Hi camunda team,
We scanned the camunda/camunda-bpm-platform:7.22.0 docker image and found that it contains a package with critical and high risk-level vulnerabilities.
/camunda/javaagent/jmx_prometheus_javaagent.jar
pkg:maven/org.yaml/snakeyaml@1.16
CVE-2022-1471
CVE-2017-18640
CVE-2022-25857
They are originates from an outdated jmx_exporter, which was added in download.sh script.
Fortunately, the version has been extracted as an ARG in the Dockerfile, making it easy to upgrade to a new version.
I would be very grateful if this issue could be resolved.
Thank you.