...

Which most probably comes from "python:3.10-slim" or as dep from any other of the libs deps. python:3.10-slim is not tagged with minor version so the version 2.8.3 was released.

So probably pulling latest python:3.10-slim and building again and publishing will fix this security problem

carloscbl commented 1 year ago

You can check is fixed version checking apt show linux-libc-dev

albertodonato commented 1 year ago

I've pushed new images for 2.8.3 (and latest). This should be fixed now. Thanks for reporting.