Jayasree_N
(Jayasree N)
January 18, 2023, 5:44am
1
Hi,
we are using elasticsearch/elasticsearch:7.17.8 docker image.
We are getting few CVEs reported as high with the vulnerabilities scanning report.
CVE-2021-31684 -- nimbus-jose-jwt and json-smart
CVE-2020-36518 -- jackson-databind
CVE-2022-3509 -- protobuf-java
CVE-2021-40690 -- xmlsec
CVE-2022-43551 -- ubuntu
CVE-2022-3510 -- protobuf-java
CVE-2022-40152 -- woodstox-core
CVE-2021-37136 -- netty-codec
CVE-2022-41915 -- netty-codec-http
CVE-2020-8908 -- guava
Any suggestions how to fix these vulnerabilities ?
ikakavas
(Ioannis Kakavas)
January 18, 2023, 6:06am
2
Thank you for your report.
Elastic's security reporting guidelines are available at Security issues | Elastic .
Per those guidelines, all reports of potential security issues or vulnerabilities should be sent via email to security@elastic.co .
We are unable to discuss potential issues of this nature here. Please send your report to the email address above, where it can be appropriately handled.
dadoonet
(David Pilato)
January 18, 2023, 7:37am
3
Just a note. The version you mentioned is not the latest of the 7.17 series. You should upgrade your version IMHO.
Jayasree_N
(Jayasree N)
January 18, 2023, 2:19pm
4
@dadoonet , as per this documentation Release notes | Elasticsearch Guide [7.17] | Elastic , seems 7.17.8 is the latest release on 7.17 series. Could you please help in point me if there is any new release available for 7.17 series.
Thanks
JN
Jayasree_N
(Jayasree N)
January 18, 2023, 2:20pm
5
@ikakavas , Thank you for the reply. I will email to security@elastic.co .
dadoonet
(David Pilato)
January 18, 2023, 2:55pm
6
My bad. I misread your post sorry.
system
(system)
Closed
February 15, 2023, 2:55pm
7
This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.