chore(findings): bitnami/airflow-scheduler
Summary
bitnami/airflow-scheduler has 303 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
7e0c1b561b484fb48ffc3efaa8fbacc9 | Anchore Compliance | Critical | |
bcdfef54201eef1f1f8d0d9514f68671 | Anchore Compliance | Critical | |
44157b615175e1e70f57f7ad0d9550ef | Anchore Compliance | Critical | |
c88e51965fd198ed35bc9171851a5e9d | Anchore Compliance | Critical | |
dda9424266cd2035ddff92fe347ce9fb | Anchore Compliance | Critical | |
b25d36fae9f6e031f5392a49e3edc394 | Anchore Compliance | Critical | |
70731ac0375b16d60f6858adcf1ecaea | Anchore Compliance | Critical | |
304d8669245d75ba99c07c4de46a98fd | Anchore Compliance | Critical | |
604a646046ef89bf63a49a0acb4023ce | Anchore Compliance | Critical | |
a9888545398921bdea9108003038dcf4 | Anchore Compliance | Critical | |
1cb46b2d796f7b3f96c175e2ea575441 | Anchore Compliance | Critical | |
23450b679695008adde7285416685d82 | Anchore Compliance | Critical | |
5be6e77774285992d4adcf96f00351c1 | Anchore Compliance | Critical | |
66e961acf7c6033526b0d89d4a0a4b7d | Anchore Compliance | Critical | |
b18c88ddeab24abfb92ae2ccddb0b022 | Anchore Compliance | Critical | |
GHSA-qrmm-w75w-3wpx | Anchore CVE | Medium | swagger-ui-dist-3.52.0 |
GHSA-px8h-6qxv-m22q | Anchore CVE | Low | Werkzeug-2.2.2 |
GHSA-x4qr-2fvf-3mr5 | Anchore CVE | High | cryptography-36.0.2 |
GHSA-jrwr-5x3p-hvc3 | Anchore CVE | Medium | markdown-it-py-2.1.0 |
GHSA-xg9f-g7g7-2323 | Anchore CVE | High | Werkzeug-2.2.2 |
GHSA-w596-4wvx-j9j6 | Anchore CVE | Medium | py-1.11.0 |
GHSA-29gw-9793-fvw7 | Anchore CVE | Medium | ipython-8.8.0 |
GHSA-43fp-rhv2-5gv8 | Anchore CVE | Medium | certifi-2022.9.24 |
CVE-2022-41862 | Anchore CVE | Low | libpq-13.5-1.el9 |
GHSA-f3fp-gc8g-vw66 | Anchore CVE | Medium | github.com/opencontainers/runc-v1.1.0 |
GHSA-vrjv-mxr7-vjf8 | Anchore CVE | Medium | markdown-it-py-2.1.0 |
GHSA-6c9x-mj3g-h47x | Anchore CVE | Medium | swagger-ui-dist-3.52.0 |
GHSA-w7pp-m8wf-vj6r | Anchore CVE | Medium | cryptography-36.0.2 |
GHSA-vpvm-3wq2-2wvm | Anchore CVE | High | github.com/opencontainers/runc-v1.1.0 |
CVE-2023-0286 | Anchore CVE | High | compat-openssl11-1:1.1.1k-4.el9_0 |
GHSA-h6g5-wqqr-3mw3 | Anchore CVE | Medium | apache-airflow-2.5.1 |
GHSA-m8cg-xc2p-r3fc | Anchore CVE | Low | github.com/opencontainers/runc-v1.1.0 |
GHSA-g2j6-57v7-gm8c | Anchore CVE | Medium | github.com/opencontainers/runc-v1.1.0 |
GHSA-9hcr-9hcv-x6pv | Anchore CVE | High | Flask-AppBuilder-4.1.4 |
CVE-2022-48468 | Anchore CVE | Medium | protobuf-c-1.3.3-12.el9 |
GHSA-rrm6-wvj7-cwh2 | Anchore CVE | Medium | sqlparse-0.4.3 |
CVE-2018-20225 | Anchore CVE | High | pip-23.1.2 |
GHSA-m2qf-hxjv-5gpq | Anchore CVE | High | Flask-2.2.2 |
CVE-2023-29491 | Anchore CVE | Medium | ncurses-6.2-8.20210508.el9 |
GHSA-vcf6-3wv2-5vcr | Anchore CVE | Medium | apache-airflow-2.5.1 |
CVE-2017-1000383 | Anchore CVE | Low | emacs-filesystem-1:27.2-8.el9_2.1 |
CVE-2023-27536 | Anchore CVE | Medium | curl-7.76.1-23.el9_2.1 |
CVE-2023-27534 | Anchore CVE | Low | curl-7.76.1-23.el9_2.1 |
CVE-2023-27533 | Anchore CVE | Low | curl-7.76.1-23.el9_2.1 |
CVE-2023-27538 | Anchore CVE | Low | curl-7.76.1-23.el9_2.1 |
GHSA-jchm-fm4q-c2fp | Anchore CVE | Critical | apache-airflow-2.5.1 |
CVE-2023-26268 | Anchore CVE | Medium | cloudant-2.15.0 |
CVE-2023-28322 | Anchore CVE | Low | curl-7.76.1-23.el9_2.1 |
CVE-2023-28321 | Anchore CVE | Medium | curl-7.76.1-23.el9_2.1 |
GHSA-j8r2-6x86-q33q | Anchore CVE | Medium | requests-2.28.1 |
CVE-2023-32681 | Anchore CVE | Medium | python3-requests-2.25.1-6.el9 |
GHSA-hj3f-6gcp-jg8j | Anchore CVE | Medium | tornado-6.1 |
CVE-2023-2602 | Anchore CVE | Low | libcap-2.48-8.el9 |
CVE-2023-2953 | Anchore CVE | Low | openldap-compat-2.6.2-3.el9 |
CVE-2023-2953 | Anchore CVE | Low | openldap-2.6.2-3.el9 |
CVE-2023-2603 | Anchore CVE | Medium | libcap-2.48-8.el9 |
CVE-2023-30571 | Anchore CVE | Medium | libarchive-3.5.3-4.el9 |
GHSA-5cpq-8wj7-hf2v | Anchore CVE | Low | cryptography-36.0.2 |
CVE-2023-22652 | Anchore CVE | Medium | libeconf-0.4.1-2.el9 |
CVE-2023-32665 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
CVE-2023-32611 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
CVE-2023-29499 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
CVE-2023-32636 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-libs-1:1.12.20-7.el9_1 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-common-1:1.12.20-7.el9_1 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-1:1.12.20-7.el9_1 |
CVE-2022-0391 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.1 |
CVE-2022-0391 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.1 |
CVE-2007-4559 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.1 |
CVE-2007-4559 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.1 |
CVE-2023-27043 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.1 |
CVE-2021-23336 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.1 |
CVE-2021-23336 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.1 |
CVE-2023-27043 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.1 |
GHSA-mjff-wv85-hmcj | Anchore CVE | Medium | apache-airflow-2.5.1 |
CVE-2023-1637 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-43975 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-34693 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1249 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-28866 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-37159 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1252 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1380 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-21102 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-3997 | Anchore CVE | Medium | systemd-libs-252-14.el9_2.1 |
CVE-2023-2019 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-22998 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-31082 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-1974 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-4662 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-40133 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-2166 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-31085 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-42895 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1073 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2020-26140 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-2248 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-3358 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-46778 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-2236 | Anchore CVE | High | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2020-26146 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-2269 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-2503 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-28410 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-2483 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1077 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-2156 | Anchore CVE | High | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-3161 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-0597 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-3594 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-36402 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-3892 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-31436 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-41858 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2020-36558 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-1972 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-0171 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-3545 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-28464 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-38457 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-0480 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-3565 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-3006 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-31083 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-45934 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2020-26144 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1652 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-3212 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-3997 | Anchore CVE | Medium | systemd-rpm-macros-252-14.el9_2.1 |
CVE-2020-35501 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-35825 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1513 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-3997 | Anchore CVE | Medium | systemd-252-14.el9_2.1 |
CVE-2021-3997 | Anchore CVE | Medium | systemd-pam-252-14.el9_2.1 |
CVE-2023-28327 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-3523 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-38096 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-33203 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-0458 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1838 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1079 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-23824 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-30456 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-33656 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1076 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1855 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-2162 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-2785 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2020-36386 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-3141 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1989 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-26878 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-3268 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-31084 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1075 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1998 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-23960 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2021-4135 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-26545 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-45869 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-3357 | Anchore CVE | Low | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-1074 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-20154 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-20153 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-35788 | Anchore CVE | High | kernel-headers-5.14.0-284.18.1.el9_2 |
GHSA-jhpr-j7cq-3jp3 | Anchore CVE | Low | Flask-AppBuilder-4.1.4 |
CVE-2023-1206 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-33952 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-33951 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-36191 | Anchore CVE | Low | sqlite-libs-3.34.1-6.el9_1 |
CVE-2023-3117 | Anchore CVE | High | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-36191 | Anchore CVE | Low | sqlite-3.34.1-6.el9_1 |
CVE-2023-31484 | Anchore CVE | Medium | perl-IPC-Open3-0:1.21-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-if-0:0.60.800-480.el9 |
CVE-2023-36632 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.1 |
CVE-2023-31484 | Anchore CVE | Medium | perl-interpreter-4:5.32.1-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-overload-0:1.31-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-NDBM_File-0:1.15-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-DynaLoader-0:1.47-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-File-Find-0:1.37-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-Errno-0:1.30-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-Getopt-Std-0:1.12-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-AutoLoader-0:5.74-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-Class-Struct-0:0.66-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-mro-0:1.23-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-lib-0:0.65-480.el9 |
CVE-2023-36632 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.1 |
CVE-2023-3390 | Anchore CVE | Medium | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2023-31484 | Anchore CVE | Medium | perl-vars-0:1.05-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-IO-0:1.43-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-FileHandle-0:2.03-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-overloading-0:0.02-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-POSIX-0:1.94-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-subs-0:1.03-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-B-0:1.80-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-File-stat-0:1.09-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-base-0:2.27-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-Fcntl-0:1.13-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-Symbol-0:1.08-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-libs-4:5.32.1-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-File-Basename-0:2.85-480.el9 |
CVE-2023-31484 | Anchore CVE | Medium | perl-SelectSaver-0:1.02-480.el9 |
CVE-2023-3090 | Anchore CVE | High | kernel-headers-5.14.0-284.18.1.el9_2 |
CVE-2022-30580 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-41715 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-32190 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-32189 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-30635 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-30633 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-30632 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-30631 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-30630 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-2880 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-2879 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-28131 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-27664 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-32148 | Twistlock CVE | Medium | go-1.18.2 |
CVE-2022-1705 | Twistlock CVE | Medium | go-1.18.2 |
CVE-2022-1962 | Twistlock CVE | Medium | go-1.18.2 |
CVE-2022-41716 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-41717 | Twistlock CVE | Medium | go-1.18.2 |
GHSA-qrmm-w75w-3wpx | Twistlock CVE | Medium | swagger-ui-dist-3.52.0 |
CVE-2021-46708 | Twistlock CVE | Medium | swagger-ui-dist-3.52.0 |
CVE-2022-30629 | Twistlock CVE | Low | go-1.18.2 |
CVE-2022-41725 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-41724 | Twistlock CVE | High | go-1.18.2 |
CVE-2022-41723 | Twistlock CVE | High | go-1.18.2 |
CVE-2023-24532 | Twistlock CVE | Medium | go-1.18.2 |
CVE-2023-24532 | Twistlock CVE | Medium | go-1.19.6 |
CVE-2023-24532 | Twistlock CVE | Medium | go-1.19.6 |
CVE-2023-25696 | Twistlock CVE | Critical | apache-airflow-providers-apache-hive-5.1.1 |
CVE-2023-25691 | Twistlock CVE | Critical | apache-airflow-providers-google-8.8.0 |
PRISMA-2023-0024 | Twistlock CVE | High | aiohttp-3.8.3 |
CVE-2023-25577 | Twistlock CVE | High | werkzeug-2.2.2 |
CVE-2022-42969 | Twistlock CVE | High | py-1.11.0 |
CVE-2023-29005 | Twistlock CVE | High | flask-appbuilder-4.1.4 |
CVE-2023-28706 | Twistlock CVE | Critical | apache-airflow-providers-apache-hive-5.1.1 |
CVE-2023-25956 | Twistlock CVE | High | apache-airflow-providers-amazon-7.1.0 |
CVE-2023-25692 | Twistlock CVE | High | apache-airflow-providers-google-8.8.0 |
CVE-2023-24816 | Twistlock CVE | High | ipython-8.8.0 |
CVE-2023-0286 | Twistlock CVE | High | cryptography-36.0.2 |
CVE-2022-1941 | Twistlock CVE | High | protobuf-3.20.0 |
CVE-2023-23931 | Twistlock CVE | Medium | cryptography-36.0.2 |
CVE-2023-25695 | Twistlock CVE | Medium | apache-airflow-2.5.1 |
CVE-2023-28707 | Twistlock CVE | High | apache-airflow-providers-apache-drill-2.3.1 |
CVE-2023-26303 | Twistlock CVE | Medium | markdown-it-py-2.1.0 |
CVE-2023-26302 | Twistlock CVE | Medium | markdown-it-py-2.1.0 |
CVE-2023-23934 | Twistlock CVE | Low | werkzeug-2.2.2 |
CVE-2023-24537 | Twistlock CVE | High | go-1.18.2 |
CVE-2023-24537 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24537 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24538 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-24538 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-24538 | Twistlock CVE | Critical | go-1.18.2 |
CVE-2023-24536 | Twistlock CVE | High | go-1.18.2 |
CVE-2023-24536 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24536 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24534 | Twistlock CVE | High | go-1.18.2 |
CVE-2023-24534 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24534 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-21971 | Twistlock CVE | Medium | mysql-connector-python-8.0.32 |
CVE-2023-30608 | Twistlock CVE | High | sqlparse-0.4.3 |
PRISMA-2022-0168 | Twistlock CVE | High | pip-23.1.2 |
CVE-2023-30861 | Twistlock CVE | High | flask-2.2.2 |
CVE-2023-27561 | Twistlock CVE | High | github.com/opencontainers/runc-v1.1.0 |
CVE-2023-29247 | Twistlock CVE | Medium | apache-airflow-2.5.1 |
CVE-2023-28642 | Twistlock CVE | Medium | github.com/opencontainers/runc-v1.1.0 |
CVE-2022-29162 | Twistlock CVE | Medium | github.com/opencontainers/runc-v1.1.0 |
CVE-2023-25809 | Twistlock CVE | Low | github.com/opencontainers/runc-v1.1.0 |
CVE-2023-24329 | Twistlock CVE | High | python-3.9.16 |
CVE-2023-24329 | Twistlock CVE | High | python-3.9.16 |
CVE-2023-27043 | Twistlock CVE | Medium | python-3.9.16 |
CVE-2023-25754 | Twistlock CVE | Critical | apache-airflow-2.5.1 |
CVE-2023-24540 | Twistlock CVE | Critical | go-1.18.2 |
CVE-2023-24540 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-24540 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-29400 | Twistlock CVE | High | go-1.18.2 |
CVE-2023-29400 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-29400 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24539 | Twistlock CVE | High | go-1.18.2 |
CVE-2023-24539 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24539 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-32681 | Twistlock CVE | Medium | requests-2.28.1 |
CVE-2023-28370 | Twistlock CVE | Medium | tornado-6.1 |
GHSA-5cpq-8wj7-hf2v | Twistlock CVE | Low | cryptography-36.0.2 |
CVE-2022-23491 | Twistlock CVE | Medium | certifi-2022.9.24 |
CVE-2023-29405 | Twistlock CVE | Critical | go-1.18.2 |
CVE-2023-29405 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-29405 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-29404 | Twistlock CVE | Critical | go-1.18.2 |
CVE-2023-29404 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-29404 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-29402 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-29402 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-29402 | Twistlock CVE | Critical | go-1.18.2 |
CVE-2023-29403 | Twistlock CVE | High | go-1.18.2 |
CVE-2023-29403 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-29403 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-35005 | Twistlock CVE | Medium | apache-airflow-2.5.1 |
CVE-2023-34110 | Twistlock CVE | Low | flask-appbuilder-4.1.4 |
CVE-2023-35798 | Twistlock CVE | Medium | apache-airflow-providers-microsoft-mssql-3.3.2 |
CVE-2023-32731 | Twistlock CVE | High | grpcio-1.51.1 |
CVE-2023-35797 | Twistlock CVE | Medium | apache-airflow-providers-apache-hive-5.1.1 |
VAT: https://vat.dso.mil/vat/image?imageName=bitnami/airflow-scheduler&tag=2.5.1&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/bitnami/airflow-scheduler/-/jobs/14927449
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.