Report
Hi,
Using Grype I noticed the following CVE's, at least 2 critical.
grype ghcr.io/tomkerkhove/promitor-agent-resource-discovery:0.15
✔ Parsed image sha256:76ee0eac1d7e8b108ab4d62f7a2ea4be1d407966c962643b7021d9e7c5baa268
✔ Cataloged contents f8ba0b91cefbc9c017a243ba294d2f84fa39330c7fce00d31c80223e3f7e9054
├── ✔ Packages [273 packages]
├── ✔ Executables [620 executables]
├── ✔ File metadata [604 locations]
└── ✔ File digests [604 files]
✔ Scanned for vulnerabilities [29 vulnerability matches]
├── by severity: 3 critical, 15 high, 11 medium, 0 low, 0 negligible
NAME INSTALLED FIXED IN TYPE VULNERABILITY SEVERITY EPSS RISK
glibc 2.35 0:2.35-5.cm2 rpm CVE-2023-4911 High 74.2% (98th) 78.8 KEV
openssl 1.1.1k 0:1.1.1k-21.cm2 rpm CVE-2023-0286 High 89.0% (99th) 66.7
openssl 1.1.1k 0:1.1.1k-25.cm2 rpm CVE-2023-2650 Medium 92.0% (99th) 46.0
openssl 1.1.1k 0:1.1.1k-15.cm2 rpm CVE-2022-1292 High 47.8% (97th) 35.8
openssl 1.1.1k 0:1.1.1k-17.cm2 rpm CVE-2022-2068 High 25.2% (95th) 18.9
openssl 1.1.1k 0:1.1.1k-12.cm2 rpm CVE-2022-0778 High 9.1% (92nd) 6.8
openssl 1.1.1k 0:1.1.1k-11.cm2 rpm CVE-2021-3711 Critical 2.7% (85th) 2.5
glibc 2.35 0:2.35-6.cm2 rpm CVE-2023-4806 Medium 1.9% (82nd) 0.9
openssl 1.1.1k 0:1.1.1k-28.cm2 rpm CVE-2023-3446 Medium 0.9% (75th) 0.5
glibc 2.35 0:2.35-1.cm2 rpm CVE-2022-23218 Critical 0.5% (66th) 0.5
glibc 2.35 0:2.35-7.cm2 rpm CVE-2024-33599 High 0.6% (67th) 0.4
glibc 2.35 0:2.35-1.cm2 rpm CVE-2022-23219 Critical 0.4% (60th) 0.4
openssl 1.1.1k 0:1.1.1k-11.cm2 rpm CVE-2021-3712 High 0.5% (64th) 0.4
glibc 2.35 0:2.35-1.cm2 rpm CVE-2021-43396 High 0.5% (64th) 0.4
openssl 1.1.1k 0:1.1.1k-23.cm2 rpm CVE-2023-0466 Medium 0.7% (70th) 0.3
glibc 2.35 0:2.35-7.cm2 rpm CVE-2024-33602 High 0.3% (52nd) 0.2
openssl 1.1.1k 0:1.1.1k-20.cm2 rpm CVE-2022-2097 Medium 0.4% (60th) 0.2
openssl 1.1.1k 0:1.1.1k-23.cm2 rpm CVE-2023-0465 Medium 0.4% (59th) 0.2
openssl 1.1.1k 0:1.1.1k-31.cm2 rpm CVE-2024-4741 High 0.2% (46th) 0.2
openssl 1.1.1k 0:1.1.1k-26.cm2 rpm CVE-2023-3817 Medium 0.3% (54th) 0.2
glibc 2.35 0:2.35-7.cm2 rpm CVE-2023-4813 Medium 0.3% (53rd) 0.2
openssl 1.1.1k 0:1.1.1k-13.cm2 rpm CVE-2021-4160 Medium 0.3% (52nd) 0.1
glibc 2.35 0:2.35-7.cm2 rpm CVE-2024-33600 Medium 0.2% (42nd) 0.1
glibc 2.35 0:2.35-7.cm2 rpm CVE-2021-3998 High 0.1% (30th) < 0.1
glibc 2.35 0:2.35-1.cm2 rpm CVE-2021-38604 High 0.1% (28th) < 0.1
glibc 2.35 0:2.35-7.cm2 rpm CVE-2024-33601 High < 0.1% (26th) < 0.1
openssl 1.1.1k 0:1.1.1k-36.cm2 rpm CVE-2024-13176 Medium 0.1% (30th) < 0.1
glibc 2.35 0:2.35-6.cm2 rpm CVE-2023-5156 High < 0.1% (18th) < 0.1
icu 68.2.0.9 0:68.2.0.9-2.cm2 rpm CVE-2025-5222 High < 0.1% (6th) < 0.1
This probably also is true for the scraper.
Best regards
Vulnerability Information
CVE-2022-23219 CVE-2023-4911
Affected Component(s)
Scraper, Resource Discovery
Affected Version(s)
0.15
Vulnerability Migitation
No response
Vulnerability Fix
No response
Contact Details
No response
Report
Hi,
Using Grype I noticed the following CVE's, at least 2 critical.
This probably also is true for the scraper.
Best regards
Vulnerability Information
CVE-2022-23219 CVE-2023-4911
Affected Component(s)
Scraper, Resource Discovery
Affected Version(s)
0.15
Vulnerability Migitation
No response
Vulnerability Fix
No response
Contact Details
No response