OpenSSL 1.1.1 < 1.1.1x Vulnerability

Question

OpenSSL 1.1.1 < 1.1.1x Vulnerability

lions1988 opened this issue 9 months ago · 1 comments

lions1988 commented 9 months ago

Hey team

Our Nesssus scanners detected the following vulnerability on our self-hosted ClearML
OpenSSL 1.1.1 < 1.1.1x Vulnerability

ClearML versions: WebApp: 1.14.0-431 • Server: 1.14.0-431 • API: 2.28
Nessus plugin: https://www.tenable.com/plugins/nessus/184811
CVE: https://nvd.nist.gov/vuln/detail/CVE-2023-5678

I can assume these issues are coming from the base OS image, I have seen this on all clearml containers besides redis

Please advice
Thank you

Answer 1 · 2024-03-20T13:46:26.000Z

As you assume, @lions1988 this is indeed propagating from an underlying base image.
Seeing as this is considered a minor issue, we're not planning any hotfix release on this, and will address it further down the road in an upcoming release.