jenkins-slave not affected by polkit (CVE-2021-4034)

Description

jenkins-slave = https://github.com/folio-org/folio-tools/blob/master/jenkins-slave-docker/Dockerfile.focal-java-11

This is based on Ubuntu Focal that is vulnerable to Local Privilege Escalation in polkit's pkexec. Focal with a fix has been released: https://ubuntu.com/security/CVE-2021-4034

However, the container that FOLIO uses doesn't install the polkit package (policykit-1). a cd /; find -name '*pkexec*' doesn't find the vulnerable binary.

Therefore jenkins-slave is not affected.

CSP Request Details

None

CSP Rejection Details

None

Potential Workaround

None

Linked issues

relates to

FOLIO-3402

folioci/alpine-jre-openjdk11 not affected by polkit (CVE-2021-4034)

Checklist

hide

TestRail: Results

Activity

Show:

Cannot Reproduce

Details

Assignee

David Crossley

Reporter

Julian Ladisch

Labels

security

Priority

TBD

Sprint

None

Development Team

FOLIO DevOps

RCA Group

TBD

TestRail: Cases

Open TestRail: Cases

TestRail: Runs

Open TestRail: Runs

Created January 26, 2022 at 3:27 PM

Updated January 27, 2022 at 4:31 PM

Resolved January 26, 2022 at 4:00 PM

Configure

TestRail: Cases

TestRail: Runs