Security issue with on-prem /self-hosted Docker install releases 241, 239 and older
Incident Report for Instana
As an additional safety measure for wrongly configured firewalls, Kafka, Clickhouse, and Cassandra are now configured such that clients can only connect from localhost. The other databases have already been configured this way.

We have released the following security bulletin for this issue
IBM strongly recommends addressing the vulnerability now by upgrading to 243, 241-3 or 239-3

Upgrading your Instana console:

Use your appropriate package manager command to update to a desired package version of Instana console.
See the following example for Ubuntu:
To get the latest version, run the command as follows:
sudo apt-get install instana-console
To grab a specific version, run the command as follows:
sudo apt-get install instana-console=241-3
Posted Mar 06, 2023 - 21:35 UTC
Docker-based datastores for IBM Instana do not currently require authentication
Due to this, an attacker within the network could access the data stores with read/write access (CVE-2023-27290).
Posted Mar 06, 2023 - 21:33 UTC