chore(findings): avocado/orchestrator/avocado-db

Summary

avocado/orchestrator/avocado-db has 90 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=avocado/orchestrator/avocado-db&tag=3.2.18&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	epss_score	kev
CVE-2023-2650	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.88208	false
CVE-2023-2650	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.88208	false
CVE-2022-2068	Twistlock CVE	Medium	compat-openssl11-1.1.1k-5.el9_6.1	0.51848	false
CVE-2022-2068	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.51848	false
CVE-2022-1292	Twistlock CVE	Medium	compat-openssl11-1.1.1k-5.el9_6.1	0.40260	false
CVE-2022-1292	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.40260	false
CVE-2024-5535	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.03505	false
CVE-2024-5535	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.03505	false
CVE-2024-2511	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.01519	false
CVE-2024-2511	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.01519	false
CVE-2023-0464	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.01165	false
CVE-2023-0464	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.01165	false
CVE-2023-3446	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00672	false
CVE-2023-3446	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00672	false
CVE-2023-0466	Twistlock CVE	Medium	compat-openssl11-1.1.1k-5.el9_6.1	0.00508	false
CVE-2023-0466	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00508	false
CVE-2023-0465	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00337	false
CVE-2023-0465	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00337	false
CVE-2024-21230	Twistlock CVE	Medium	mysql-8.4.2	0.00275	false
CVE-2024-21196	Twistlock CVE	Medium	mysql-8.4.2	0.00275	false
CVE-2024-21236	Twistlock CVE	Medium	mysql-8.4.2	0.00240	false
CVE-2024-0727	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00214	false
CVE-2024-0727	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00214	false
CVE-2024-21238	Twistlock CVE	Medium	mysql-8.4.2	0.00213	false
CVE-2022-2097	Twistlock CVE	Medium	compat-openssl11-1.1.1k-5.el9_6.1	0.00198	false
CVE-2022-2097	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00198	false
CVE-2024-21207	Twistlock CVE	Medium	mysql-8.4.2	0.00195	false
CVE-2023-3817	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00194	false
CVE-2023-3817	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00194	false
CVE-2024-21241	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21239	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21219	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21218	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21203	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21201	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21199	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21198	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21197	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21194	Twistlock CVE	Medium	mysql-8.4.2	0.00190	false
CVE-2024-21231	Twistlock CVE	Low	mysql-8.4.2	0.00176	false
CVE-2024-41996	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00166	false
CVE-2024-41996	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00166	false
CVE-2024-21193	Twistlock CVE	Medium	mysql-8.4.2	0.00161	false
CVE-2023-0215	Twistlock CVE	Medium	compat-openssl11-1.1.1k-5.el9_6.1	0.00148	false
CVE-2023-0215	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00148	false
CVE-2022-4304	Twistlock CVE	Medium	compat-openssl11-1.1.1k-5.el9_6.1	0.00138	false
CVE-2022-4304	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00138	false
CVE-2024-21212	Twistlock CVE	Medium	mysql-8.4.2	0.00125	false
CVE-2024-21237	Twistlock CVE	Low	mysql-8.4.2	0.00121	false
CVE-2024-21232	Twistlock CVE	Low	mysql-8.4.2	0.00121	false
CVE-2024-21247	Twistlock CVE	Low	mysql-8.4.2	0.00117	false
CVE-2024-4741	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00116	false
CVE-2024-4741	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00116	false
CVE-2022-4450	Twistlock CVE	Medium	compat-openssl11-1.1.1k-5.el9_6.1	0.00116	false
CVE-2022-4450	Anchore CVE	Medium	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00116	false
CVE-2024-21244	Twistlock CVE	Low	mysql-8.4.2	0.00094	false
CVE-2024-21243	Twistlock CVE	Low	mysql-8.4.2	0.00094	false
CVE-2024-21209	Twistlock CVE	Low	mysql-8.4.2	0.00094	false
CVE-2023-5678	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00083	false
CVE-2023-5678	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00083	false
CVE-2024-13176	Twistlock CVE	Low	compat-openssl11-1.1.1k-5.el9_6.1	0.00080	false
CVE-2024-13176	Anchore CVE	Low	compat-openssl11-1:1.1.1k-5.el9_6.1	0.00080	false
CVE-2023-50495	Anchore CVE	Low	ncurses-6.2-10.20210508.el9_6.2	0.00050	false
CVE-2025-50104	Twistlock CVE	Low	mysql-8.4.2	0.00047	false
CVE-2025-50102	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50101	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50100	Twistlock CVE	Low	mysql-8.4.2	0.00047	false
CVE-2025-50099	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50098	Twistlock CVE	Low	mysql-8.4.2	0.00047	false
CVE-2025-50097	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50093	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50092	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50091	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50088	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50080	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50079	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50077	Twistlock CVE	Medium	mysql-8.4.2	0.00047	false
CVE-2025-50083	Twistlock CVE	Medium	mysql-8.4.2	0.00046	false
CVE-2025-50082	Twistlock CVE	Medium	mysql-8.4.2	0.00046	false
CVE-2025-50078	Twistlock CVE	Medium	mysql-8.4.2	0.00046	false
CVE-2025-50086	Twistlock CVE	Medium	mysql-8.4.2	0.00043	false
CVE-2025-50085	Twistlock CVE	Medium	mysql-8.4.2	0.00043	false
CVE-2025-50084	Twistlock CVE	Medium	mysql-8.4.2	0.00043	false
CVE-2024-21213	Twistlock CVE	Medium	mysql-8.4.2	0.00038	false
CVE-2025-50087	Twistlock CVE	Medium	mysql-8.4.2	0.00029	false
CVE-2025-50081	Twistlock CVE	Low	mysql-8.4.2	0.00026	false
CVE-2025-50096	Twistlock CVE	Medium	mysql-8.4.2	0.00019	false
CCE-83623-9	OSCAP Compliance	Medium		N/A	N/A
1ecec1e40ccbe23f44510a519bf45ad5	Anchore Compliance	Critical		N/A	N/A
06326817a751383683daa4f085406e9e	Anchore Compliance	Critical		N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=avocado/orchestrator/avocado-db&tag=3.2.18&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Sep 03, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): avocado/orchestrator/avocado-db

Summary

Tasks

Questions?