chore(findings): appgate/sdp-operator
Summary
appgate/sdp-operator has 62 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-8qpw-xqxj-h4r2 | Anchore CVE | Medium | aiohttp-3.8.5 |
GHSA-7gpw-8wmc-pm8g | Anchore CVE | Medium | aiohttp-3.8.5 |
CVE-2022-29458 | Anchore CVE | Low | ncurses-6.2-10.20210508.el9 |
GHSA-3ww4-gg4f-jr7f | Anchore CVE | High | cryptography-41.0.4 |
GHSA-gfw2-4jvh-wgfg | Anchore CVE | Medium | aiohttp-3.8.5 |
GHSA-g4mx-q9vg-27p4 | Anchore CVE | Medium | urllib3-1.26.17 |
GHSA-jfhm-5ghh-2f97 | Anchore CVE | Medium | cryptography-41.0.4 |
CVE-2024-32487 | Anchore CVE | High | less-590-3.el9_3 |
CVE-2016-20012 | Anchore CVE | Low | openssh-8.7p1-38.el9 |
CVE-2023-50495 | Anchore CVE | Low | ncurses-6.2-10.20210508.el9 |
CVE-2023-51767 | Anchore CVE | Medium | openssh-8.7p1-38.el9 |
CVE-2023-51767 | Anchore CVE | Medium | openssh-clients-8.7p1-38.el9 |
GHSA-pjjw-qhg8-p2p9 | Anchore CVE | Medium | aiohttp-3.8.5 |
GHSA-9v9h-cgj8-h64p | Anchore CVE | Medium | cryptography-41.0.4 |
GHSA-qvrw-v9rv-5rjx | Anchore CVE | Medium | aiohttp-3.8.5 |
CVE-2016-20012 | Anchore CVE | Low | openssh-clients-8.7p1-38.el9 |
GHSA-6vqw-3v5j-54x4 | Anchore CVE | High | cryptography-41.0.4 |
GHSA-2mqj-m65w-jghx | Anchore CVE | High | GitPython-3.1.37 |
GHSA-5m98-qgg9-wh84 | Anchore CVE | High | aiohttp-3.8.5 |
GHSA-jjg7-2v4v-x38h | Anchore CVE | Medium | idna-3.4 |
CVE-2017-1000383 | Anchore CVE | Low | emacs-filesystem-1:27.2-9.el9 |
GHSA-q3qx-c6g2-7pw2 | Anchore CVE | High | aiohttp-3.8.5 |
GHSA-5h86-8mv2-jq9f | Anchore CVE | Medium | aiohttp-3.8.5 |
CVE-2024-32487 | Twistlock CVE | Critical | less-590-3.el9_3 |
CVE-2024-22190 | Twistlock CVE | High | gitpython-3.1.37 |
CVE-2024-30251 | Twistlock CVE | High | aiohttp-3.8.5 |
CVE-2024-26130 | Twistlock CVE | High | cryptography-41.0.4 |
CVE-2023-50782 | Twistlock CVE | High | cryptography-41.0.4 |
CVE-2023-49083 | Twistlock CVE | High | cryptography-41.0.4 |
CVE-2023-49081 | Twistlock CVE | High | aiohttp-3.8.5 |
CVE-2023-51767 | Twistlock CVE | Medium | openssh-clients-8.7p1-38.el9 |
CVE-2023-51767 | Twistlock CVE | Medium | openssh-8.7p1-38.el9 |
CVE-2024-23829 | Twistlock CVE | Medium | aiohttp-3.8.5 |
CVE-2024-3651 | Twistlock CVE | Medium | idna-3.4 |
CVE-2024-27306 | Twistlock CVE | Medium | aiohttp-3.8.5 |
CVE-2024-23334 | Twistlock CVE | Medium | aiohttp-3.8.5 |
CVE-2024-0727 | Twistlock CVE | Medium | cryptography-41.0.4 |
CVE-2023-49082 | Twistlock CVE | Medium | aiohttp-3.8.5 |
CVE-2023-47627 | Twistlock CVE | Medium | aiohttp-3.8.5 |
CVE-2023-45803 | Twistlock CVE | Medium | urllib3-1.26.17 |
GHSA-pjjw-qhg8-p2p9 | Twistlock CVE | Medium | aiohttp-3.8.5 |
CVE-2024-30205 | Twistlock CVE | Medium | emacs-filesystem-27.2-9.el9 |
CVE-2024-30204 | Twistlock CVE | Medium | emacs-filesystem-27.2-9.el9 |
CVE-2024-30203 | Twistlock CVE | Medium | emacs-filesystem-27.2-9.el9 |
CVE-2023-50495 | Twistlock CVE | Low | ncurses-6.2-10.20210508.el9 |
CVE-2022-29458 | Twistlock CVE | Low | ncurses-6.2-10.20210508.el9 |
CVE-2017-1000383 | Twistlock CVE | Low | emacs-filesystem-27.2-9.el9 |
CVE-2024-32002 | Twistlock CVE | Critical | git-2.43.0-1.el9 |
CVE-2024-32002 | Twistlock CVE | Critical | perl-Git-2.43.0-1.el9 |
CVE-2024-32002 | Twistlock CVE | Critical | git-core-2.43.0-1.el9 |
CVE-2024-32004 | Twistlock CVE | Critical | git-core-2.43.0-1.el9 |
CVE-2024-32004 | Twistlock CVE | Critical | git-2.43.0-1.el9 |
CVE-2024-32004 | Twistlock CVE | Critical | perl-Git-2.43.0-1.el9 |
CVE-2024-32465 | Twistlock CVE | Medium | git-core-2.43.0-1.el9 |
CVE-2024-32465 | Twistlock CVE | Medium | perl-Git-2.43.0-1.el9 |
CVE-2024-32465 | Twistlock CVE | Medium | git-2.43.0-1.el9 |
CVE-2024-32021 | Twistlock CVE | Low | git-2.43.0-1.el9 |
CVE-2024-32021 | Twistlock CVE | Low | perl-Git-2.43.0-1.el9 |
CVE-2024-32021 | Twistlock CVE | Low | git-core-2.43.0-1.el9 |
CVE-2024-32020 | Twistlock CVE | Low | git-2.43.0-1.el9 |
CVE-2024-32020 | Twistlock CVE | Low | perl-Git-2.43.0-1.el9 |
CVE-2024-32020 | Twistlock CVE | Low | git-core-2.43.0-1.el9 |
VAT: https://vat.dso.mil/vat/image?imageName=appgate/sdp-operator&tag=0.3.14&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=appgate/sdp-operator&tag=0.2.12&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.