Prisma Cloud Compute: 이미지 스캔 결과의 CVE-2022-40897
2686
Created On 07/31/24 00:50 AM - Last Modified 04/30/25 20:26 PM
Objective
이 문서의 목적은 Prisma 스캐닝이 OpenShift 이미지 에서 python3-setuptools-wheel 패키지의 여러 버전을 감지한 이유를 설명하는 것입니다.
Environment
- Prisma Cloud Compute 셀프호스팅 콘솔
- Prisma Cloud Compute SAAS 콘솔
Procedure
Investigation from engineering team revealed that the image content was updated using yum update or similar commands, resulting in a mismatch between the image and the container based on it.
It was identified that the image downloaded had a older version, but somewhere during the image execution that package was updated which can be identified using the following command
rpm -qa --qf '%{INSTALLTIME} (%{INSTALLTIME:date}): %{NAME}-%{VERSION}-%{RELEASE}.%{ARCH}\n' | sort -n | grep python3-setuptools.
It is advised from our engineering team to use an updated image where the package is already updated.