Replies: 1 comment 2 replies
-
|
Firstly, you should use the latest version of the container. Upgrading your container is the standard choice for updates. Secondly, libcurl is not used for any client operations from EJBCA so this is not a vulnerability that can be exploited.
|
Beta Was this translation helpful? Give feedback.
-
|
How can I upgrade the container or are you referring to use later versions of EJBCA CE 8 and create a new container on it. |
Beta Was this translation helpful? Give feedback.
-
|
In a container environment, the standard way to perform upgrades is to start a new container with the new version. Pointing to the same database, same keystores (if using externally generated ones). There is a link to this tutorial from: https://hub.docker.com/r/keyfactor/ejbca-ce |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
I have a docker environment on ubuntu 23.1 (mantic) with docker engine community version 25 running with Keyfactor EJBCA CE 8.0 container. My IS team ran a VA scan on it and found below vulnerabilities so can the expert guide me how to remove it and also by removing the vulnerability my container doesn't get effected/corrupted/destroyed.
182873 - libcurl 7.9.1 < 8.4.0 Cookie Injection
Path : /var/lib/docker/
overlay2/4635c3fab77bf5611e30679f90da639d3fb91abdcf04515e65463ed7b46af9e4/diff/usr/lib64/libcurl.so.4.5.0
Installed version : 7.61.1
Fixed version : 8.4.0
Path : /var/lib/docker/
overlay2/8a3f147a506475d7d47b2c80d286c1576782e136b7408187b62c7f217a7e3774/merged/usr/lib64/libcurl.so.4.5.0
Installed version : 7.61.1
Fixed version : 8.4.0
Beta Was this translation helpful? Give feedback.
All reactions