tools(cmd-api-server): address CVE: CVE-2022-25881 #2862

zondervancalvez · 2023-11-06T05:04:43Z

Description

Vulnerabilities were found during the container scan of cmd-api-server image using Trivy.
See the list below:

LIBRARY	VULNERABILITY	INSTALLED VERSION	FIXED VERSION
http-cache-semantics (package.json)	CVE-2022-25881	4.1.0	4.1.1

petermetz · 2023-11-06T20:41:55Z

@zondervancalvez Could you please make the issue title unique for this one as well?

zondervancalvez · 2023-11-08T08:28:54Z

@zondervancalvez Could you please make the issue title unique for this one as well?

Hi @petermetz The title is now shortened and I've only indicated the Critical CVEs.

petermetz · 2023-11-10T04:29:51Z

@zondervancalvez Could you please make the issue title unique for this one as well?

Hi @petermetz The title is now shortened and I've only indicated the Critical CVEs.

@zondervancalvez Thank you very much!

the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Fixes hyperledger-cacti#2862 Signed-ff by: zondercalvez <[email protected]>

Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Primary Changes: Updated the https-cache-semantics to latest version inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

zondervancalvez · 2024-04-04T06:00:48Z

There are no vulnerabilities found anymore from the latest scan. See image below:

We can now close this issue.

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

petermetz · 2024-04-04T06:07:43Z

@zondervancalvez Got it, thank you for confirming!

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Primary Changes: Updated the https-cache-semantics to latest version inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger-cacti#2862 Signed-off-by: zondervancalvez <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>

Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: #2862 Signed-off-by: zondervancalvez <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>

Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger-cacti#2862 Signed-off-by: zondervancalvez <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>

Trivy is a cutting-edge security tool designed to enhance the safety of containerized applications by conducting thorough vulnerability assessments. Specifically developed for scanning container images, ranging from low-severity issues to critical threats. It employs an intelligent rating system to categorize vulnerabilities based on their severity levels, ensuring that high to critical vulnerabilities are given special attention. Upon detecting vulnerabilities that fall within this elevated range, Trivy will throw an error. By integrating Trivy into our deployment pipeline, we can proactively mitigate security risks and enhance the resilience of our repository. Fixes hyperledger#1876 Depends On: hyperledger#2865 Depends On: hyperledger#2864 Depends On: hyperledger#2863 Depends On: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

Primary Changes: Updated the Dockerfile & https-cache-semantics inside the cmd-api-server package Fixes: hyperledger-cacti#2862 Signed-off-by: zondervancalvez <[email protected]> Signed-off-by: Peter Somogyvari <[email protected]>

zondervancalvez changed the title ~~fix(security): vulnerabilities found in cmd-api-server~~ tools(cmd-api-server): address CVE: CVE-2022-25881 Nov 7, 2023

jagpreetsinghsasan assigned zondervancalvez Nov 9, 2023

jagpreetsinghsasan added this to Cacti_Scrum_Project_v2_Release Nov 9, 2023

jagpreetsinghsasan moved this to In Progress in Cacti_Scrum_Project_v2_Release Nov 9, 2023

zondervancalvez mentioned this issue Nov 10, 2023

ci: add container scanning to default checks #2870

Merged

5 tasks

zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Nov 20, 2023

tools(cmd-api-server): address CVE: CVE-2022-25881

eab191c

Fixes hyperledger-cacti#2862 Signed-ff by: zondercalvez <[email protected]>

zondervancalvez added a commit to zondervancalvez/cactus that referenced this issue Nov 20, 2023

tools(cmd-api-server): address CVE: CVE-2022-25881

96171a0

Fixes hyperledger-cacti#2862 Signed-ff by: zondercalvez <[email protected]>

zondervancalvez referenced this issue in zondervancalvez/cactus Nov 20, 2023

tools(cmd-api-server): address CVE: CVE-2022-25881

57f7751

Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

zondervancalvez referenced this issue in zondervancalvez/cactus Nov 20, 2023

tools(cmd-api-server): address CVE: CVE-2022-25881

1cd8a85

Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

zondervancalvez moved this from In Progress to In review in Cacti_Scrum_Project_v2_Release Nov 20, 2023

zondervancalvez mentioned this issue Nov 20, 2023

fix(cmd-api-server): address CVE-2022-25881 #2899

Merged

5 tasks

zondervancalvez referenced this issue in zondervancalvez/cactus Nov 27, 2023

tools(cmd-api-server): address CVE: CVE-2022-25881

fe4d2d7

Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

zondervancalvez referenced this issue in zondervancalvez/cactus Nov 30, 2023

tools(cmd-api-server): address CVE: CVE-2022-25881

1c427ef

Fixes: hyperledger#2862 Signed-off-by: zondervancalvez <[email protected]>

petermetz closed this as completed Apr 4, 2024

github-project-automation bot moved this from In review to Done in Cacti_Scrum_Project_v2_Release Apr 4, 2024

jagpreetsinghsasan removed this from Cacti_Scrum_Project_v2_Release Apr 15, 2024

aldousalvarez added this to Cacti_Scrum_Project_v2_Release May 30, 2024

aldousalvarez moved this to Done in Cacti_Scrum_Project_v2_Release May 30, 2024

petermetz mentioned this issue Jun 14, 2024

chore(release): publish v2.0.0-rc.1 #3324

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

tools(cmd-api-server): address CVE: CVE-2022-25881 #2862

tools(cmd-api-server): address CVE: CVE-2022-25881 #2862

zondervancalvez commented Nov 6, 2023 •

edited

Loading

petermetz commented Nov 6, 2023

zondervancalvez commented Nov 8, 2023

petermetz commented Nov 10, 2023

zondervancalvez commented Apr 4, 2024 •

edited

Loading

petermetz commented Apr 4, 2024

tools(cmd-api-server): address CVE: CVE-2022-25881 #2862

tools(cmd-api-server): address CVE: CVE-2022-25881 #2862

Comments

zondervancalvez commented Nov 6, 2023 • edited Loading

Description

petermetz commented Nov 6, 2023

zondervancalvez commented Nov 8, 2023

petermetz commented Nov 10, 2023

zondervancalvez commented Apr 4, 2024 • edited Loading

petermetz commented Apr 4, 2024

zondervancalvez commented Nov 6, 2023 •

edited

Loading

zondervancalvez commented Apr 4, 2024 •

edited

Loading