Accepted CVEs for Sourcegraph 5.1.9

CVE IDAffected ImagesCVE SeverityCVSS Base ScoreSourcegraph AssessmentCVSS Environmental ScoreDetails
CVE-2022-48174sourcegraph/dindCritical9.8Low2.7The ash shell in sourcegraph/dind is not exposed to attackers and only reacheable through direct access to the infrastructure.

Known False Positives

Some scanners incorrectly identify false positives in our images:

Vulnerability IDAffected ImagesNote
CVE-2023-27561sourcegraph/cadvisorFalse positive - this is patched in github.com/opencontainers/runc/libcontainer@v1.1.5
CVE-2022-0543, CVE-2022-3734sourcegraph/redis-cache, sourcegraph/redis-store, sourcegraph/serverFalse positive - these vulnerabilities are specific to Windows and Debian releases
CVE-2022-31107, CVE-2022-31123, CVE-2022-31130, CVE-2022-39201sourcegraph/grafana, sourcegraph/serverFalse positive - these vulnerabilities have been patched by Chainguard