Critical Vulnerabilities in OpenMRS Docker image

Application Name: Reference Application

Version Number: 2.9

Question:

Scanned the latest OpenMRS Reference application with container scanning tool trivy Looks like there are lot of high vulnerabilities.

~  trivy openmrs/openmrs-reference-application-distro:2.9
openmrs/openmrs-reference-application-distro:2.9 (debian 9.8)
=============================================================
Total: 366 (UNKNOWN: 2, LOW: 61, MEDIUM: 246, HIGH: 51, CRITICAL: 6)

Unable to attach the complete report since I am new user…

1 Like

Hi @rmkanda

Could you please share your security threat details as defined here https://wiki.openmrs.org/display/docs/Managing+a+Security+Vulnerabilities+in+OpenMRS

cc @dkayiwa @isears @cintiadr @burke @mozzy

2 Likes

Thanks @c.antwi. I have shared my findings to security@openmrs.org

For your information, it’s important to any responsible disclosure that you do not make them public. Now I’m not really involved in this one, but it’s good practice to all disclosures.

1 Like