High security alert for Alpine Linux in Grafana 7.4.3 docker image

Grafana Configuration
1

Hello Everyone,

We are using the Grafana version 7.4.3 running in a docker (grafana/grafana:7.4.3) container in Azure environment. Recently we have found the below high alerts related to the alpine version used in this 7.4.3 docker image.

CVE-2022-0778 - Alpine Linux has released a security update for openssl to fix the vulnerabilities.
CVE-2021-36159 - Alpine Linux has released a security update for apk-tools to fix the vulnerabilities.
CVE-2022-28391 - Alpine Linux has released a security update for busybox to fix the vulnerabilities.

If we upgrade to the latest version of Grafana 9.0.1 docker version will it resolve all these vulnerabilities ? We could not find it anywhere mentioned that the latest version would resolve these CVEs.

Can you please advise?

2

Only way to find out is by upgrading. But dont upgrade the live one.

Clone the current grafana, upgrade the clone to v9 and see if it resolves your issues.

If all is well upgrade the real grafana