Обсуждение: Vulnerability remediation

Поиск
Список
Период
Сортировка

Vulnerability remediation

От
Al Wilson
Дата:
Does anyone have any insight on this?  Perhaps point to something I can read?
  1. Vulnerability scanner indicates "Postgres default account: postgres/no password"
  2. Scanner  states Proof as "Successfully authenticated to the Postgres service with credentials uid [postgres] pw [realm]
  3. Application owner initially claimed that this was a false positive, but later claimed that it was resolved within the Docker instance
    1. Scanner still showed vulnerability.
  4. Found article that seemed to indicate that using the --env would address the postgres image vs. the Docker.
    1. https://squaredup.com/blog/running-postgres-in-docker/
    2. Scanner still shows vulnerability.
  5. PostGres version is 9.5, if that makes a difference.

Re: Vulnerability remediation

От
Bzzzz
Дата:
On Wed, 3 Jan 2024 12:03:51 -0500
Al Wilson <mawilson12@gmail.com> wrote:


>    5. PostGres version is 9.5, if that makes a difference.

Common, the stable version is… 15 and 9.5 is not maintained since a
looong time!

Jean-Yves