beats
beats copied to clipboard
elastic
Vulnerability found in filebeat-oss:8.13.2
On scanning the filebeat-oss:8.13.2 docker image, found the below vulnerability in it.
| Type | Severity | CVE | Package Name | Package Version | Fix Status | Description |
|---|---|---|---|---|---|---|
| Compliance | Moderate | CVE-2024-24557 | github.com/docker/docker | v24.0.7 | fixed in: 25.0.2, 24.0.9 | Full description: moby: classic builder cache poisoning |
| Package | Medium | CVE-2024-28834 | gnutls28 | 3.6.13-2ubuntu1.10 | fixed in: 3.6.13-2ubuntu1.11 | A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel. |
| Package | Medium | CVE-2024-28085 | util-linux | 2.34-0.1ubuntu9.4 | fixed in: 2.34-0.1ubuntu9.5 | wall in util-linux through 2.40, often installed with setgid tty permissions, allows escape sequences to be sent to other users' terminals through argv. (Specifically, escape sequences received from stdin are blocked, but escape sequences received from argv are not blocked.) There may be plausible scenarios where this leads to account takeover. |
![botelastic[bot] avatar](https://avatars.githubusercontent.com/u/6764390?v=4 "Published by a pub.dev verified publisher"){kind=small}