Scanner complains about SSHD version in EAP 7.4.20 image's wildfly-elytron jar
Issue
- Red Hat ACS identified a finding in the wildfly-elytron package (specifically sshd-common - CVE-2023-35887) at /opt/jboss/container/wildfly/s2i/galleon/galleon-m2-repository/org/wildfly/security/wildfly-elytron/1.15.23.Final-redhat-00001/wildfly-elytron-1.15.23.Final-redhat-00001.jar:sshd-common from the EAP container image as it appears SSHD classes used here are still from SSHD 2.9.2
Environment
- JBoss Enterprise Application Platform (EAP)
- 7.x
- 8.x
Subscriber exclusive content
A Red Hat subscription provides unlimited access to our knowledgebase, tools, and much more.
