jmx_exporter icon indicating copy to clipboard operation
jmx_exporter copied to clipboard

Published 20 hours ago verified publisher icon prometheus

Multiple OS vulnerabilities found in jmx_expoter version 0.15.0

Open KunalAdu opened this issue 4 years ago • 4 comments
trafficstars

Hi Team ,

Below OS related CVEs are found in jmx_expoter version 0.15.0 , Can you please guide in which version it will be fixed :

  1. CVE-2018-12886
  2. CVE-2020-6096
  3. CVE-2019-17543
  4. CVE-2019-17498
  5. CVE-2019-13115

As these are quite old issues and are not fixed yet, Can you please give any update or time line.

Thanks & Regards, Kunal Advani

KunalAdu avatar Apr 30 '21 10:04 KunalAdu

Hi Kunal, I looked up a few of these, but I can't really see how they are related to the jmx_exporter. Are these vulnerabilities in the JAR file, or is it a JVM or a Docker image?

fstab avatar May 02 '21 20:05 fstab

Hi @fstab , we have used docker image . Please find below configuration : { "image": "bitnami/jmx-exporter", "imageTag":"0.15.0" }

KunalAdu avatar May 10 '21 10:05 KunalAdu

Looks like Bitnami pushed a new image with the 0.15.0 tag today. Could you check if the CVEs are still there? If so, I think this should more be an issue on github.com/bitnami/bitnami-docker-jmx-exporter if the CVEs come from the Docker image and not from the jmx_exporter itself.

fstab avatar May 16 '21 20:05 fstab

@fstab : Thank you so much I will check on it .

KunalAdu avatar May 17 '21 11:05 KunalAdu

Closing as no longer valid (old release.)

dhoard avatar Jun 30 '23 20:06 dhoard