We are using CentOS7 as a base image for our docker images.
We noticed two critical vulnerabilities related to OpenSSL, which is present in CentOS7: According to RedHat they are classified as moderate:
- "The c_rehash script is not included in the default installation on any supported RHEL version and is never executed automatically. For these reasons, this flaw has been rated as having a security impact of Moderate."
https://access.redhat.com/security/cve/CVE-2022-1292
https://access.redhat.com/security/cve/CVE-2022-2068
Best regards,