250+ CVEs In Red Hat Linux Splunk Docker Image

[Subrhamanya]

Recently splunk official image scanned with one of our scanners (Prisma Cloud) and it's showing 250+ CVEs in it.

We are using splunk docker from https://hub.docker.com/r/splunk/splunk/tags?page=1

Is this image legitimate and offcial?

Can anybody help with it? So many CVEs in one image is confusing us...

[aakarshsingh]

Critical: 20 High: 93 Medium: 60 Low: 108

Total: 281

[yaroslav-nakonechnikov]

jyst fyi: splunk support case: 3276273 with results from ORCA

ps. fixing base image may also fix problem with journald, which was also reported in 3270730

[yaroslav-nakonechnikov]

https://github.com/splunk/docker-splunk/issues/576

[yaroslav-nakonechnikov]

https://github.com/splunk/docker-splunk/issues/518

[yaroslav-nakonechnikov]

https://github.com/splunk/docker-splunk/issues/602

[yaroslav-nakonechnikov]

https://github.com/splunk/docker-splunk/issues/589

[jmeixensperger]

We have started daily scanning for these images internally on the latest/upcoming splunk versions, and we are focusing on efforts to resolve all critical/high level vulnerabilities. Unfortunately, most of these are coming from the Splunk product itself and not from the docker image layers that we build. We have resolved all critical and most high level vulnerabilities that are not coming from the Splunk build for the upcoming release.

[Subrhamanya]

@jmeixensperger thanks for looking into it.