vulnerabilities with tag 2.9.5 image:

radew
radew
Community Member

We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

What is the solution? Do w ehave a clean image from 1Password?

Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791

Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Comments

  • radew
    radew
    Community Member

    We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

    What is the solution? Do w ehave a clean image from 1Password?

    Docker Scan
    1 Critical - CVE-2024-24790
    1 High - CVE 2024-24791

    Wiz Scan
    1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Browser: Not Provided

  • radew
    radew
    Community Member

    We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

    What is the solution? Do we have a clean image from 1Password?

    Docker Scan
    1 Critical - CVE-2024-24790
    1 High - CVE 2024-24791

    Wiz Scan
    1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Browser: Not Provided

  • radew
    radew
    Community Member

    We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

    What is the solution? Do w ehave a clean image from 1Password?

    Docker Scan
    1 Critical - CVE-2024-24790
    1 High - CVE 2024-24791

    Wiz Scan
    1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


    1Password Version: Not Provided
    Extension Version: Not Provided
    OS Version: Not Provided
    Browser: Not Provided

  • Hey @radew,

    Thank you for bringing this to our attention.

    We have reviewed the vulnerabilities you've reported for the 2.9.5 image tag, and after a thorough investigation, we have determined that at this time there is no evidence we are impacted, nor that they are exploitable in our product. We understand the importance of maintaining a secure environment and take such reports seriously.

    Please feel free to reach out if you have any further questions or need additional assistance.