pgbouncer_exporter
pgbouncer_exporter copied to clipboard
Published
20 hours ago •
prometheus-community
prometheus-community
Fix Docker image vulnerabilities
The security team blocked us from implementing this exporter due of the following vulnerabilities:
❯ docker scout cves quay.io/prometheuscommunity/pgbouncer-exporter:v0.8.0
i New version 1.11.0 available (installed version is 1.6.3) at https://github.com/docker/scout-cli
✓ Pulled
✓ Image stored for indexing
✓ Indexed 27 packages
✗ Detected 2 vulnerable packages with a total of 5 vulnerabilities
## Overview
│ Analyzed Image
────────────────────┼──────────────────────────────────────────────────────────
Target │ quay.io/prometheuscommunity/pgbouncer-exporter:v0.8.0
digest │ ca78408f49b6
platform │ linux/arm64/v8
vulnerabilities │ 1C 1H 2M 0L 2?
size │ 9.2 MB
packages │ 27
## Packages and Vulnerabilities
1C 1H 1M 0L 2? stdlib 1.22.1
pkg:golang/[email protected]
✗ CRITICAL CVE-2024-24790
https://scout.docker.com/v/CVE-2024-24790
Affected range : >=1.22.0-0
: <1.22.4
Fixed version : 1.22.4
✗ HIGH CVE-2024-24791
https://scout.docker.com/v/CVE-2024-24791
Affected range : >=1.22.0-0
: <1.22.5
Fixed version : 1.22.5
✗ MEDIUM CVE-2024-24789
https://scout.docker.com/v/CVE-2024-24789
Affected range : >=1.22.0-0
: <1.22.4
Fixed version : 1.22.4
✗ UNSPECIFIED CVE-2024-24788
https://scout.docker.com/v/CVE-2024-24788
Affected range : >=1.22.0-0
: <1.22.3
Fixed version : 1.22.3
✗ UNSPECIFIED CVE-2023-45288
https://scout.docker.com/v/CVE-2023-45288
Affected range : >=1.22.0-0
: <1.22.2
Fixed version : 1.22.2
0C 0H 1M 0L golang.org/x/net 0.22.0
pkg:golang/golang.org/x/[email protected]
✗ MEDIUM CVE-2023-45288 [Uncontrolled Resource Consumption]
https://scout.docker.com/v/CVE-2023-45288
Affected range : <0.23.0
Fixed version : 0.23.0
CVSS Score : 5.3
CVSS Vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
6 vulnerabilities found in 2 packages
UNSPECIFIED 2
LOW 0
MEDIUM 2
HIGH 1
CRITICAL 1
