forked from cyberark/conjur
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy path.trivyignore
30 lines (27 loc) · 1.43 KB
/
.trivyignore
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
# Rake vulnerability for versions < 12.3.3. The version of Rake used by Conjur
# has been updated to 13.0.1. Some of the Conjur dependencies still declare a
# vulnerable version of Rake in their development dependencies, but do not pose
# a risk to Conjur.
CVE-2020-8130
# These vulnerabilites are present in the Ubuntu 18.04 base image and are being
# analyzed to determined their impact on the Conjur container image.
# Follow up issue: https://github.com/cyberark/conjur/issues/1461
CVE-2019-10220
CVE-2019-19813
CVE-2019-19814
CVE-2019-19816
# Applications that call the SSL_check_chain() function during or after a TLS 1.3 handshake
# may crash due to a NULL pointer dereference as a result of incorrect handling of the "signature_algorithms_cert"
# TLS extension. this issue was fixed in OpenSSL 1.1.1g
#
# In order to support fips with openssl we are required to downgrading openssl version to 1.0.2 until openssl will
# support fips module in newer versions
# This vulnerability this is not relevant to us as
# 1. The installed version (1.0.2u) does not support 1.3
# 2. Trivy detect the usage of openssl 1.0.2 (can be reproduced with
# docker run -v /var/run/docker.sock:/var/run/docker.sock
# -v $(PWD):/workspace --rm aquasec/trivy -f json -o /workspace/scan_results-conjur-unfixed.json --no-progress
# --ignorefile .trivyignore registry.tld/ruby-fips-base-image-phusion:1.0.0)
#
# Performed by @yahalomk approved by @shaharglazner
CVE-2020-1967