janjwerner-confluent
commented
1 year ago @cedricAI23 This issue has been addressed by Red Hat in RHSA-2023:0116 on January 12, 2023. We are aware of this issue and expect to resolve it in the upcoming quarterly release.
The following images are showing them vulnerable to CVE-2021-46848 for 6.2.8. Please provide a resolution
trivy image confluentinc/cp-kafka-connect:6.2.8 | grep CVE-2021-46848 2023-02-14T10:04:31.403-0500 INFO Need to update DB 2023-02-14T10:04:31.403-0500 INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2023-02-14T10:04:31.403-0500 INFO Downloading DB... 35.63 MiB / 35.63 MiB [---------------------------------------------------------------------------------] 100.00% 15.80 MiB p/s 2.5s 2023-02-14T10:04:34.580-0500 INFO Vulnerability scanning is enabled 2023-02-14T10:04:34.580-0500 INFO Secret scanning is enabled 2023-02-14T10:04:34.580-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning 2023-02-14T10:04:34.580-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection 2023-02-14T10:04:35.335-0500 INFO Detected OS: redhat 2023-02-14T10:04:35.335-0500 INFO Detecting RHEL/CentOS vulnerabilities... 2023-02-14T10:04:35.362-0500 INFO Number of language-specific files: 2 2023-02-14T10:04:35.362-0500 INFO Detecting jar vulnerabilities... 2023-02-14T10:04:35.377-0500 INFO Detecting python-pkg vulnerabilities... 2023-02-14T10:04:35.405-0500 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file. │ libtasn1 │ CVE-2021-46848 │ 4.13-3.el8 │ 4.13-4.el8_7 │ libtasn1: Out-of-bound access in ETYPE_OK │