We self host a server with Bitwarden and we have just recieved the following Alert CVE-2023-38408 Severity: 9.8
Lock down configuration
SSH must have password auth disabled and only accepting key based authentication
I have run the update script on the server and we are running bitwarden/setup 2024.2.3
Status: Image is up to date for bitwarden/setup:2024.2.3
docker.io/bitwarden/setup:2024.2.3
Please advise how to correct the issue.
@ArcATL Welcome to the forum!
I’m no expert on self-hosting, but Googling the CVE in question suggests to me that you may need to upgrade your operating system… What operating system version are you running your server on?
the server is Ubuntu 20.04.2LTS. Logging into the server I do see 22.04.3 LTS is available. run ‘do-relese-upgrade’ to upgrade to it.
I will do a backup of the server but should be that simple to just run that command or anything else i should take into consideration with bitwarden?
Like I said, this is out of my wheel-house.
But you may find some relevant information at the following two links:
Thank you for your assistance. After ready through some of those post. I did an apt-get update and upgrade and looks like I am on openssh-server 1:8.2p1-4ubuntu0.11. Server is still on 20.04.2 will see security scan can comes up clean now.