marcelom2s
commented
3 months ago Anyone? Please let me know if there is anything else that I can provide.
Open marcelom2s opened 4 months ago
marcelom2s
commented
3 months ago Anyone? Please let me know if there is anything else that I can provide.
marcelom2s
commented
2 months ago Anyone? Please let me know if there is anything else that I can provide.
marcelom2s
commented
1 month ago Anyone?
Hi,
My company is using Wiz to scan various virtual machine resources, and we are running some Windows build agents through Azure DevOps.
Agent version - 3.241.0
The agent and work directories for each agent service are being flagged by Wiz due to having older version of openssl (1.0.2l)
See vulnerability reference here: [https://github.com/advisories/GHSA-75w2-qv55-x7fv] ([ "https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e", "https://github.com/ossf/malicious-packages/tree/main/malicious/npm", "https://www.npmjs.com/package/openssl"])
A specific example of one of these flags:
Is there currently a PR in progress to address this, or otherwise an ETA for resolution? Any input would be appreciated.
Agent version: 3.241.0 Azure DevOps Server type: dev.azure.com Operation system: Windows 11 Version control system: GitHub
Best Regards,
Marcelo Calado