torrust-tracker
torrust-tracker copied to clipboard
Published
20 hours ago •
torrust
torrust
Docker Security Overhaul: Set Up Security Scanning Workflow
Periodically scan Docker images for vulnerabilities and misconfiguration.
Add a new scheduled workflow.
You can run a manual check following these steps:
- Install Trivy
wget https://github.com/aquasecurity/trivy/releases/download/v0.17.2/trivy_0.17.2_Linux-64bit.deb
sudo dpkg -i trivy_0.17.2_Linux-64bit.deb
-
Build the docker image
-
Run trivy with the local image
trivy image torrust-tracker:local
The current output.
trivy image torrust-tracker:local
2025-04-14T17:18:25.176+0100 INFO Detecting Debian vulnerabilities...
2025-04-14T17:18:25.177+0100 INFO Trivy skips scanning programming language libraries because no supported file was detected
torrust-tracker:local (debian 12.10)
====================================
Total: 21 (UNKNOWN: 4, LOW: 0, MEDIUM: 12, HIGH: 4, CRITICAL: 1)
+-------------+------------------+----------+-------------------+---------------+-----------------------------------------+
| LIBRARY | VULNERABILITY ID | SEVERITY | INSTALLED VERSION | FIXED VERSION | TITLE |
+-------------+------------------+----------+-------------------+---------------+-----------------------------------------+
| gcc-12-base | CVE-2022-27943 | MEDIUM | 12.2.0-14 | | binutils: libiberty/rust-demangle.c |
| | | | | | in GNU GCC 11.2 allows stack |
| | | | | | exhaustion in demangle_const |
| | | | | | -->avd.aquasec.com/nvd/cve-2022-27943 |
+-------------+------------------+----------+-------------------+---------------+-----------------------------------------+
| libc6 | CVE-2019-1010022 | CRITICAL | 2.36-9+deb12u10 | | glibc: stack guard protection bypass |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010022 |
+ +------------------+----------+ +---------------+-----------------------------------------+
| | CVE-2018-20796 | HIGH | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2018-20796 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2019-1010023 | | | | glibc: running ldd on malicious ELF |
| | | | | | leads to code execution because of... |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010023 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2019-9192 | | | | glibc: uncontrolled recursion in |
| | | | | | function check_dst_limits_calc_pos_1 |
| | | | | | in posix/regexec.c |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-9192 |
+ +------------------+----------+ +---------------+-----------------------------------------+
| | CVE-2010-4756 | MEDIUM | | | glibc: glob implementation |
| | | | | | can cause excessive CPU and |
| | | | | | memory consumption due to... |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-4756 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2019-1010024 | | | | glibc: ASLR bypass using |
| | | | | | cache of thread stack and heap |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010024 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2019-1010025 | | | | glibc: information disclosure of heap |
| | | | | | addresses of pthread_created thread |
| | | | | | -->avd.aquasec.com/nvd/cve-2019-1010025 |
+-------------+------------------+ +-------------------+---------------+-----------------------------------------+
| libgcc-s1 | CVE-2022-27943 | | 12.2.0-14 | | binutils: libiberty/rust-demangle.c |
| | | | | | in GNU GCC 11.2 allows stack |
| | | | | | exhaustion in demangle_const |
| | | | | | -->avd.aquasec.com/nvd/cve-2022-27943 |
+-------------+ + + +---------------+ +
| libgomp1 | | | | | |
| | | | | | |
| | | | | | |
| | | | | | |
+-------------+------------------+----------+-------------------+---------------+-----------------------------------------+
| libssl3 | CVE-2023-0286 | HIGH | 3.0.15-1~deb12u1 | | X.400 address type confusion |
| | | | | | in X.509 GeneralName |
| | | | | | -->avd.aquasec.com/nvd/cve-2023-0286 |
+ +------------------+----------+ +---------------+-----------------------------------------+
| | CVE-2007-6755 | MEDIUM | | | Dual_EC_DRBG: weak pseudo |
| | | | | | random number generator |
| | | | | | -->avd.aquasec.com/nvd/cve-2007-6755 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2010-0928 | | | | openssl: RSA authentication weakness |
| | | | | | -->avd.aquasec.com/nvd/cve-2010-0928 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2022-4304 | | | | Timing Oracle in RSA Decryption |
| | | | | | -->avd.aquasec.com/nvd/cve-2022-4304 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2022-4450 | | | | Double free after |
| | | | | | calling PEM_read_bio_ex |
| | | | | | -->avd.aquasec.com/nvd/cve-2022-4450 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2023-0215 | | | | Use-after-free |
| | | | | | following BIO_new_NDEF |
| | | | | | -->avd.aquasec.com/nvd/cve-2023-0215 |
+ +------------------+----------+ +---------------+-----------------------------------------+
| | CVE-2022-4203 | UNKNOWN | | | -->avd.aquasec.com/nvd/cve-2022-4203 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2023-0216 | | | | -->avd.aquasec.com/nvd/cve-2023-0216 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2023-0217 | | | | -->avd.aquasec.com/nvd/cve-2023-0217 |
+ +------------------+ + +---------------+-----------------------------------------+
| | CVE-2023-0401 | | | | -->avd.aquasec.com/nvd/cve-2023-0401 |
+-------------+------------------+----------+-------------------+---------------+-----------------------------------------+
| libstdc++6 | CVE-2022-27943 | MEDIUM | 12.2.0-14 | | binutils: libiberty/rust-demangle.c |
| | | | | | in GNU GCC 11.2 allows stack |
| | | | | | exhaustion in demangle_const |
| | | | | | -->avd.aquasec.com/nvd/cve-2022-27943 |
+-------------+------------------+----------+-------------------+---------------+-----------------------------------------+
