You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The problem is that trivy isn’t detecting fluent-bit being installed in the container image and thus not reporting the issue. This problem can be easily replicated by running trivy scanner locally:
Reproduction Steps
trivy i cr.fluentbit.io/fluent/fluent-bit:2.1.4 -s CRITICAL
Target
Container Image
Scanner
Vulnerability
Target OS
No response
Debug Output
trivy i cr.fluentbit.io/fluent/fluent-bit:2.1.4 -s CRITICAL
Discussed in #6793
Originally posted by pradyumnaparalikar May 27, 2024
IDs
CVE-2024-4323
Description
fluent-bitcomponent for log processing. There was CRITICAL 9.8 CVE discovered in the application recently - https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/The problem is that trivy isn’t detecting
fluent-bitbeing installed in the container image and thus not reporting the issue. This problem can be easily replicated by running trivy scanner locally:Reproduction Steps
Target
Container Image
Scanner
Vulnerability
Target OS
No response
Debug Output
Version
Checklist
-f jsonthat shows data sources and confirmed that the security advisory in data sources was correctThe text was updated successfully, but these errors were encountered: