Ignore CVE-2024-37371 and CVE-2024-37370 in docker image

buildkite / docs

The source files for the Buildkite documentation

https://buildkite.com/docs

MIT License

46 stars 249 forks source link

Ignore CVE-2024-37371 and CVE-2024-37370 in docker image #2951

Closed yob closed 2 months ago

yob commented 2 months ago

These CVEs are in krb5, a library that handles kerbeos authentication. We don't any kerbeos in production, but also the issues are fixed in 1.20.1-2+deb12u2 which is available in the debian repos and the docker build logs show is being installed. This seems to be a false positive by ECR

buildkite-docs-bot commented 2 months ago

Preview URL: https://2951--bk-docs-preview.netlify.app