High Vulnerabilities found in Elasticsearch docker image v7.17.9

Hi Elastic Team,
We used aquasec's trivy scan(Trivy) to do vuln. scan on elasticsearch docker image: docker.elastic.co/elasticsearch/elasticsearch:7.17.9

We found 4 HIGH severity vulnerabilities below:
CVE-2023-0286
CVE-2021-37136
CVE-2021-37137
CVE-2021-40690

Can you triage this and provide any necessary remediations for above vulnerabilities.
FYI we did not find any remediation steps on Security issues | Elastic page.

Here is the full scan report: Vulnerability scan of Elasticsearch v7.17.9 docker image using Trivy · GitHub

Hi @hexer338,

The Security Issues page you references provides a link to the bug bounty programme in the Responsible Vulnerability Disclosure section. Did you submit a report this issue there? If not I would recommend that's the best place to report your findings.

Thanks for raising these issues!

Also on that page;

Users and customers may report any other potential security issues to security@elastic.co.

1 Like

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.