On scanning the filebeat-oss:8.13.2 docker image, found the below vulnerability in it.
<html xmlns:v="urn:schemas-microsoft-com:vml"
xmlns:o="urn:schemas-microsoft-com:office:office"
xmlns:x="urn:schemas-microsoft-com:office:excel"
xmlns="http://www.w3.org/TR/REC-html40">
Type | Severity | CVE | Package Name | Package Version | Fix Status | Description
-- | -- | -- | -- | -- | -- | --
Compliance | Moderate | CVE-2024-24557 | github.com/docker/docker | v24.0.7 | fixed in: 25.0.2, 24.0.9 | Full description: moby: classic builder cache poisoning
Package | Medium | CVE-2024-28834 | gnutls28 | 3.6.13-2ubuntu1.10 | fixed in: 3.6.13-2ubuntu1.11 | A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.
Package | Medium | CVE-2024-28085 | util-linux | 2.34-0.1ubuntu9.4 | fixed in: 2.34-0.1ubuntu9.5 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.
On scanning the filebeat-oss:8.13.2 docker image, found the below vulnerability in it. <html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:x="urn:schemas-microsoft-com:office:excel" xmlns="http://www.w3.org/TR/REC-html40">
Type | Severity | CVE | Package Name | Package Version | Fix Status | Description -- | -- | -- | -- | -- | -- | -- Compliance | Moderate | CVE-2024-24557 | github.com/docker/docker | v24.0.7 | fixed in: 25.0.2, 24.0.9 | Full description: moby: classic builder cache poisoning Package | Medium | CVE-2024-28834 | gnutls28 | 3.6.13-2ubuntu1.10 | fixed in: 3.6.13-2ubuntu1.11 | A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. Package | Medium | CVE-2024-28085 | util-linux | 2.34-0.1ubuntu9.4 | fixed in: 2.34-0.1ubuntu9.5 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users\' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover.