Details
-
Bug
-
Status: Closed (View Workflow)
-
P2
-
Resolution: Done
-
DevOps: Sprint 104
-
FOLIO DevOps
Description
Overview:
FOLIO is vulnerable to man-in-the-middle attacks because some software is installed using wget --no-check-certificate. This allows attackers to install malware.
Fix:
Don't use --no-check-certificate command line option when running wget.
Install the ca-certificates package that wget needs for the checks:
apt-get install wget automatically installs the ca-certificates package because wget recommends ca-certificates.
apt-get install --no-install-recommends wget doesn't install ca-certificates and should be amended to apt-get install --no-install-recommends ca-certificates wget.
Affected code
= vulnerable, 
= fixed
https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.agent-focal-java-11
https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.focal-java-11
https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.xenial-java-8
https://github.com/folio-org/stripes-testing/blob/master/Dockerfile
https://github.com/folio-org/ui-testing/blob/master/Dockerfile (fixed because repository has been archived and is no longer in use)
https://github.com/folio-org/docs/blob/master/content/en/docs/Getting%20started/Installation/singleservernocontainers.md
TestRail: Results
Attachments
Issue Links
- relates to
-
FOLIO-2926 Deprecate JDK 8 jenkins-slave-all image
-
- In Code Review
-