You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
Running docker scan on promtail:2.3.0 image gives a lot of vulnerabilities.
Click here to expand report!
docker scan report
Testing grafana/promtail:2.3.0...
✗ Low severity vulnerability found in util-linux/libuuid1
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-UTILLINUX-1534833
Introduced through: util-linux/libuuid1@2.33.1-0.1, e2fsprogs@1.44.5-1+deb10u3, util-linux/mount@2.33.1-0.1, util-linux/fdisk@2.33.1-0.1, util-linux/libblkid1@2.33.1-0.1, util-linux@2.33.1-0.1, sysvinit/sysvinit-utils@2.93-8, util-linux/bsdutils@1:2.33.1-0.1, util-linux/libfdisk1@2.33.1-0.1, util-linux/libmount1@2.33.1-0.1, util-linux/libsmartcols1@2.33.1-0.1
From: util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libuuid1@2.33.1-0.1
From: e2fsprogs@1.44.5-1+deb10u3 > util-linux/libblkid1@2.33.1-0.1 > util-linux/libuuid1@2.33.1-0.1
and 25 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in tar
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-1063001
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in tar
Description: CVE-2005-2541
Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-312331
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in tar
Description: NULL Pointer Dereference
Info: https://snyk.io/vuln/SNYK-DEBIAN10-TAR-341203
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > tar@1.30+dfsg-6
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in systemd/libsystemd0
Description: Authentication Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-1291056
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, systemd/libsystemd-dev@247.3-6~bpo10+1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@247.3-6~bpo10+1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@247.3-6~bpo10+1
and 5 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in systemd/libsystemd0
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-305144
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, systemd/libsystemd-dev@247.3-6~bpo10+1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@247.3-6~bpo10+1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@247.3-6~bpo10+1
and 5 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in systemd/libsystemd0
Description: Missing Release of Resource after Effective Lifetime
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-542807
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, systemd/libsystemd-dev@247.3-6~bpo10+1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@247.3-6~bpo10+1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@247.3-6~bpo10+1
and 5 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in systemd/libsystemd0
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-570991
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, systemd/libsystemd-dev@247.3-6~bpo10+1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@247.3-6~bpo10+1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@247.3-6~bpo10+1
and 5 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in shadow/passwd
Description: Time-of-check Time-of-use (TOCTOU)
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306205
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306230
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in shadow/passwd
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-306250
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in shadow/passwd
Description: Incorrect Permission Assignment for Critical Resource
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SHADOW-539852
Introduced through: shadow/passwd@1:4.5-1.1, adduser@3.118, shadow/login@1:4.5-1.1, util-linux/mount@2.33.1-0.1
From: shadow/passwd@1:4.5-1.1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1
From: shadow/login@1:4.5-1.1
and 1 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in perl/perl-base
Description: Link Following
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PERL-327793
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > perl/perl-base@5.28.1-6+deb10u1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345321
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345353
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345502
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-345530
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in pcre3/libpcre3
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572368
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374709
Introduced through: ca-certificates@20200601~deb10u2
From: ca-certificates@20200601~deb10u2 > openssl@1.1.1d-0+deb10u6 > openssl/libssl1.1@1.1.1d-0+deb10u6
From: ca-certificates@20200601~deb10u2 > openssl@1.1.1d-0+deb10u6
Image layer: '/bin/sh -c apt-get update && apt-get install -qy tzdata ca-certificates'
✗ Low severity vulnerability found in openssl/libssl1.1
Description: Cryptographic Issues
Info: https://snyk.io/vuln/SNYK-DEBIAN10-OPENSSL-374996
Introduced through: ca-certificates@20200601~deb10u2
From: ca-certificates@20200601~deb10u2 > openssl@1.1.1d-0+deb10u6 > openssl/libssl1.1@1.1.1d-0+deb10u6
From: ca-certificates@20200601~deb10u2 > openssl@1.1.1d-0+deb10u6
Image layer: '/bin/sh -c apt-get update && apt-get install -qy tzdata ca-certificates'
✗ Low severity vulnerability found in lz4/liblz4-1
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LZ4-473072
Introduced through: systemd/libsystemd-dev@247.3-6~bpo10+1, apt@1.8.2.3
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1 > lz4/liblz4-1@1.8.3-1+deb10u1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > lz4/liblz4-1@1.8.3-1+deb10u1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in libtasn1-6
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBTASN16-339585
Introduced through: libtasn1-6@4.13-3, apt@1.8.2.3
From: libtasn1-6@4.13-3
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u7 > libtasn1-6@4.13-3
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315628
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315630
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315636
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in libsepol/libsepol1
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSEPOL-1315642
Introduced through: libsepol/libsepol1@2.8-1, adduser@3.118
From: libsepol/libsepol1@2.8-1
From: adduser@3.118 > shadow/passwd@1:4.5-1.1 > libsemanage/libsemanage1@2.8-2 > libsepol/libsepol1@2.8-1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in libseccomp/libseccomp2
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBSECCOMP-341044
Introduced through: libseccomp/libseccomp2@2.3.3-4, apt@1.8.2.3
From: libseccomp/libseccomp2@2.3.3-4
From: apt@1.8.2.3 > libseccomp/libseccomp2@2.3.3-4
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in libgcrypt20
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-391902
Introduced through: apt@1.8.2.3, systemd/libsystemd-dev@247.3-6~bpo10+1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5+deb10u1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1 > libgcrypt20@1.8.4-5+deb10u1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in gnutls28/libgnutls30
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUTLS28-340755
Introduced through: gnutls28/libgnutls30@3.6.7-4+deb10u7, apt@1.8.2.3
From: gnutls28/libgnutls30@3.6.7-4+deb10u7
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u7
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in gnupg2/gpgv
Description: Use of a Broken or Risky Cryptographic Algorithm
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GNUPG2-535553
Introduced through: gnupg2/gpgv@2.2.12-1+deb10u1, apt@1.8.2.3
From: gnupg2/gpgv@2.2.12-1+deb10u1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Double Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1078993
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338106
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Uncontrolled Recursion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-338163
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356371
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356671
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Resource Management Errors
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356735
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: CVE-2010-4051
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-356875
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452228
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Access Restriction Bypass
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-452267
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Use of Insufficiently Random Values
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453375
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-453640
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-534995
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in glibc/libc-bin
Description: Integer Underflow
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-564233
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in coreutils
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317465
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in coreutils
Description: Race Condition
Info: https://snyk.io/vuln/SNYK-DEBIAN10-COREUTILS-317494
Introduced through: coreutils@8.30-3
From: coreutils@8.30-3
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in bash
Description: Improper Check for Dropped Privileges
Info: https://snyk.io/vuln/SNYK-DEBIAN10-BASH-536280
Introduced through: bash@5.0-4
From: bash@5.0-4
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Low severity vulnerability found in apt/libapt-pkg5.0
Description: Improper Verification of Cryptographic Signature
Info: https://snyk.io/vuln/SNYK-DEBIAN10-APT-407502
Introduced through: apt/libapt-pkg5.0@1.8.2.3, apt@1.8.2.3
From: apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3
From: apt@1.8.2.3
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Medium severity vulnerability found in pcre3/libpcre3
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-PCRE3-572367
Introduced through: meta-common-packages@meta
From: meta-common-packages@meta > pcre3/libpcre3@2:8.39-12
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Medium severity vulnerability found in libgcrypt20
Description: Race Condition
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBGCRYPT20-460489
Introduced through: apt@1.8.2.3, systemd/libsystemd-dev@247.3-6~bpo10+1
From: apt@1.8.2.3 > gnupg2/gpgv@2.2.12-1+deb10u1 > libgcrypt20@1.8.4-5+deb10u1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1 > libgcrypt20@1.8.4-5+deb10u1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Medium severity vulnerability found in glibc/libc-bin
Description: Loop with Unreachable Exit Condition ('Infinite Loop')
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1035462
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Medium severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Read
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1055403
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Medium severity vulnerability found in glibc/libc-bin
Description: Out-of-Bounds
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559181
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in systemd/libsystemd0
Description: Privilege Chaining
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345386
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, systemd/libsystemd-dev@247.3-6~bpo10+1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@247.3-6~bpo10+1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@247.3-6~bpo10+1
and 5 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in systemd/libsystemd0
Description: Incorrect Privilege Assignment
Info: https://snyk.io/vuln/SNYK-DEBIAN10-SYSTEMD-345391
Introduced through: util-linux/bsdutils@1:2.33.1-0.1, systemd/libsystemd-dev@247.3-6~bpo10+1, apt@1.8.2.3, util-linux/mount@2.33.1-0.1, systemd/libudev1@241-7~deb10u8
From: util-linux/bsdutils@1:2.33.1-0.1 > systemd/libsystemd0@247.3-6~bpo10+1
From: systemd/libsystemd-dev@247.3-6~bpo10+1 > systemd/libsystemd0@247.3-6~bpo10+1
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > systemd/libsystemd0@247.3-6~bpo10+1
and 5 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in libidn2/libidn2-0
Description: Improper Input Validation
Info: https://snyk.io/vuln/SNYK-DEBIAN10-LIBIDN2-474100
Introduced through: libidn2/libidn2-0@2.0.5-1+deb10u1, apt@1.8.2.3
From: libidn2/libidn2-0@2.0.5-1+deb10u1
From: apt@1.8.2.3 > gnutls28/libgnutls30@3.6.7-4+deb10u7 > libidn2/libidn2-0@2.0.5-1+deb10u1
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in glibc/libc-bin
Description: Reachable Assertion
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1065768
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in glibc/libc-bin
Description: Out-of-bounds Write
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559488
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-559493
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Information Exposure
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-347558
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ High severity vulnerability found in gcc-8/libstdc++6
Description: Insufficient Entropy
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GCC8-469413
Introduced through: gcc-8/libstdc++6@8.3.0-6, apt@1.8.2.3, meta-common-packages@meta
From: gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
From: apt@1.8.2.3 > apt/libapt-pkg5.0@1.8.2.3 > gcc-8/libstdc++6@8.3.0-6
and 2 more...
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Critical severity vulnerability found in glibc/libc-bin
Description: Use After Free
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1296899
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
✗ Critical severity vulnerability found in glibc/libc-bin
Description: Integer Overflow or Wraparound
Info: https://snyk.io/vuln/SNYK-DEBIAN10-GLIBC-1315333
Introduced through: glibc/libc-bin@2.28-10, meta-common-packages@meta
From: glibc/libc-bin@2.28-10
From: meta-common-packages@meta > glibc/libc6@2.28-10
Image layer: Introduced by your base image (debian:10.10-slim)
To Reproduce docker scan grafana/promtail:2.3.0
or snyk test --docker grafana/promtail:2.3.0
Expected behavior
Less high and critical vulnerabilities :). I see that base: debian:buster-slim is used. Is it possible to replace it with debian:bullseye-slim or even an other base with less vulnerabilities? I tried to build it locally, but didn't get it to work. Probably not enough knowledge of how the project works.
Environment:
Infrastructure: laptop
Deployment tool: docker
Screenshots, Promtail config, or terminal output
N/A
The text was updated successfully, but these errors were encountered:
Hi! This issue has been automatically marked as stale because it has not had any
activity in the past 30 days.
We use a stalebot among other tools to help manage the state of issues in this project.
A stalebot can be very useful in closing issues in a number of cases; the most common
is closing issues or PRs where the original reporter has not responded.
Stalebots are also emotionless and cruel and can close issues which are still very relevant.
If this issue is important to you, please add a comment to keep it open. More importantly, please add a thumbs-up to the original issue entry.
We regularly sort for closed issues which have a stale label sorted by thumbs up.
We may also:
Mark issues as revivable if we think it's a valid issue but isn't something we are likely
to prioritize in the future (the issue will still remain closed).
Add a keepalive label to silence the stalebot if the issue is very common/popular/important.
We are doing our best to respond, organize, and prioritize all issues but it can be a challenging task,
our sincere apologies if you find yourself at the mercy of the stalebot.
stalebot
added
the
stale
A stale issue or PR that will automatically be closed.
label
Oct 2, 2021
Describe the bug
Running
docker scan
on promtail:2.3.0 image gives a lot of vulnerabilities.Click here to expand report!
docker scan report
To Reproduce
docker scan grafana/promtail:2.3.0
or
snyk test --docker grafana/promtail:2.3.0
Expected behavior
Less high and critical vulnerabilities :). I see that base:
debian:buster-slim
is used. Is it possible to replace it withdebian:bullseye-slim
or even an other base with less vulnerabilities? I tried to build it locally, but didn't get it to work. Probably not enough knowledge of how the project works.Environment:
Screenshots, Promtail config, or terminal output
N/A
The text was updated successfully, but these errors were encountered: