You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Hi @marcelom2s, thank you for the feedback. Based on the path from the screenshot, the CVE is located in openssl which is a part of azure-arm-rest package .
I'm closing the issue as not relevant to the agent.
Could you please re-open your ticket in azure-pipelines-tasks-common-packages repository?
Describe your question
Hi,
My company is using Wiz to scan various virtual machine resources, and we are running some Windows build agents through Azure DevOps.
Agent version - 3.241.0
The agent and work directories for each agent service are being flagged by Wiz due to having older version of openssl
(1.0.2l)
See vulnerability reference here: [CVE-2023-49210] ([
"https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e",
"https://github.com/ossf/malicious-packages/tree/main/malicious/npm",
"https://www.npmjs.com/package/openssl"])
A specific example of one of these flags:
Is there currently a PR in progress to address this, or otherwise an ETA for resolution? Any input would be appreciated.
Thank you kindly,
Marcelo Calado
Versions
Agent version - 3.241.0
Environment type (Please select at least one enviroment where you face this issue)
Azure DevOps Server type
dev.azure.com (formerly visualstudio.com)
Operation system
Windows 11
Version controll system
GitHub
Azure DevOps Server Version (if applicable)
No response
The text was updated successfully, but these errors were encountered: