TF 0042 - SymbioticSec/Symbiotic-Vulnerability-Database GitHub Wiki
Image tag ":latest" used
| Property | Value |
|---|---|
| Language |  |
| Severity |  |
| Vulnerability Type | omission |
Description
Using the ':latest' tag for container images in deployments makes it unclear which version of the image is actually running, leading to unpredictability and difficulty tracing or rolling back changes. This practice reduces transparency and control over the software lifecycle.
Impact
Relying on ':latest' can result in unintentional upgrades or inconsistencies across environments, increasing the risk of running untested or vulnerable code. Attackers may exploit this unpredictability to introduce malicious images, or operations teams may struggle to respond quickly to incidents due to lack of version clarity.
Resolution
Use a specific container image tag that is not 'latest'.