trivy icon indicating copy to clipboard operation
trivy copied to clipboard

Published 20 hours ago verified publisher icon aquasecurity

Incorrect management of NACL in deny mode in AWS

Open huats opened this issue 2 years ago • 1 comments

Description

When running trivy to analyze an aws account it reports that a NACL is "An ingress Network ACL rule allows ALL ports." The NACL in question is indeed a ALL port one but a DENY. It shouldn't be treated as a security issue

What did you expect to happen?

A NACL with ALL in DENY mode shouldn't be reported

What happened instead?

I have the message "An ingress Network ACL rule allows ALL ports."

Output of trivy -v:

Version: 0.35.0 Vulnerability DB: Version: 2 UpdatedAt: 2022-11-01 19:20:57.894929377 +0000 UTC NextUpdate: 2022-11-02 01:20:57.894929177 +0000 UTC DownloadedAt: 2022-11-01 19:36:53.283908708 +0000 UTC

Additional details (base image name, container registry info...):

huats avatar Dec 09 '22 13:12 huats

Hi @huats, I have confirmed the issue and I am issuing a fix for it. Thank you for reporting this to us!

giorod3 avatar Jan 12 '23 13:01 giorod3

Hi @huats this has been fixed and deployed as part of trivy v0.37.0

giorod3 avatar Feb 01 '23 16:02 giorod3