search

netbirdio / netbird

Connect your devices into a secure WireGuard®-based overlay network with SSO, MFA and granular access controls.
https://netbird.io
BSD 3-Clause "New" or "Revised" License
11.3k stars 518 forks source link

Vulnerabilities found with the current docker images #2577

Open Eric2808 opened 2 months ago

Eric2808 commented 2 months ago

Describe the problem When I ran Trivy security scan on the docker images, I found quite a few security vulnerabilities.

To Reproduce

  1. Install Trivy sudo apt-get install wget apt-transport-https gnupg lsb-release wget -qO - https://aquasecurity.github.io/trivy-repo/deb/public.key | sudo apt-key add - echo deb https://aquasecurity.github.io/trivy-repo/deb $(lsb_release -sc) main | sudo tee -a /etc/apt/sources.list.d/trivy.list sudo apt-get update sudo apt-get install trivy

  2. run scan on each docker image trivy image < enter image name e.g. netbirdio/management:latest >

found vulnerabilities with the following images: ghcr.io/zitadel/zitadel:v2.54.3 netbirdio/management:latest postgres:16-alpine coturn/coturn caddy netbirdio/signal:latest

example: Screenshot 2024-09-11 211422

Are you using NetBird Cloud? No

Please specify whether you use NetBird Cloud or self-host NetBird's control plane. self-host

mlsmaycon commented 2 months ago

Thanks for reporting the issue, we will validate the output from the tool and issue a fix in the next release.