search

e-mission / op-admin-dashboard

An admin/deployer dashboard for the NREL OpenPATH platform
0 stars 8 forks source link

Latest vulnerability fixes #115

Closed MukuFlash03 closed 4 months ago

MukuFlash03 commented 4 months ago

Summary

1 CRITICAL - flask 7 HIGH - [cryptography, libgnutls30 (2), bash], [pillow], [ecdsa (2)]

  1. Flask-caching Flask-caching has been a previously known issue, observed here before:

  2. First set - cryptography, libgnutls30 (2), bash

Details about how the first four vulnerabilties are handled present in this PR for e-mission-server repo.

  1. Second set - pillow

    • Fixed by updating package version manually in viz_scripts/docker/environment36.dashboard.additions.yml.

  2. ecdsa (2) PENDING

    • No remediation available as yet.
    • Additionally, AWS Inspector says its both SUPPRESSED and ACTIVE, so not sure.
Screenshot 2024-04-05 at 12 20 30 PM

Will try to find way to handle this if possible, else can try merging to fix other vulnerabilities.

shankari commented 4 months ago
  1. We do not currently have the server changes automatically flow to the dashboards. You need to bump up the server image after it is built
  2. We are removing pillow here https://github.com/e-mission/op-admin-dashboard/pull/107 so we should just clean up that PR and merge it instead
MukuFlash03 commented 4 months ago

Added a new PR that only updates the docker image tag to build from e-mission-server latest image. The pillow change would no longer be required once its related PR is merged.

shankari commented 4 months ago

Closing this since it is superceded by #116, which has been merged