Uploaded image for project: 'MongoDB Database Tools'
  1. MongoDB Database Tools
  2. TOOLS-3554

Security Vulnerability in mongodb db tools packages

    • Type: Icon: Bug Bug
    • Resolution: Done
    • Priority: Icon: Major - P3 Major - P3
    • 100.9.5
    • Affects Version/s: None
    • Component/s: All Tools
    • None
    • TAR 2024-05-27
    • 2
    • Tools and Replicator
    • 0.5
    • Not Needed

      Problem Statement/Rationale

      We have run trivy security vulnerability scan and want to remediate the vulnerabilities detected.

      We want to use the bitnami distribution of mongo ultimately but the bitnami automated pipelines would not detect the upstream release until it is remediated and released from the mongo db tools team.

      Please help to remediate the vulnerabilities upgrading to the fixed versions and release.

       

      Attached are the trivy scan reports for mongo and bitnami/mongo

      Steps to Reproduce

      command to run trivy scan:

      trivy image --format template --template "@contrib/html.tpl" -o mongo_report.html mongo --ignore-unfixed

      Expected Results

      No vulnerabilites should be detected 

      Actual Results

      Vulnerabilities are detected

      Additional Notes

      Any additional information that may be useful to include.

        1. bitnami_ mongodb_report.html
          388 kB
        2. mongo_report.html
          204 kB

            Assignee:
            dave.rolsky@mongodb.com Dave Rolsky
            Reporter:
            kaushal.anurag0@gmail.com Anurag Kaushal
            Craven Huynh (Inactive), Huan Li (Inactive)
            Votes:
            0 Vote for this issue
            Watchers:
            3 Start watching this issue

              Created:
              Updated:
              Resolved: