Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Problem: rsync vulnerability CVE-2024-12084 detected in Docker image #2711

Open
bedla opened this issue Jan 24, 2025 · 1 comment
Open

Problem: rsync vulnerability CVE-2024-12084 detected in Docker image #2711

bedla opened this issue Jan 24, 2025 · 1 comment
Labels
security

Comments

@bedla
Copy link

bedla commented Jan 24, 2025

Issue

Hi,
security scanner Trivy detecting in semaphore Docker image rsync vulnerability CVE-2024-12084 https://sysdig.com/blog/detecting-and-mitigating-cve-2024-12084-rsync-remote-code-execution/
Is there impact or it is false positive? Or do you have plan to fix it?
Thank you
Ivos

Impact

Docker

Installation method

Docker

Database

No response

Browser

No response

Semaphore Version

v2.11.2
v2.12.0-beta3

Ansible Version



Logs & errors


No response


Manual installation - system information


No response


Configuration


No response


Additional information


No response

      		
    

      
  





        



            

              
            

        

      


      
    








      

    



      

  
      



  

  @fiftin





  


    

      

  

    

        
    
    

  


      
          
  
      
            Copy link

  

      
    

  


  

      

  
    Collaborator


      

  


  

    

      

      
            fiftin
  

      

      

      commented


        Jan 24, 2025


      
  

  

    
      

        
          edited
          
        
        
      

    
    
      
        
      Loading

      
    
  



    


  





      


        


  
    

      
          
rsync 3.2.7 used in image. So, yes, looks like it is true.


rsync installed from alpine3.19 registry. So, the issue can be fixed by upgrading base image.

      		
    

  





        


            

            

              
            

        

      


      

            
  

    
  
    
    

  

  



    












      

  
            











  
  

    

      

  





  




  
  

              

  
    Sign up for free
    to join this conversation on GitHub.
    Already have an account?
    Sign in to comment


  



  






  
                  




    

  


      
  

    Assignees
  



        

    No one assigned







      


  


  

    Labels
  



    

      

    security









      

  

    

        

    Projects
  


        




    None yet




  



      


  

    
  

    Milestone
  


      No milestone





    
      
          


  

    
      

        
    

    Development
  




          
    
No branches or pull requests







    
  




      

    

  
      

  

    

      2 participants
    

    

        
          @bedla 
        
          @fiftin