[FOLIO-3401] jenkins-slave not affected by polkit (CVE-2021-4034) - FOLIO Issue Tracker

XML

Word

Printable

Details

Type: Bug
Status: Closed (View Workflow)
Priority: TBD
Resolution: Cannot Reproduce
Component/s: Continuous Integration
Labels:
- security

Template:

Standard Bug Write-Up Format
Sprint:
DevOps sprint 132
Development Team:
FOLIO DevOps
RCA Group:
TBD

Description

jenkins-slave = https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.focal-java-11

This is based on Ubuntu Focal that is vulnerable to Local Privilege Escalation in polkit's pkexec. Focal with a fix has been released: https://ubuntu.com/security/CVE-2021-4034

However, the container that FOLIO uses doesn't install the polkit package (policykit-1). a cd /; find -name 'pkexec' doesn't find the vulnerable binary.

Therefore jenkins-slave is not affected.

TestRail: Results

Attachments

Issue Links

relates to

FOLIO-3402 folioci/alpine-jre-openjdk11 not affected by polkit (CVE-2021-4034)

Closed

mentioned in: Page Loading...

Activity

People

Assignee:: David Crossley

Reporter:: Julian Ladisch

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 26/Jan/22 3:27 PM

Updated:: 27/Jan/22 4:31 PM

Resolved:: 26/Jan/22 4:00 PM

jenkins-slave not affected by polkit (CVE-2021-4034)