Hi, I am trying out the docker version of the ELK stack, and have noted that when I scan it using trivy / "docker scan", it is showing some OS related vulnerabilities for libraries such curl etc. Can I understand if these findings are accurate and if anyone is able to advise on this? Thank you for …

Regarding the security of the ELK stack docker images

signum May 19, 2021, 1:14am 3

Hi,

The CVEs are mainly related to the centos side of the containers, will highlight some of them here:

i) CVE-2021-22876
ii) CVE-2020-8625
iii) CVE-2021-20305

I will take a look at the Swimlane ELK Docker as well, thank you for the info!

Topic		Replies	Views
Security Vulnerability in ELK stack during docker scan by twistlock Elasticsearch	2	566	June 22, 2021
Docker image vulnerabilies Elasticsearch docker	6	1530	July 4, 2019
Security vulnerabilities in Elasticsearch docker images - v 8.2.0 Elasticsearch docker	3	491	June 23, 2022
Found " Nettle Cryptographics Library Vulnerability" in docker.elastic.co/elasticsearch/elasticsearch:7.12.1 image Elasticsearch docker	1	366	January 12, 2022
High Vulnerabilities found in Elasticsearch docker image v7.17.9 Elasticsearch docker	3	800	March 20, 2023