docker icon indicating copy to clipboard operation
docker copied to clipboard

Published 20 hours ago verified publisher icon matomo-org

GNU Bash Privilege Escalation Vulnerability for Debian

Open scottmur opened this issue 3 years ago • 1 comments

Scanning the matomo:latest container with azure security detects 'GNU Bash Privilege Escalation Vulnerability for Debian' CVE-2019-18276

image

GNU Bash. Bash is the GNU Project's shell. An attacker with command execution in the shell can use "enable -f" for runtime loading of a new builtin, which can be a shared object that calls setuid() and therefore regains privileges.

QID Detection Logic (Authenticated) This checks for vulnerable version of Bash shell in Debian 9 and 10.

Can Matomo be rebuilt to patch this security CVE

scottmur avatar Feb 24 '21 00:02 scottmur

This is not even fixed by Debian itself: https://security-tracker.debian.org/tracker/CVE-2019-18276

J0WI avatar Mar 24 '21 22:03 J0WI

https://github.com/docker-library/faq#why-does-my-security-scanner-show-that-an-image-has-cves

J0WI avatar Nov 26 '22 15:11 J0WI