Vulnerability issue with 6.2.8 cp images CVE-2021-46848
cedricAI23 opened this issue · 1 comments
The following images are showing them vulnerable to CVE-2021-46848 for 6.2.8. Please provide a resolution
trivy image confluentinc/cp-kafka-connect:6.2.8 | grep CVE-2021-46848 2023-02-14T10:04:31.403-0500 INFO Need to update DB 2023-02-14T10:04:31.403-0500 INFO DB Repository: ghcr.io/aquasecurity/trivy-db 2023-02-14T10:04:31.403-0500 INFO Downloading DB... 35.63 MiB / 35.63 MiB [---------------------------------------------------------------------------------] 100.00% 15.80 MiB p/s 2.5s 2023-02-14T10:04:34.580-0500 INFO Vulnerability scanning is enabled 2023-02-14T10:04:34.580-0500 INFO Secret scanning is enabled 2023-02-14T10:04:34.580-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning 2023-02-14T10:04:34.580-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection 2023-02-14T10:04:35.335-0500 INFO Detected OS: redhat 2023-02-14T10:04:35.335-0500 INFO Detecting RHEL/CentOS vulnerabilities... 2023-02-14T10:04:35.362-0500 INFO Number of language-specific files: 2 2023-02-14T10:04:35.362-0500 INFO Detecting jar vulnerabilities... 2023-02-14T10:04:35.377-0500 INFO Detecting python-pkg vulnerabilities... 2023-02-14T10:04:35.405-0500 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file. │ libtasn1 │ CVE-2021-46848 │ 4.13-3.el8 │ 4.13-4.el8_7 │ libtasn1: Out-of-bound access in ETYPE_OK │
trivy image confluentinc/cp-kafka:6.2.8 | grep CVE-2021-46848
2023-02-14T10:06:08.720-0500 INFO Vulnerability scanning is enabled
2023-02-14T10:06:08.720-0500 INFO Secret scanning is enabled
2023-02-14T10:06:08.720-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-02-14T10:06:08.720-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection
2023-02-14T10:06:09.320-0500 INFO Detected OS: redhat
2023-02-14T10:06:09.320-0500 INFO Detecting RHEL/CentOS vulnerabilities...
2023-02-14T10:06:09.352-0500 INFO Number of language-specific files: 2
2023-02-14T10:06:09.352-0500 INFO Detecting jar vulnerabilities...
2023-02-14T10:06:09.357-0500 INFO Detecting python-pkg vulnerabilities...
2023-02-14T10:06:09.392-0500 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
│ libtasn1 │ CVE-2021-46848 │ 4.13-3.el8 │ 4.13-4.el8_7 │ libtasn1: Out-of-bound access in ETYPE_OK`
trivy image confluentinc/cp-zookeeper:6.2.8 | grep CVE-2021-46848
2023-02-14T10:07:34.074-0500 INFO Vulnerability scanning is enabled
2023-02-14T10:07:34.074-0500 INFO Secret scanning is enabled
2023-02-14T10:07:34.074-0500 INFO If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-02-14T10:07:34.074-0500 INFO Please see also https://aquasecurity.github.io/trivy/v0.36/docs/secret/scanning/#recommendation for faster secret detection
2023-02-14T10:07:37.959-0500 INFO Detected OS: redhat
2023-02-14T10:07:37.959-0500 INFO Detecting RHEL/CentOS vulnerabilities...
2023-02-14T10:07:37.977-0500 INFO Number of language-specific files: 2
2023-02-14T10:07:37.977-0500 INFO Detecting jar vulnerabilities...
2023-02-14T10:07:37.979-0500 INFO Detecting python-pkg vulnerabilities...
2023-02-14T10:07:38.004-0500 INFO Table result includes only package filenames. Use '--format json' option to get the full path to the package file.
│ libtasn1 │ CVE-2021-46848 │ 4.13-3.el8 │ 4.13-4.el8_7 │ libtasn1: Out-of-bound access in ETYPE_OK`
@cedricAI23
This issue has been addressed by Red Hat in RHSA-2023:0116 on January 12, 2023.
We are aware of this issue and expect to resolve it in the upcoming quarterly release.