Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix(keychain-vault-server): address CVEs: CVE-2021-22946, CVE-2022-1304, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156 #2565

Closed

Conversation

ruzell22
Copy link
Contributor

fixes: #2058

Copy link
Contributor

@petermetz petermetz left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@ruzell22 Please make the issue title & PR title & commit subject unique (include CVE IDs that are being fixed.
Something like fix(keychain-vault-server): address CVEs: X,Y,Z...

@ruzell22 ruzell22 changed the title fix(security): vulnerabilities found in keychain-vault-server #2058 fix(keychain-vault-server): address CVEs: CVE-2021-22946, CVE-2022-1304, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156 Jul 25, 2023
…, CVE-2018-12886, CVE-2022-29458, CVE-2019-3843, CVE-2019-3844, CVE-2022-29458, CVE-2020-16156

fixes: hyperledger-cacti#2058

trivy scanner verified that the vulnerabilities in keychain-vault-server
is not appearing anymore. CVEs are the following
- CVE-2021-22946
- CVE-2022-1304
- CVE-2018-12886
- CVE-2022-29458
- CVE-2019-3843
- CVE-2019-3844
- CVE-2022-29458 (base)
- CVE-2022-29458 (bin)
- CVE-2020-16156

No changes was needed to be merged.

Signed-off-by: ruzell22 <ruzell.vince.aquino@accenture.com>
@ruzell22
Copy link
Contributor Author

Hello @petermetz , changed the commit title and commit message. This PR would not require to be merged because it is just a trivy scanner to check the vulnerabilities. Here is the result of the scan which shows there are 0 Critical and 0 High vulnerabilities in keychain-vault-server.

image

#2058 is now fixed and can be closed. Thank you

@ruzell22 ruzell22 requested a review from petermetz July 25, 2023 05:22
@petermetz
Copy link
Contributor

Hello @petermetz , changed the commit title and commit message. This PR would not require to be merged because it is just a trivy scanner to check the vulnerabilities. Here is the result of the scan which shows there are 0 Critical and 0 High vulnerabilities in keychain-vault-server.

image

#2058 is now fixed and can be closed. Thank you

@ruzell22 Oh, I see, great! Thank you very much!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

fix(security): vulnerabilities found in keychain-vault-server
2 participants