search

bitnami / containers

Bitnami container images
https://bitnami.com
Other
3.34k stars 4.81k forks source link

High and Critical vulnerabilities reported by Jfrog X-Ray scan for bitnami/grafana-operator and bitnami/kube-prometheus containers #55934

Closed abbdul closed 7 months ago

abbdul commented 8 months ago

Name and Version

bitnami/alertmanager:0.26.0-debian-11-r52, bitnami/blackbox-exporter:0.24.0-debian-11-r148,bitnami/grafana:10.3.1-debian-11-r1,grafana-operator:5.6.1-debian-11-r2,kube-state-metrics:2.10.1-debian-11-r6,node-exporter:1.7.0-debian-11-r5,prometheus:2.49.1-debian-11-r2,prometheus-operator:0.71.2-debian-11-r1

What architecture are you using?

amd64

What steps will reproduce the bug?

Run X-Ray Scan on below listed Container Images, scan report attached. [Uploading X-Ray_Report_Grafana_Prometheus_Operators.csv…]()

docker.io/bitnami/alertmanager:0.26.0-debian-11-r52 docker.io/bitnami/blackbox-exporter:0.24.0-debian-11-r148 docker.io/bitnami/grafana:10.3.1-debian-11-r1 docker.io/bitnami/grafana-operator:5.6.1-debian-11-r2 docker.io/bitnami/kube-state-metrics:2.10.1-debian-11-r6 docker.io/bitnami/node-exporter:1.7.0-debian-11-r5 docker.io/bitnami/prometheus:2.49.1-debian-11-r2 docker.io/bitnami/prometheus-operator:0.71.2-debian-11-r1

What do you see instead?

High and Critical Vulnerabilities detected

abbdul commented 8 months ago

X-Ray_Report_Grafana_Prometheus_Operators.xlsx

Attached Vulnerabilities Report again.

carrodher commented 8 months ago

I understand your concern regarding security vulnerabilities. While we regularly update our images with the latest system packages, certain CVEs may persist until they are patched in either the OS or the application. You can learn more about our CVE policy here.

The Bitnami Application Catalog (OpenSource) is built on Debian 11. Additionally, as part of VMware, Bitnami offers a custom container and Helm Charts catalog based on various base images, such as Debian 10, 11 & 12, PhotonOS 4, Ubuntu 20.04 & 22.04, RedHat UBI 8 & 9, and custom golden images. You can explore these options through the VMware Tanzu Application Catalog.

If you have any further questions, feel free to ask.

github-actions[bot] commented 8 months ago

This Issue has been automatically marked as "stale" because it has not had recent activity (for 15 days). It will be closed if no further activity occurs. Thanks for the feedback.

github-actions[bot] commented 7 months ago

Due to the lack of activity in the last 5 days since it was marked as "stale", we proceed to close this Issue. Do not hesitate to reopen it later if necessary.