Uploaded image for project: 'FOLIO'
  1. FOLIO
  2. FOLIO-3401

jenkins-slave not affected by polkit (CVE-2021-4034)

    XMLWordPrintable

Details

    • Standard Bug Write-Up Format
    • DevOps sprint 132
    • FOLIO DevOps
    • TBD

    Description

      jenkins-slave = https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.focal-java-11

      This is based on Ubuntu Focal that is vulnerable to Local Privilege Escalation in polkit's pkexec. Focal with a fix has been released: https://ubuntu.com/security/CVE-2021-4034

      However, the container that FOLIO uses doesn't install the polkit package (policykit-1). a cd /; find -name 'pkexec' doesn't find the vulnerable binary.

      Therefore jenkins-slave is not affected.

      TestRail: Results

        Attachments

          Issue Links

            Activity

              People

                dcrossley David Crossley
                julianladisch Julian Ladisch
                Votes:
                0 Vote for this issue
                Watchers:
                1 Start watching this issue

                Dates

                  Created:
                  Updated:
                  Resolved:

                  TestRail: Runs

                    TestRail: Cases