Skip to content

Commit

Permalink
Ignore CVE-2024-37371 and CVE-2024-37370 in docker image
Browse files Browse the repository at this point in the history 
These CVEs are in krb5, a library that handles kerbeos authentication.
We don't any kerbeos in production, but also the issues are  fixed in
1.20.1-2+deb12u2 which is available in the debian repos and the docker
build logs show is being installed. This seems to be a false positive by
ECR
  • Loading branch information
@yob
yob committed Aug 29, 2024
1 parent 3f8459f commit 1c2a63e
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion .buildkite/ecr-scan-results-ignore.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -18,4 +18,6 @@ ignores:
- id: CVE-2024-0567 # gnutls28 3.7.9-2+deb12u1
- id: CVE-2023-50387 # systemd 252.17-1~deb12u1
- id: CVE-2024-0553 # gnutls28 3.7.9-2
- id: CVE-2024-0567 # gnutls28 3.7.9-2+deb12u1
- id: CVE-2024-0567 # gnutls28 3.7.9-2+deb12u1
- id: CVE-2024-37371 # krb5 1.20.1-2+deb12u1
- id: CVE-2024-37370 # krb5 1.20.1-2+deb12u1

0 comments on commit 1c2a63e

Please sign in to comment.