Skip to main content
July 19, 2024
Question

vulnerabilities with tag 2.9.5 image:

  • July 19, 2024
  • 4 replies
  • 93 views

We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

What is the solution? Do w ehave a clean image from 1Password?

Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791

Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

4 replies

radewAuthor
July 18, 2024

We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

What is the solution? Do w ehave a clean image from 1Password?

Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791

Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

radewAuthor
July 18, 2024

We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

What is the solution? Do we have a clean image from 1Password?

Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791

Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

radewAuthor
July 19, 2024

We are seeing many vulnerabilities with tag 2.9.5 image: We scanned with Docker and Wiz and both show multiple.

What is the solution? Do w ehave a clean image from 1Password?

Docker Scan
1 Critical - CVE-2024-24790
1 High - CVE 2024-24791

Wiz Scan
1 HIGH CVE-2024-22189,Source: https://github.com/advisories/GHSA-c33x-xqrf-c478


1Password Version: Not Provided
Extension Version: Not Provided
OS Version: Not Provided
Browser: Not Provided

Kevin_1P
1Password Employee
July 22, 2024

Hey @radew,

Thank you for bringing this to our attention.

We have reviewed the vulnerabilities you've reported for the 2.9.5 image tag, and after a thorough investigation, we have determined that at this time there is no evidence we are impacted, nor that they are exploitable in our product. We understand the importance of maintaining a secure environment and take such reports seriously.

Please feel free to reach out if you have any further questions or need additional assistance.