public inbox for [email protected]  
help / color / mirror / Atom feed
From: Al Wilson <[email protected]>
To: [email protected]
Subject: Vulnerability remediation
Date: Wed, 3 Jan 2024 12:03:51 -0500
Message-ID: <CAH05kiyz7hnbVEEXHc3ow7288OCfK-7jAGQ1JPBnYWRftx9_JA@mail.gmail.com> (raw)

Does anyone have any insight on this?  Perhaps point to something I can
read?

   1. Vulnerability scanner indicates "Postgres default account:
   postgres/no password"
   2. Scanner  states Proof as "Successfully authenticated to the Postgres
   service with credentials uid [postgres] pw [realm]
   3. Application owner initially claimed that this was a false positive,
   but later claimed that it was resolved within the Docker instance
      1. Scanner still showed vulnerability.
   4. Found article that seemed to indicate that using the --env would
   address the postgres image vs. the Docker.
      1. https://squaredup.com/blog/running-postgres-in-docker/
      2. Scanner still shows vulnerability.
   5. PostGres version is 9.5, if that makes a difference.


view thread (2+ messages)  latest in thread

reply

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Reply to all the recipients using the --to and --cc options:
  reply via email

  To: [email protected]
  Cc: [email protected], [email protected]
  Subject: Re: Vulnerability remediation
  In-Reply-To: <CAH05kiyz7hnbVEEXHc3ow7288OCfK-7jAGQ1JPBnYWRftx9_JA@mail.gmail.com>

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox