[Issue]: Agent install being flagged for CVE-2023-49210 #350
Comments
|
Anyone? Please let me know if there is anything else that I can provide. |
marcelom2s
changed the title
|
Anyone? Please let me know if there is anything else that I can provide. |
|
Anyone? |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Hi,
My company is using Wiz to scan various virtual machine resources, and we are running some Windows build agents through Azure DevOps.
Agent version - 3.241.0
The agent and work directories for each agent service are being flagged by Wiz due to having older version of openssl
(1.0.2l)
See vulnerability reference here: [https://github.com/advisories/GHSA-75w2-qv55-x7fv] ([
"https://gist.github.com/mcoimbra/b05a55a5760172dccaa0a827647ad63e",
"https://github.com/ossf/malicious-packages/tree/main/malicious/npm",
"https://www.npmjs.com/package/openssl"])
A specific example of one of these flags:
Is there currently a PR in progress to address this, or otherwise an ETA for resolution? Any input would be appreciated.
Agent version: 3.241.0
Azure DevOps Server type: dev.azure.com
Operation system: Windows 11
Version control system: GitHub
Best Regards,
Marcelo Calado
The text was updated successfully, but these errors were encountered: