Grafana false vulnerabilities #9444

srekkas · 2025-09-05T07:43:23Z

srekkas
Sep 5, 2025

IDs

CVE-2023-3128,CVE-2018-15727

Description

Reproduction Steps

Use grafana 11.5.8 (docker.io/grafana/grafana:11.5.8)

Target

Container Image

Scanner

Vulnerability

Target OS

No response

Debug Output

Version

trivy-operator --version
2025/09/05 07:41:26 maxprocs: Leaving GOMAXPROCS=4: CPU quota undefined
{"level":"info","ts":"2025-09-05T07:41:26Z","logger":"main","msg":"Starting operator","buildInfo":{"Version":"0.28.0","Commit":"c4d544125354c5a5c0d1403ae5fe44380b7d979d","Date":"2025-08-06T05:09:32Z","Executable":""}}

Checklist

Read the documentation regarding wrong detection
Ran Trivy with -f json that shows data sources and confirmed that the security advisory in data sources was correct

DmitriyLewen · 2025-09-05T09:04:56Z

DmitriyLewen
Sep 5, 2025
Maintainer

Hello @srekkas
This image contains the grafana binary with the commit v0.0.0-20250811184538-2c8059d2a26d+dirty instead of tag number.
That is why Trivy shows this vulnerability.

Similar discussion - #9316

Regards, Dmitriy

0 replies

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Grafana false vulnerabilities #9444

Uh oh!

{{title}}

Uh oh!

Replies: 1 comment

Uh oh!

{{title}}

Uh oh!

Select a reply

Uh oh!

Grafana false vulnerabilities #9444

Uh oh!

srekkas Sep 5, 2025

IDs

Description

Reproduction Steps

Target

Scanner

Target OS

Debug Output

Version

Checklist

Replies: 1 comment

Uh oh!

DmitriyLewen Sep 5, 2025 Maintainer

srekkas
Sep 5, 2025

DmitriyLewen
Sep 5, 2025
Maintainer