[Question]: Agent install being flagged for CVE-2023-49210 #4889
Labels
Comments
|
Hi @marcelom2s, thank you for the feedback. Based on the path from the screenshot, the CVE is located in openssl which is a part of azure-arm-rest package . |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Describe your question
Hi,
My company is using Wiz to scan various virtual machine resources, and we are running some Windows build agents through Azure DevOps.
Agent version - 3.241.0
The agent and work directories for each agent service are being flagged by Wiz due to having older version of openssl
(1.0.2l)
See vulnerability reference here: [CVE-2023-49210] ([
"https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e",
"https://github.com/ossf/malicious-packages/tree/main/malicious/npm",
"https://www.npmjs.com/package/openssl"])
A specific example of one of these flags:
Is there currently a PR in progress to address this, or otherwise an ETA for resolution? Any input would be appreciated.
Thank you kindly,
Marcelo Calado
Versions
Agent version - 3.241.0
Environment type (Please select at least one enviroment where you face this issue)
Azure DevOps Server type
dev.azure.com (formerly visualstudio.com)
Operation system
Windows 11
Version controll system
GitHub
Azure DevOps Server Version (if applicable)
No response
The text was updated successfully, but these errors were encountered: