public inbox for [email protected]  
help / color / mirror / Atom feed
Vulnerability remediation
2+ messages / 2 participants
[nested] [flat]

* Vulnerability remediation
@ 2024-01-03 17:03  Al Wilson <[email protected]>
  0 siblings, 1 reply; 2+ messages in thread

From: Al Wilson @ 2024-01-03 17:03 UTC (permalink / raw)
  To: [email protected]

Does anyone have any insight on this?  Perhaps point to something I can
read?

   1. Vulnerability scanner indicates "Postgres default account:
   postgres/no password"
   2. Scanner  states Proof as "Successfully authenticated to the Postgres
   service with credentials uid [postgres] pw [realm]
   3. Application owner initially claimed that this was a false positive,
   but later claimed that it was resolved within the Docker instance
      1. Scanner still showed vulnerability.
   4. Found article that seemed to indicate that using the --env would
   address the postgres image vs. the Docker.
      1. https://squaredup.com/blog/running-postgres-in-docker/
      2. Scanner still shows vulnerability.
   5. PostGres version is 9.5, if that makes a difference.


^ permalink  raw  reply  [nested|flat] 2+ messages in thread

* Re: Vulnerability remediation
@ 2024-01-03 17:13  Bzzzz <[email protected]>
  parent: Al Wilson <[email protected]>
  0 siblings, 0 replies; 2+ messages in thread

From: Bzzzz @ 2024-01-03 17:13 UTC (permalink / raw)
  To: [email protected]

On Wed, 3 Jan 2024 12:03:51 -0500
Al Wilson <[email protected]> wrote:


>    5. PostGres version is 9.5, if that makes a difference.

Common, the stable version is… 15 and 9.5 is not maintained since a
looong time!

Jean-Yves






^ permalink  raw  reply  [nested|flat] 2+ messages in thread


end of thread, other threads:[~2024-01-03 17:13 UTC | newest]

Thread overview: 2+ messages (download: mbox mbox.gz follow: Atom feed)
-- links below jump to the message on this page --
2024-01-03 17:03 Vulnerability remediation Al Wilson <[email protected]>
2024-01-03 17:13 ` Bzzzz <[email protected]>

This inbox is served by agora; see mirroring instructions
for how to clone and mirror all data and code used for this inbox