| From: | Al Wilson <mawilson12(at)gmail(dot)com> |
|---|---|
| To: | pgsql-novice(at)lists(dot)postgresql(dot)org |
| Subject: | Vulnerability remediation |
| Date: | 2024-01-03 17:03:51 |
| Message-ID: | CAH05kiyz7hnbVEEXHc3ow7288OCfK-7jAGQ1JPBnYWRftx9_JA@mail.gmail.com |
| Views: | Raw Message | Whole Thread | Download mbox | Resend email |
| Thread: | |
| Lists: | pgsql-novice |
Does anyone have any insight on this? Perhaps point to something I can
read?
1. Vulnerability scanner indicates "Postgres default account:
postgres/no password"
2. Scanner states Proof as "Successfully authenticated to the Postgres
service with credentials uid [postgres] pw [realm]
3. Application owner initially claimed that this was a false positive,
but later claimed that it was resolved within the Docker instance
1. Scanner still showed vulnerability.
4. Found article that seemed to indicate that using the --env would
address the postgres image vs. the Docker.
1. https://squaredup.com/blog/running-postgres-in-docker/
2. Scanner still shows vulnerability.
5. PostGres version is 9.5, if that makes a difference.
| From | Date | Subject | |
|---|---|---|---|
| Next Message | Bzzzz | 2024-01-03 17:13:14 | Re: Vulnerability remediation |
| Previous Message | Ibrahim Shaame | 2023-11-26 18:18:42 | Re: reporting tree into separate columns |