Thread
-
Vulnerability remediation
Al Wilson <mawilson12@gmail.com> — 2024-01-03T17:03:51Z
Does anyone have any insight on this? Perhaps point to something I can read? 1. Vulnerability scanner indicates "Postgres default account: postgres/no password" 2. Scanner states Proof as "Successfully authenticated to the Postgres service with credentials uid [postgres] pw [realm] 3. Application owner initially claimed that this was a false positive, but later claimed that it was resolved within the Docker instance 1. Scanner still showed vulnerability. 4. Found article that seemed to indicate that using the --env would address the postgres image vs. the Docker. 1. https://squaredup.com/blog/running-postgres-in-docker/ 2. Scanner still shows vulnerability. 5. PostGres version is 9.5, if that makes a difference. -
Re: Vulnerability remediation
Bzzzz <lazyvirus@gmx.com> — 2024-01-03T17:13:14Z
On Wed, 3 Jan 2024 12:03:51 -0500 Al Wilson <mawilson12@gmail.com> wrote: > 5. PostGres version is 9.5, if that makes a difference. Common, the stable version is… 15 and 9.5 is not maintained since a looong time! Jean-Yves