Uploaded image for project: 'Red Hat Decision Manager'
  1. Red Hat Decision Manager
  2. RHDM-1755

[CVE-2017-18640] RHPAM package a prometheus agent without CVE fixed

    XMLWordPrintable

Details

    • Bug
    • Resolution: Done
    • Major
    • 7.11.0.GA
    • 7.10.1.GA
    • Cloud
    • None
    • False
    • False
    • CR2
    • Undefined

    Description

      https://access.redhat.com/security/cve/cve-2017-18640

      This is related to the packaged version of prometheus javaagent which packages sknakeYaml 1.16.
      /opt/jboss/container/prometheus/jmx_prometheus_javaagent-0.3.1.redhat-00006.jar

      This jar does not contain the fix from https://access.redhat.com/errata/RHSA-2020:4807

      Image where this jar was detected is: registry.redhat.io/rhdm-7/rhdm-decisioncentral-rhel8:7.10.1

      but probably this needs to be fixed at build artifact jmx_prometheus_javaagent-0.3.1.redhat-00006.jar, that needs to apply same patches as https://centos.pkgs.org/8/centos-appstream-x86_64/prometheus-jmx-exporter-0.12.0-6.el8.noarch.rpm.html

      Attachments

        Activity

          People

            rhn-support-fspolti Filippe Spolti
            afanjula@redhat.com Alberto Fanjul Alonso
            Jakub Schwan Jakub Schwan
            Jakub Schwan Jakub Schwan
            Votes:
            0 Vote for this issue
            Watchers:
            7 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: