chore(findings): anchore/engine/engine
Summary
anchore/engine/engine has 169 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
PRISMA-2022-0113 | twistlock_cve | Medium | github.com/aws/aws-sdk-go-v1.31.6 |
CVE-2022-24801 | twistlock_cve | High | twisted-20.3.0 |
CVE-2022-24675 | twistlock_cve | High | go-1.16.10 |
CVE-2018-10892 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
CVE-2018-10892 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-g54h-m393-cpwq | anchore_cve | Low | github.com/opencontainers/runc-v0.1.1 |
CVE-2019-5736 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
CVE-2019-16884 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-c3h9-896r-86jm | anchore_cve | High | github.com/gogo/protobuf-v1.3.1 |
GHSA-fgv8-vj5c-2ppq | anchore_cve | High | github.com/opencontainers/runc-v0.1.1 |
CVE-2020-27534 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-77vh-xpmg-72qh | anchore_cve | Low | github.com/opencontainers/image-spec-v1.0.1 |
GHSA-g54h-m393-cpwq | anchore_cve | Low | github.com/opencontainers/runc-v0.1.1 |
CVE-2021-21284 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-5j5w-g665-5m35 | anchore_cve | Low | github.com/containerd/containerd-v1.3.4 |
GHSA-c72p-9xmj-rx3w | anchore_cve | Medium | github.com/containerd/containerd-v1.3.4 |
GHSA-v95c-p5hm-xq8f | anchore_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
CVE-2019-16884 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
CVE-2019-13139 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-c3xm-pvg7-gh7r | anchore_cve | High | github.com/opencontainers/runc-v0.1.1 |
GHSA-gp4j-w3vj-7299 | anchore_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-qq97-vm5h-rrhg | anchore_cve | Low | github.com/docker/distribution-v2.7.1+incompatible |
CVE-2021-21284 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-c2h3-6mxw-7mvq | anchore_cve | Medium | github.com/containerd/containerd-v1.3.4 |
GHSA-5j5w-g665-5m35 | anchore_cve | Low | github.com/containerd/containerd-v1.4.11 |
CVE-2021-21285 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
CVE-2021-21285 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
CVE-2019-13509 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-fgv8-vj5c-2ppq | anchore_cve | High | github.com/opencontainers/runc-v0.1.1 |
GHSA-crp2-qrr5-8pq7 | anchore_cve | High | github.com/containerd/containerd-v1.4.11 |
CVE-2019-13509 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-77vh-xpmg-72qh | anchore_cve | Low | github.com/opencontainers/image-spec-v1.0.1 |
GHSA-crp2-qrr5-8pq7 | anchore_cve | High | github.com/containerd/containerd-v1.3.4 |
CVE-2019-5736 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-gp4j-w3vj-7299 | anchore_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-qq97-vm5h-rrhg | anchore_cve | Low | github.com/docker/distribution-v2.7.1+incompatible |
GHSA-v95c-p5hm-xq8f | anchore_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
CVE-2019-13139 | anchore_cve | High | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
CVE-2020-27534 | anchore_cve | Medium | github.com/docker/docker-v17.12.0-ce-rc1.0.20200309214505-aa6a9891b09c+incompatible |
GHSA-c3xm-pvg7-gh7r | anchore_cve | High | github.com/opencontainers/runc-v0.1.1 |
GHSA-36xw-fx78-c5r4 | anchore_cve | Medium | github.com/containerd/containerd-v1.3.4 |
CVE-2022-28327 | twistlock_cve | High | go-1.16.10 |
GHSA-27rq-4943-qcwp | anchore_cve | Medium | github.com/hashicorp/go-getter-v1.4.1 |
CVE-2022-28327 | twistlock_cve | High | go-1.17.7 |
CVE-2022-24675 | twistlock_cve | High | go-1.17.7 |
PRISMA-2022-0164 | twistlock_cve | Medium | github.com/aws/aws-sdk-go-v1.31.6 |
GHSA-f3fp-gc8g-vw66 | anchore_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-f3fp-gc8g-vw66 | anchore_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-28r2-q6m8-9hpx | anchore_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
GHSA-cjr4-fv6c-f3mv | anchore_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
GHSA-x24g-9w7v-vprh | anchore_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
GHSA-fcgg-rvwg-jv58 | anchore_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
GHSA-5ffw-gxpp-mxpf | anchore_cve | Medium | github.com/containerd/containerd-v1.3.4 |
GHSA-5ffw-gxpp-mxpf | anchore_cve | Medium | github.com/containerd/containerd-v1.4.11 |
CVE-2022-30322 | twistlock_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
CVE-2022-30321 | twistlock_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
CVE-2022-26945 | twistlock_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
CVE-2022-30323 | twistlock_cve | Critical | github.com/hashicorp/go-getter-v1.4.1 |
CVE-2022-23648 | twistlock_cve | High | github.com/containerd/containerd-v1.4.11 |
CVE-2022-23648 | twistlock_cve | High | github.com/containerd/containerd-v1.3.4 |
CVE-2021-3121 | twistlock_cve | High | github.com/gogo/protobuf-v1.3.1 |
CVE-2021-30465 | twistlock_cve | High | github.com/opencontainers/runc-v0.1.1 |
CVE-2019-16884 | twistlock_cve | High | github.com/opencontainers/runc-v0.1.1 |
CVE-2022-31030 | twistlock_cve | Medium | github.com/containerd/containerd-v1.4.11 |
CVE-2022-31030 | twistlock_cve | Medium | github.com/containerd/containerd-v1.3.4 |
CVE-2022-29810 | twistlock_cve | Medium | github.com/hashicorp/go-getter-v1.4.1 |
CVE-2022-29162 | twistlock_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
CVE-2021-43784 | twistlock_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
CVE-2021-41103 | twistlock_cve | Medium | github.com/containerd/containerd-v1.3.4 |
CVE-2021-32760 | twistlock_cve | Medium | github.com/containerd/containerd-v1.3.4 |
CVE-2016-9962 | twistlock_cve | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-qq97-vm5h-rrhg | twistlock_cve | Low | github.com/docker/distribution-v2.7.1 |
GHSA-g54h-m393-cpwq | twistlock_cve | Low | github.com/opencontainers/runc-v0.1.1 |
GHSA-77vh-xpmg-72qh | twistlock_cve | Low | github.com/opencontainers/image-spec-v1.0.1 |
GHSA-5j5w-g665-5m35 | twistlock_cve | Low | github.com/containerd/containerd-v1.3.4 |
GHSA-5j5w-g665-5m35 | twistlock_cve | Low | github.com/containerd/containerd-v1.4.11 |
CVE-2022-33070 | anchore_cve | Low | protobuf-c-1.3.0-6.el8 |
CVE-2020-29652 | twistlock_cve | Low | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2020-14040 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2020-10756 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2020-10749 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2021-20199 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2020-14370 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30580 | twistlock_cve | High | go-1.16.10 |
CVE-2022-30580 | twistlock_cve | High | go-1.17.7 |
CVE-2022-32189 | twistlock_cve | High | go-1.16.10 |
CVE-2022-32189 | twistlock_cve | High | go-1.17.7 |
CVE-2022-30635 | twistlock_cve | High | go-1.17.7 |
CVE-2022-30635 | twistlock_cve | High | go-1.16.10 |
CVE-2022-30633 | twistlock_cve | High | go-1.17.7 |
CVE-2022-30633 | twistlock_cve | High | go-1.16.10 |
CVE-2022-30632 | twistlock_cve | High | go-1.16.10 |
CVE-2022-30632 | twistlock_cve | High | go-1.17.7 |
CVE-2022-30631 | twistlock_cve | High | go-1.17.7 |
CVE-2022-30631 | twistlock_cve | High | go-1.16.10 |
CVE-2022-30630 | twistlock_cve | High | go-1.16.10 |
CVE-2022-30630 | twistlock_cve | High | go-1.17.7 |
CVE-2022-28131 | twistlock_cve | High | go-1.17.7 |
CVE-2022-28131 | twistlock_cve | High | go-1.16.10 |
CVE-2022-32148 | twistlock_cve | Medium | go-1.16.10 |
CVE-2022-32148 | twistlock_cve | Medium | go-1.17.7 |
CVE-2022-30629 | twistlock_cve | Low | go-1.16.10 |
CVE-2022-30629 | twistlock_cve | Low | go-1.17.7 |
CVE-2022-30631 | twistlock_cve | Medium | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30631 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30631 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2021-33198 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2020-8945 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2020-8945 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2020-28362 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2020-28362 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2015-20107 | twistlock_cve | Medium | python38-pip-wheel-19.3.1-5.module+el8.6.0+13002+70cfc74a |
CVE-2015-20107 | twistlock_cve | Medium | python38-setuptools-wheel-41.6.0-5.module+el8.5.0+12205+a865257a |
CVE-2015-20107 | twistlock_cve | Medium | python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74 |
CVE-2015-20107 | twistlock_cve | Medium | python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79 |
CVE-2015-20107 | twistlock_cve | Medium | python38-3.8.12-1.module+el8.6.0+12642+c3710b74 |
CVE-2015-20107 | twistlock_cve | Medium | python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a |
CVE-2015-20107 | twistlock_cve | Medium | python38-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a |
CVE-2022-1705 | twistlock_cve | Medium | go-1.16.10 |
CVE-2022-1705 | twistlock_cve | Medium | go-1.17.7 |
CVE-2021-34558 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2021-34558 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2021-34558 | twistlock_cve | Medium | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2021-3114 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30632 | twistlock_cve | Medium | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30632 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30632 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30630 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30630 | twistlock_cve | Medium | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30630 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-1962 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-1962 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-1962 | twistlock_cve | Medium | go-1.16.10 |
CVE-2022-1962 | twistlock_cve | Medium | go-1.17.7 |
CVE-2022-32148 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-32148 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-1705 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-1705 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-32189 | twistlock_cve | Low | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-32189 | twistlock_cve | Low | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-32189 | twistlock_cve | Low | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-29162 | twistlock_cve | Low | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2021-43784 | twistlock_cve | Low | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2021-41190 | twistlock_cve | Low | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2021-41190 | twistlock_cve | Low | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2021-3595 | twistlock_cve | Low | libslirp-4.4.0-1.module+el8.6.0+15875+dc9a2b96 |
CVE-2021-3594 | twistlock_cve | Low | libslirp-4.4.0-1.module+el8.6.0+15875+dc9a2b96 |
CVE-2021-3593 | twistlock_cve | Low | libslirp-4.4.0-1.module+el8.6.0+15875+dc9a2b96 |
CVE-2021-3592 | twistlock_cve | Low | libslirp-4.4.0-1.module+el8.6.0+15875+dc9a2b96 |
CVE-2022-33070 | twistlock_cve | Low | protobuf-c-1.3.0-6.el8 |
CVE-2022-30629 | twistlock_cve | Low | runc-1.1.3-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30629 | twistlock_cve | Low | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-30629 | twistlock_cve | Low | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2021-28861 | anchore_cve | Medium | python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74 |
CVE-2021-28861 | anchore_cve | Medium | python38-3.8.12-1.module+el8.6.0+12642+c3710b74 |
CVE-2022-0718 | anchore_cve | Medium | oslo.utils-4.12.0 |
CVE-2020-10735 | twistlock_cve | Medium | python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a |
CVE-2020-10735 | twistlock_cve | Medium | python38-setuptools-41.6.0-5.module+el8.5.0+12205+a865257a |
CVE-2020-10735 | twistlock_cve | Medium | python38-setuptools-wheel-41.6.0-5.module+el8.5.0+12205+a865257a |
CVE-2020-10735 | twistlock_cve | Medium | python38-libs-3.8.12-1.module+el8.6.0+12642+c3710b74 |
CVE-2020-10735 | twistlock_cve | Medium | python38-pip-wheel-19.3.1-5.module+el8.6.0+13002+70cfc74a |
CVE-2020-10735 | twistlock_cve | Medium | python38-3.8.12-1.module+el8.6.0+12642+c3710b74 |
CVE-2020-10735 | twistlock_cve | Medium | python38-psycopg2-2.8.4-4.module+el8.4.0+8888+89bc7e79 |
CVE-2022-27664 | twistlock_cve | Medium | skopeo-1.8.0-2.module+el8.6.0+15917+093ca6f8 |
CVE-2022-27664 | twistlock_cve | Medium | containers-common-1-35.module+el8.6.0+15917+093ca6f8 |
CVE-2022-27664 | twistlock_cve | High | go-1.17.7 |
CVE-2022-27664 | twistlock_cve | High | go-1.16.10 |
GHSA-c2jg-hw38-jrqq | anchore_cve | High | Twisted-20.3.0 |
GHSA-92x2-jw7w-xvvx | anchore_cve | High | Twisted-20.3.0 |
VAT: https://vat.dso.mil/vat/container/16948?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/anchore/engine/engine/-/jobs/10652343
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Ghost User