Get product advice from experts

Ask a question →

Join a community group

Find a group →

Advance your career with learning paths

Take a free class →

Earn badges and rewards

Connect and share ideas at events

See the calendar →

Community
Products
Fisheye/Crucible
Questions
Is Crucible/Fisheye v4.8.13/4.8.14 vulnerable to CVE-2023-38545?

Is Crucible/Fisheye v4.8.13/4.8.14 vulnerable to CVE-2023-38545?

Our Tenable scan has flagged our recent upgrade to Crucible/Fisheye 4.8.13/4.8.14 for the version of libcurl contained within the x86_64-linux-gnu/libcurl-gnutls.so.4.7.0.

Docker container running on RHEL7.

Flagged file:

/var/lib/docker/overlay2/xxxxx/diff/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.7.0
/var/lib/docker/overlay2/xxxxx/merged/usr/lib/x86_64-linux-gnu/libcurl-gnutls.so.4.7.0
/var/lib/docker/overlay2/xxxxx/merged/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0
/var/lib/docker/overlay2/xxxxx/diff/usr/lib/x86_64-linux-gnu/libcurl.so.4.7.0

It is recommended the libcurl version be upgraded from 7.81.0 to 8.4.0.

Is Crucible impacted by this CVE? Will there be an update to the latest image for this issue in the near future?

0 answers

Suggest an answer

Log in or Sign up to answer

Fisheye/Crucible

DEPLOYMENT TYPE

SERVER

VERSION

4.8.14

TAGS