Identified 25 vulnerabilities in datadog agent 7.47.0

[sheffrong123]

We are currently using Datadog Agent version 7.47.0, and we've identified 25 vulnerabilities in our environment using "docker scout cves" for scanning. Could you please assist us in addressing and remediating these vulnerabilities?

Thank you for your help.

% docker scout cves test
INFO New version 0.24.0 available (installed version is 0.16.1)
✓ SBOM of image already cached, 894 packages indexed
✗ Detected 18 vulnerable packages with a total of 25 vulnerabilities

0C 0H 2M 0L 1? in-toto 1.0.1
pkg:pypi/in-toto@1.0.1

✗ MEDIUM CVE-2023-32076 [External Control of System or Configuration Setting]
  https://scout.docker.com/v/CVE-2023-32076
  Affected range : <=1.4.0                                       
  Fixed version  : 2.0.0                                         
  CVSS Score     : 5.5                                           
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N  

✗ MEDIUM GHSA-jjgp-whrp-gq8m [Improper Certificate Validation]
  https://scout.docker.com/v/GHSA-jjgp-whrp-gq8m
  Affected range : <=1.4.0    
  Fixed version  : not fixed  

✗ UNSPECIFIED GMS-2023-1442 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
  https://scout.docker.com/v/GMS-2023-1442
  Affected range : <=1.4.0    
  Fixed version  : not fixed  

0C 0H 1M 1L aws-sdk-go 1.44.171
pkg:golang/github.com/aws/aws-sdk-go@1.44.171

✗ MEDIUM CVE-2020-8911
  https://scout.docker.com/v/CVE-2020-8911
  Affected range : >=0        
  Fixed version  : not fixed  

✗ LOW CVE-2020-8912
  https://scout.docker.com/v/CVE-2020-8912
  Affected range : >=0        
  Fixed version  : not fixed  

0C 0H 1M 1L krb5 1.19.2-2ubuntu0.2
pkg:deb/ubuntu/krb5@1.19.2-2ubuntu0.2?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ MEDIUM CVE-2023-36054
  https://scout.docker.com/v/CVE-2023-36054
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 6.5                                           
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H  

✗ LOW CVE-2018-5709
  https://scout.docker.com/v/CVE-2018-5709
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 7.5                                           
  CVSS Vector    : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N  

0C 0H 1M 0L procps 2:3.3.17-6ubuntu2
pkg:deb/ubuntu/procps@2:3.3.17-6ubuntu2?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ MEDIUM CVE-2023-4016
  https://scout.docker.com/v/CVE-2023-4016
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 5.5                                           
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H  

0C 0H 1M 0L net 0.11.0
pkg:golang/golang.org/x/net@0.11.0

✗ MEDIUM CVE-2023-3978
  https://scout.docker.com/v/CVE-2023-3978
  Affected range : <0.13.0  
  Fixed version  : 0.13.0   

0C 0H 1M 0L redis 4.6.0
pkg:pypi/redis@4.6.0

✗ MEDIUM CVE-2023-28859
  https://scout.docker.com/v/CVE-2023-28859
  Affected range : <5.0.0b1  
  Fixed version  : 5.0.0b1   

0C 0H 1M 0L rekor 1.1.1
pkg:golang/github.com/sigstore/rekor@1.1.1

✗ MEDIUM CVE-2023-33199 [Reachable Assertion]
  https://scout.docker.com/v/CVE-2023-33199
  Affected range : <1.2.0                                        
  Fixed version  : 1.2.0                                         
  CVSS Score     : 5.3                                           
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L  

0C 0H 1M 0L stdlib 1.20.6
pkg:golang/stdlib@1.20.6

✗ MEDIUM CVE-2023-29409
  https://scout.docker.com/v/CVE-2023-29409
  Affected range : >=1.20.0-0  
                 : <1.20.7     
  Fixed version  : 1.20.7      

0C 0H 1M 0L perl 5.34.0-3ubuntu1.2
pkg:deb/ubuntu/perl@5.34.0-3ubuntu1.2?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ MEDIUM CVE-2022-48522
  https://scout.docker.com/v/CVE-2022-48522
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 9.8                                           
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H  

0C 0H 0M 2L 2? cryptography 39.0.1
pkg:pypi/cryptography@39.0.1

✗ LOW GHSA-jm77-qphf-c4w8
  https://scout.docker.com/v/GHSA-jm77-qphf-c4w8
  Affected range : >=0.8    
                 : <41.0.3  
  Fixed version  : 41.0.3   

✗ LOW GHSA-5cpq-8wj7-hf2v
  https://scout.docker.com/v/GHSA-5cpq-8wj7-hf2v
  Affected range : >=0.5     
                 : <=40.0.2  
  Fixed version  : 41.0.0    

✗ UNSPECIFIED GMS-2023-1898 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
  https://scout.docker.com/v/GMS-2023-1898
  Affected range : >=0.8    
                 : <41.0.3  
  Fixed version  : 41.0.3   

✗ UNSPECIFIED GMS-2023-1778 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
  https://scout.docker.com/v/GMS-2023-1778
  Affected range : >=0.5     
                 : <=40.0.2  
  Fixed version  : 41.0.0    

0C 0H 0M 1L bash 5.1-6ubuntu1
pkg:deb/ubuntu/bash@5.1-6ubuntu1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2022-3715
  https://scout.docker.com/v/CVE-2022-3715
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 7.8                                           
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H  

0C 0H 0M 1L openssl 3.0.2-0ubuntu1.10
pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.10?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2023-2975
  https://scout.docker.com/v/CVE-2023-2975
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 5.3                                           
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N  

0C 0H 0M 1L gnupg2 2.2.27-3ubuntu2.1
pkg:deb/ubuntu/gnupg2@2.2.27-3ubuntu2.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2022-3219
  https://scout.docker.com/v/CVE-2022-3219
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 3.3                                           
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L  

0C 0H 0M 1L coreutils 8.32-4.1ubuntu1
pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2016-2781
  https://scout.docker.com/v/CVE-2016-2781
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 6.5                                           
  CVSS Vector    : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N  

0C 0H 0M 1L pcre3 2:8.39-13ubuntu0.22.04.1
pkg:deb/ubuntu/pcre3@2:8.39-13ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2017-11164
  https://scout.docker.com/v/CVE-2017-11164
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 7.5                                           
  CVSS Vector    : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  

0C 0H 0M 1L shadow 1:4.8.1-2ubuntu2.1
pkg:deb/ubuntu/shadow@1:4.8.1-2ubuntu2.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2023-29383
  https://scout.docker.com/v/CVE-2023-29383
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 3.3                                           
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N  

0C 0H 0M 1L libzstd 1.4.8+dfsg-3build1
pkg:deb/ubuntu/libzstd@1.4.8+dfsg-3build1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2022-4899
  https://scout.docker.com/v/CVE-2022-4899
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 7.5                                           
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  

0C 0H 0M 1L glibc 2.35-0ubuntu3.1
pkg:deb/ubuntu/glibc@2.35-0ubuntu3.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2016-20013
  https://scout.docker.com/v/CVE-2016-20013
  Affected range : >=0                                           
  Fixed version  : not fixed                                     
  CVSS Score     : 7.5                                           
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H  

25 vulnerabilities found in 18 packages
UNSPECIFIED 3
LOW 12
MEDIUM 10
HIGH 0
CRITICAL 0

[L3n41c]

Hello @sheffrong123 !

Thank you very much for your detailed report.
Here is the analysis of the vulnerabilities you reported:

0C 0H 2M 0L 1? in-toto 1.0.1
pkg:pypi/in-toto@1.0.1

✗ MEDIUM CVE-2023-32076 [External Control of System or Configuration Setting]
  https://scout.docker.com/v/CVE-2023-32076
  Affected range : <=1.4.0
  Fixed version  : 2.0.0
  CVSS Score     : 5.5
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

✗ MEDIUM GHSA-jjgp-whrp-gq8m [Improper Certificate Validation]
  https://scout.docker.com/v/GHSA-jjgp-whrp-gq8m
  Affected range : <=1.4.0
  Fixed version  : not fixed

✗ UNSPECIFIED GMS-2023-1442 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
  https://scout.docker.com/v/GMS-2023-1442
  Affected range : <=1.4.0
  Fixed version  : not fixed

Fixed by DataDog/integrations-core#15667.

0C 0H 1M 1L aws-sdk-go 1.44.171
pkg:golang/github.com/aws/aws-sdk-go@1.44.171

✗ MEDIUM CVE-2020-8911
  https://scout.docker.com/v/CVE-2020-8911
  Affected range : >=0
  Fixed version  : not fixed

✗ LOW CVE-2020-8912
  https://scout.docker.com/v/CVE-2020-8912
  Affected range : >=0
  Fixed version  : not fixed

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 1M 1L krb5 1.19.2-2ubuntu0.2
pkg:deb/ubuntu/krb5@1.19.2-2ubuntu0.2?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ MEDIUM CVE-2023-36054
  https://scout.docker.com/v/CVE-2023-36054
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 6.5
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

✗ LOW CVE-2018-5709
  https://scout.docker.com/v/CVE-2018-5709
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 7.5
  CVSS Vector    : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 1M 0L procps 2:3.3.17-6ubuntu2
pkg:deb/ubuntu/procps@2:3.3.17-6ubuntu2?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ MEDIUM CVE-2023-4016
  https://scout.docker.com/v/CVE-2023-4016
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 5.5
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 1M 0L net 0.11.0
pkg:golang/golang.org/x/net@0.11.0

✗ MEDIUM CVE-2023-3978
  https://scout.docker.com/v/CVE-2023-3978
  Affected range : <0.13.0
  Fixed version  : 0.13.0

Fixed by #18659.

0C 0H 1M 0L redis 4.6.0
pkg:pypi/redis@4.6.0

✗ MEDIUM CVE-2023-28859
  https://scout.docker.com/v/CVE-2023-28859
  Affected range : <5.0.0b1
  Fixed version  : 5.0.0b1

Fixed by DataDog/integrations-core#15585.

0C 0H 1M 0L rekor 1.1.1
pkg:golang/github.com/sigstore/rekor@1.1.1

✗ MEDIUM CVE-2023-33199 [Reachable Assertion]
  https://scout.docker.com/v/CVE-2023-33199
  Affected range : <1.2.0
  Fixed version  : 1.2.0
  CVSS Score     : 5.3
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Fixed by #18227.

0C 0H 1M 0L stdlib 1.20.6
pkg:golang/stdlib@1.20.6

✗ MEDIUM CVE-2023-29409
  https://scout.docker.com/v/CVE-2023-29409
  Affected range : >=1.20.0-0
                 : <1.20.7
  Fixed version  : 1.20.7

Fixed by DataDog/datadog-agent-buildimages#432.

0C 0H 1M 0L perl 5.34.0-3ubuntu1.2
pkg:deb/ubuntu/perl@5.34.0-3ubuntu1.2?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ MEDIUM CVE-2022-48522
  https://scout.docker.com/v/CVE-2022-48522
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 9.8
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 2L 2? cryptography 39.0.1
pkg:pypi/cryptography@39.0.1

✗ LOW GHSA-jm77-qphf-c4w8
  https://scout.docker.com/v/GHSA-jm77-qphf-c4w8
  Affected range : >=0.8
                 : <41.0.3
  Fixed version  : 41.0.3

✗ LOW GHSA-5cpq-8wj7-hf2v
  https://scout.docker.com/v/GHSA-5cpq-8wj7-hf2v
  Affected range : >=0.5
                 : <=40.0.2
  Fixed version  : 41.0.0

✗ UNSPECIFIED GMS-2023-1898 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
  https://scout.docker.com/v/GMS-2023-1898
  Affected range : >=0.8
                 : <41.0.3
  Fixed version  : 41.0.3

✗ UNSPECIFIED GMS-2023-1778 [OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities]
  https://scout.docker.com/v/GMS-2023-1778
  Affected range : >=0.5
                 : <=40.0.2
  Fixed version  : 41.0.0

Fixed by DataDog/integrations-core#15517.

0C 0H 0M 1L bash 5.1-6ubuntu1
pkg:deb/ubuntu/bash@5.1-6ubuntu1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2022-3715
  https://scout.docker.com/v/CVE-2022-3715
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 7.8
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 1L openssl 3.0.2-0ubuntu1.10
pkg:deb/ubuntu/openssl@3.0.2-0ubuntu1.10?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2023-2975
  https://scout.docker.com/v/CVE-2023-2975
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 5.3
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 1L gnupg2 2.2.27-3ubuntu2.1
pkg:deb/ubuntu/gnupg2@2.2.27-3ubuntu2.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2022-3219
  https://scout.docker.com/v/CVE-2022-3219
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 3.3
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 1L coreutils 8.32-4.1ubuntu1
pkg:deb/ubuntu/coreutils@8.32-4.1ubuntu1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2016-2781
  https://scout.docker.com/v/CVE-2016-2781
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 6.5
  CVSS Vector    : CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 1L pcre3 2:8.39-13ubuntu0.22.04.1
pkg:deb/ubuntu/pcre3@2:8.39-13ubuntu0.22.04.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2017-11164
  https://scout.docker.com/v/CVE-2017-11164
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 7.5
  CVSS Vector    : CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 1L shadow 1:4.8.1-2ubuntu2.1
pkg:deb/ubuntu/shadow@1:4.8.1-2ubuntu2.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2023-29383
  https://scout.docker.com/v/CVE-2023-29383
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 3.3
  CVSS Vector    : CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 1L libzstd 1.4.8+dfsg-3build1
pkg:deb/ubuntu/libzstd@1.4.8+dfsg-3build1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2022-4899
  https://scout.docker.com/v/CVE-2022-4899
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 7.5
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

0C 0H 0M 1L glibc 2.35-0ubuntu3.1
pkg:deb/ubuntu/glibc@2.35-0ubuntu3.1?os_distro=jammy&os_name=ubuntu&os_version=22.04

✗ LOW CVE-2016-20013
  https://scout.docker.com/v/CVE-2016-20013
  Affected range : >=0
  Fixed version  : not fixed
  CVSS Score     : 7.5
  CVSS Vector    : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

As said in the report: « Fixed version : not fixed ».
We’ll pick the fix as soon as one will be released.

To conclude, I think that all the vulnerabilities reported here are:

• either already fixed in our repositories and the fix will be in the next version of the agent: 7.48.0,
• or there’s no fix available yet.