Thread: Vulnerability remediation
Does anyone have any insight on this? Perhaps point to something I can read?
- Vulnerability scanner indicates "Postgres default account: postgres/no password"
- Scanner states Proof as "Successfully authenticated to the Postgres service with credentials uid [postgres] pw [realm]
- Application owner initially claimed that this was a false positive, but later claimed that it was resolved within the Docker instance
- Scanner still showed vulnerability.
- Found article that seemed to indicate that using the --env would address the postgres image vs. the Docker.
- https://squaredup.com/blog/running-postgres-in-docker/
- Scanner still shows vulnerability.
- PostGres version is 9.5, if that makes a difference.
On Wed, 3 Jan 2024 12:03:51 -0500 Al Wilson <mawilson12@gmail.com> wrote: > 5. PostGres version is 9.5, if that makes a difference. Common, the stable version is… 15 and 9.5 is not maintained since a looong time! Jean-Yves