Update 5-2-6.md

sourcegraph · Jan 10, 2024 · 4319dfb · 4319dfb
1 parent 4108a95
commit 4319dfb
Showing 1 changed file with 2 additions and 2 deletions.
diff --git a/content/departments/security/tooling/trivy/5-2-6.md b/content/departments/security/tooling/trivy/5-2-6.md
@@ -5,8 +5,8 @@
 | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325)        | sourcegraph/executor, caddy, sourcegraph/bundled-executor                                                                                                                                                           | High         | 7.5             | Medium                                                                                                         | 4.7                      | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. |
 | [GHSA-M425-MQ94-257G](https://github.com/grpc/grpc-go)                   | sourcegraph/executor-kubernetes, sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor, caddy, sourcegraph/executor-kubernetes, sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor | High         | 7.5             | Medium                                                                                                         | 5                        | We are not vulnerable to 'gRPC-Go HTTP/2 Rapid Reset vulnerability' because we do not expose these service directly to the internet and only reacheable through direct access to the infrastructure.                                                         |
 | [CVE-2023-5363](http://www.openwall.com/lists/oss-security/2023/10/24/1) | sourcegraph/dind                                                                                                                                                                                                    | High         | 7.5             | Info                                                                                                           | 0                        | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments.                                                                                                                                        |
-| [CVE-2023-47108](https://access.redhat.com/security/cve/CVE-2023-47108)  | sourcegraph/dind                                                                                                                                                                                                    | High         | 7.5             | Info                                                                                                           | 0                        | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments.                                                                                                                                        |
-| [CVE-2023-45142](https://access.redhat.com/security/cve/CVE-2023-45142)  | sourcegraph/dind                                                                                                                                                                                                    | High         | 7.5             | Info                                                                                                           | 0                        | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments.                                                                                                                                        |
+| [CVE-2023-47108](https://access.redhat.com/security/cve/CVE-2023-47108)  | caddy, sourcegraph/dind                                                                                                                                                                                                    | High         | 7.5             | Info                                                                                                           | 0                        | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments.                                                                                                                                        |
+| [CVE-2023-45142](https://access.redhat.com/security/cve/CVE-2023-45142)  | caddy, sourcegraph/dind                                                                                                                                                                                                    | High         | 7.5             | Info                                                                                                           | 0                        | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments.                                                                                                                                        |
 
 ## Known False Positives