[Backport feature/multi_tenancy] BackPort PR for 3219 #3231

Security Report

3 new vulnerabilities were introduced in this branch.

❌ New vulnerabilities:

CVE	Severity	CVSS Score	Vulnerable Library	Suggested Fix	Issue
CVE-2024-7254 Path to dependency file: /common/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.22.3/fdee98b8f6abab73f146a4edb4c09e56f8278d03/protobuf-java-3.22.3.jar Dependency Hierarchy: -> opensearch-2.16.0-SNAPSHOT.jar (Root Library) -> ❌ protobuf-java-3.22.3.jar (Vulnerable Library)	High	7.5	protobuf-java-3.22.3.jar	Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2	None
CVE-2024-7254 Path to dependency file: /ml-algorithms/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.21.9/ed1240d9231044ce6ccf1978512f6e44416bb7e7/protobuf-java-3.21.9.jar,/home/wss-scanner/.gradle/caches/modules-2/files-2.1/com.google.protobuf/protobuf-java/3.21.9/ed1240d9231044ce6ccf1978512f6e44416bb7e7/protobuf-java-3.21.9.jar Dependency Hierarchy: -> tribuo-clustering-kmeans-4.2.1.jar (Root Library) -> tribuo-core-4.2.1.jar -> ❌ protobuf-java-3.21.9.jar (Vulnerable Library)	High	7.5	protobuf-java-3.21.9.jar	Upgrade to version: com.google.protobuf:protobuf-javalite - 3.25.5,4.28.2,4.27.5;com.google.protobuf:protobuf-java - 4.27.5,3.25.5,4.28.2	#2998
CVE-2023-4218 Path to dependency file: /plugin/build.gradle Path to vulnerable library: /home/wss-scanner/.gradle/caches/modules-2/files-2.1/org.eclipse.platform/org.eclipse.core.runtime/3.26.100/83c77ee0cfc948ea33f5054dda3f5c39250a7ed5/org.eclipse.core.runtime-3.26.100.jar Dependency Hierarchy: -> ❌ org.eclipse.core.runtime-3.26.100.jar (Vulnerable Library)	Medium	5.0	org.eclipse.core.runtime-3.26.100.jar	Upgrade to version: org.eclipse.core.runtime:3.29.0	#1863

Base branch total remaining vulnerabilities: 1
Base branch commit: 7041c225875709719262853064ae7465bc4cd042

Total libraries scanned: 257

Scan token: e0ba92565cc94430839941bea8b858e7

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

[Backport feature/multi_tenancy] BackPort PR for 3219 #3231

[Backport feature/multi_tenancy] BackPort PR for 3219 #3231

Security Report

Re-running checks...

[Backport feature/multi_tenancy] BackPort PR for 3219 #3231

BackPort PR for 3219 (#3227)

[Backport feature/multi_tenancy] BackPort PR for 3219 #3231

Security Report

Re-running checks...