Accepted CVEs for Sourcegraph 5.1.8

CVE IDAffected ImagesCVE SeverityCVSS Base ScoreSourcegraph AssessmentCVSS Environmental ScoreDetails

Known False Positives

Some scanners incorrectly identify false positives in our images:

Vulnerability IDAffected ImagesNote
CVE-2023-27561sourcegraph/cadvisorFalse positive - this is patched in github.com/opencontainers/runc/libcontainer@v1.1.5
CVE-2022-0543, CVE-2022-3734sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/serverFalse positive - these vulnerabilities are specific to Windows and Debian releases
CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-39201sourcegraph/grafana, sourcegraph/serverFalse positive - these vulnerabilities have been patched by Chainguard