OpenSSL 1.1.1 < 1.1.1x Vulnerability

allegroai / clearml-server

ClearML - Auto-Magical CI/CD to streamline your AI workload. Experiment Management, Data Management, Pipeline, Orchestration, Scheduling & Serving in one MLOps/LLMOps solution

https://clear.ml/docs

Other

364 stars 132 forks source link

OpenSSL 1.1.1 < 1.1.1x Vulnerability #235

Open lions1988 opened 3 months ago

lions1988 commented 3 months ago

Hey team

Our Nesssus scanners detected the following vulnerability on our self-hosted ClearML OpenSSL 1.1.1 < 1.1.1x Vulnerability

ClearML versions: WebApp: 1.14.0-431 • Server: 1.14.0-431 • API: 2.28 Nessus plugin: https://www.tenable.com/plugins/nessus/184811 CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-5678

I can assume these issues are coming from the base OS image, I have seen this on all clearml containers besides redis

Please advice Thank you

ainoam commented 3 months ago

As you assume, @lions1988 this is indeed propagating from an underlying base image. Seeing as this is considered a minor issue, we're not planning any hotfix release on this, and will address it further down the road in an upcoming release.