Thread

  1. Vulnerability remediation

    Al Wilson <mawilson12@gmail.com> — 2024-01-03T17:03:51Z

    Does anyone have any insight on this?  Perhaps point to something I can
    read?
    
       1. Vulnerability scanner indicates "Postgres default account:
       postgres/no password"
       2. Scanner  states Proof as "Successfully authenticated to the Postgres
       service with credentials uid [postgres] pw [realm]
       3. Application owner initially claimed that this was a false positive,
       but later claimed that it was resolved within the Docker instance
          1. Scanner still showed vulnerability.
       4. Found article that seemed to indicate that using the --env would
       address the postgres image vs. the Docker.
          1. https://squaredup.com/blog/running-postgres-in-docker/
          2. Scanner still shows vulnerability.
       5. PostGres version is 9.5, if that makes a difference.
    
  2. Re: Vulnerability remediation

    Bzzzz <lazyvirus@gmx.com> — 2024-01-03T17:13:14Z

    On Wed, 3 Jan 2024 12:03:51 -0500
    Al Wilson <mawilson12@gmail.com> wrote:
    
    
    >    5. PostGres version is 9.5, if that makes a difference.
    
    Common, the stable version is… 15 and 9.5 is not maintained since a
    looong time!
    
    Jean-Yves