From d06ac353110163959367fe654ce5617bae631292 Mon Sep 17 00:00:00 2001 From: Mohammad Alam Date: Wed, 10 Jan 2024 16:20:40 -0500 Subject: [PATCH] Update 5-2-6.md --- content/departments/security/tooling/trivy/5-2-6.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/content/departments/security/tooling/trivy/5-2-6.md b/content/departments/security/tooling/trivy/5-2-6.md index 0557900e6eb9..5fb0e16eea1e 100644 --- a/content/departments/security/tooling/trivy/5-2-6.md +++ b/content/departments/security/tooling/trivy/5-2-6.md @@ -4,7 +4,7 @@ | ------------------------------------------------------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | ------------ | --------------- | -------------------------------------------------------------------------------------------------------------- | ------------------------ | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | [CVE-2023-39325](https://nvd.nist.gov/vuln/detail/CVE-2023-39325) | sourcegraph/executor, caddy, sourcegraph/bundled-executor, sourcegraph/dind, sourcegraph/executor-kubernetes | High | 7.5 | Medium | 4.7 | The services that are vulnerable to this issue are typically not exposed on the internet. The likelihood of exploitation is low and this does not have a significant impact on the security of the instance. The issue is not present in Sourcegraph itself. | | [GHSA-M425-MQ94-257G](https://github.com/grpc/grpc-go) | sourcegraph/executor-kubernetes, sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor, caddy, sourcegraph/executor-kubernetes, sourcegraph/dind, sourcegraph/executor, sourcegraph/bundled-executor | High | 7.5 | Medium | 5 | We are not vulnerable to 'gRPC-Go HTTP/2 Rapid Reset vulnerability' because we do not expose these service directly to the internet and only reacheable through direct access to the infrastructure. | -| [CVE-2023-5363](http://www.openwall.com/lists/oss-security/2023/10/24/1) | sourcegraph/dind | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. | +| [CVE-2023-5363](http://www.openwall.com/lists/oss-security/2023/10/24/1) | caddy | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. | | [CVE-2023-47108](https://access.redhat.com/security/cve/CVE-2023-47108) | caddy, sourcegraph/dind | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. | | [CVE-2023-45142](https://access.redhat.com/security/cve/CVE-2023-45142) | caddy, sourcegraph/dind | High | 7.5 | Info | 0 | This workload is not exposed and cannot be reached over the internet. This image is not part of standard deployments. |