vulnerabilities with tag 2.9.5 image:
We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.
What is the solution? Do w ehave a clean image from 1Password?
Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791
Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478
1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided
Comments
-
We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.
What is the solution? Do w ehave a clean image from 1Password?
Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c4781Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided0 -
We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.
What is the solution? Do we have a clean image from 1Password?
Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c4781Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided0 -
We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.
What is the solution? Do w ehave a clean image from 1Password?
Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c4781Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided0 -
Hey @radew,
Thank you for bringing this to our attention.
We have reviewed the vulnerabilities you've reported for the 2.9.5 image tag, and after a thorough investigation, we have determined that at this time there is no evidence we are impacted, nor that they are exploitable in our product. We understand the importance of maintaining a secure environment and take such reports seriously.
Please feel free to reach out if you have any further questions or need additional assistance.
0