docker
/
docs
mirror of https://github.com/docker/docs.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

chore(scout): Document CUPS CVEs in high-profile vuln policy 

Signed-off-by: felipecruz91 <felipecruz91@hotmail.es>
This commit is contained in:
felipecruz91 2024-09-27 11:16:29 +02:00
parent d508bb043b
commit 02e3b7bf19
No known key found for this signature in database
GPG Key ID: 2E32AACFC4A2D510
1 changed files with 5 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
content/manuals/scout/policy/_index.md
View File

@ -145,13 +145,17 @@ The list includes the following vulnerabilities:
- [CVE-2023-38545 (cURL SOCKS5 heap buffer overflow)](https://scout.docker.com/v/CVE-2023-38545)
- [CVE-2023-44487 (HTTP/2 Rapid Reset)](https://scout.docker.com/v/CVE-2023-44487)
- [CVE-2024-3094 (XZ backdoor)](https://scout.docker.com/v/CVE-2024-3094)
- [CVE-2024-47176 (OpenPrinting - cups-browsed)](https://scout.docker.com/v/CVE-2024-47176)
- [CVE-2024-47076 (OpenPrinting - libcupsfilters)](https://scout.docker.com/v/CVE-2024-47076)
- [CVE-2024-47175 (OpenPrinting- libppd)](https://scout.docker.com/v/CVE-2024-47175)
- [CVE-2024-47177 (OpenPrinting - cups-filters)](https://scout.docker.com/v/CVE-2024-47177)
You can configure the CVEs included in this list by creating a custom policy.
Custom configuration options include:
- **CVEs to avoid**: Specify the CVEs that you want to avoid in your artifacts.
Default: `CVE-2014-0160`, `CVE-2021-44228`, `CVE-2023-38545`, `CVE-2023-44487`, `CVE-2024-3094`
Default: `CVE-2014-0160`, `CVE-2021-44228`, `CVE-2023-38545`, `CVE-2023-44487`, `CVE-2024-3094`, `CVE-2024-47176`, `CVE-2024-47076`, `CVE-2024-47175`, `CVE-2024-47177`
- **CISA KEV**: Enable tracking of vulnerabilities from CISA's Known Exploited Vulnerabilities (KEV) catalog