Uploaded image for project: 'Red Hat Decision Manager'
  1. Red Hat Decision Manager
  2. RHDM-1755

[CVE-2017-18640] RHPAM package a prometheus agent without CVE fixed

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 7.11.0.GA
    • 7.10.1.GA
    • Cloud
    • None
    • False
    • False
    • CR2
    • Undefined

      https://access.redhat.com/security/cve/cve-2017-18640

      This is related to the packaged version of prometheus javaagent which packages sknakeYaml 1.16.
      /opt/jboss/container/prometheus/jmx_prometheus_javaagent-0.3.1.redhat-00006.jar

      This jar does not contain the fix from https://access.redhat.com/errata/RHSA-2020:4807

      Image where this jar was detected is: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.10.1

      but probably this needs to be fixed at build artifact jmx_prometheus_javaagent-0.3.1.redhat-00006.jar, that needs to apply same patches as https://centos.pkgs.org/8/centos-appstream-x86_64/prometheus-jmx-exporter-0.12.0-6.el8.noarch.rpm.html

              rhn-support-fspolti Filippe Spolti
              afanjula@redhat.com Alberto Fanjul Alonso
              Jakub Schwan Jakub Schwan
              Jakub Schwan Jakub Schwan
              Votes:
              0 Vote for this issue
              Watchers:
              7 Start watching this issue

                Created:
                Updated:
                Resolved: