-
Notifications
You must be signed in to change notification settings - Fork 256
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
250+ CVEs In Red Hat Linux Splunk Docker Image #616
Comments
Critical: 20 Total: 281 |
jyst fyi: splunk support case: 3276273 with results from ORCA ps. fixing base image may also fix problem with journald, which was also reported in 3270730 |
We have started daily scanning for these images internally on the latest/upcoming splunk versions, and we are focusing on efforts to resolve all critical/high level vulnerabilities. Unfortunately, most of these are coming from the Splunk product itself and not from the docker image layers that we build. We have resolved all critical and most high level vulnerabilities that are not coming from the Splunk build for the upcoming release. |
@jmeixensperger thanks for looking into it. |
@Subrhamanya can you attach last scan results for "fresh" versions? |
@yaroslav-nakonechnikov here is the screenshot. Version scanned --> 9.3.1 Critical - 1 |
Recently splunk official image scanned with one of our scanners (Prisma Cloud) and it's showing 250+ CVEs in it.
We are using splunk docker from https://hub.docker.com/r/splunk/splunk/tags?page=1
Is this image legitimate and offcial?
Can anybody help with it? So many CVEs in one image is confusing us...
The text was updated successfully, but these errors were encountered: