docs: document & VEX the residual upstream CVEs#49
Merged
Conversation
The two findings Docker Scout reports on maniator/gh:latest are both upstream and not fixable in this repo: - CVE-2025-15558 (High): in github.com/docker/cli, compiled into the upstream gh binary. It's a Windows-only privilege escalation via a C:\ProgramData path that doesn't exist on our linux/* images -> asserted not_affected in openvex.json (vulnerable_code_not_in_execute_path). - CVE-2025-60876 (Medium): busybox wget; no fixed package exists in any Alpine branch yet. apk upgrade already pulls the newest; auto-clears on the nightly rebuild once Alpine ships a patch. SECURITY.md documents the hardening, the accepted residual findings, and how to consume the VEX (`trivy image --vex openvex.json ...`). Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
There was a problem hiding this comment.
Pull request overview
This PR adds security-focused documentation and an OpenVEX attestation to explicitly track residual vulnerability scanner findings that are upstream/non-actionable for this Alpine-based maniator/gh image.
Changes:
- Add
SECURITY.mdwith vulnerability reporting guidance, hardening notes, and a table tracking accepted residual CVEs. - Add
openvex.jsonwith an OpenVEX statement asserting CVE-2025-15558 is not affected for the Linux-published image.
Reviewed changes
Copilot reviewed 2 out of 2 changed files in this pull request and generated 4 comments.
| File | Description |
|---|---|
SECURITY.md |
Documents reporting process, hardening approach, and a maintained list of residual upstream CVE findings. |
openvex.json |
Provides a machine-readable OpenVEX assertion to suppress a Windows-only CVE as not applicable to Linux images. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
|
|
||
| | CVE | Severity | Component | Status | Notes | | ||
| |-----|----------|-----------|--------|-------| | ||
| | [CVE-2025-15558](https://osv.dev/vulnerability/CVE-2025-15558) | High | `github.com/docker/cli`, compiled into the upstream `gh` binary | **Not affected (Linux)** | Windows-only privilege escalation via `C:\ProgramData\Docker\cli-plugins`; that path does not exist on these `linux/*` images, so the vulnerable code is not in the execute path. Asserted in [`openvex.json`](./openvex.json). Fixed upstream in `docker/cli` ≥ 29.2.0; the scanner finding clears when `gh` ships a release bumping its vendored `docker/cli`. | |
| | CVE | Severity | Component | Status | Notes | | ||
| |-----|----------|-----------|--------|-------| | ||
| | [CVE-2025-15558](https://osv.dev/vulnerability/CVE-2025-15558) | High | `github.com/docker/cli`, compiled into the upstream `gh` binary | **Not affected (Linux)** | Windows-only privilege escalation via `C:\ProgramData\Docker\cli-plugins`; that path does not exist on these `linux/*` images, so the vulnerable code is not in the execute path. Asserted in [`openvex.json`](./openvex.json). Fixed upstream in `docker/cli` ≥ 29.2.0; the scanner finding clears when `gh` ships a release bumping its vendored `docker/cli`. | | ||
| | [CVE-2025-60876](https://security.alpinelinux.org/srcpkg/busybox) | Medium | `alpine/busybox` | **Affected — no upstream fix** | BusyBox `wget` request-splitting. No fixed `busybox` exists in any Alpine branch yet (incl. edge) — `apk upgrade` already pulls the newest available. Not exercised at runtime by a `gh` container. Auto-clears via the nightly rebuild once Alpine publishes a patch. | |
| @@ -0,0 +1,22 @@ | |||
| { | |||
| "@context": "https://openvex.dev/ns/v0.2.0", | |||
| "@id": "https://github.com/maniator/gh/blob/main/openvex.json", | |||
| ], | ||
| "status": "not_affected", | ||
| "justification": "vulnerable_code_not_in_execute_path", | ||
| "impact_statement": "CVE-2025-15558 is a Windows-only privilege escalation via C:\\ProgramData\\Docker\\cli-plugins, in the github.com/docker/cli module compiled into the upstream gh binary. maniator/gh publishes only linux/* images, where that path does not exist and the Windows plugin-lookup code cannot execute." |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Why
After the base-image patch merged, Docker Scout still flags 2 findings on
maniator/gh:latest. Both are upstream and not fixable in this repo; this PR documents them transparently and provides a machine-readable VEX so scanners can suppress the non-applicable one.The two findings
github.com/docker/clicompiled into the upstreamghbinaryC:\ProgramData\Docker\cli-plugins— that path can't exist on ourlinux/*images. Markednot_affected(vulnerable_code_not_in_execute_path) inopenvex.json.busyboxwgetin the Alpine baseapk upgradealready pulls the newest. Auto-clears on the nightly rebuild once Alpine patches.What's added
SECURITY.md— reporting, hardening summary, and a tracked table of accepted residual findings (re-evaluated as upstream fixes land).openvex.json— OpenVEX assertion that the image is not affected by CVE-2025-15558, consumable viatrivy image --vex openvex.json maniator/gh:latest.No code/Dockerfile change — these are docs + a security attestation.
🤖 Generated with Claude Code