UNCLASSIFIED - NO CUI

chore(findings): canonical.azurecr.io/ubuntu-pro/ubuntu-stig

Summary

canonical.azurecr.io/ubuntu-pro/ubuntu-stig has 78 new findings discovered during continuous monitoring.

Layer: canonical.azurecr.io/ubuntu-pro/ubuntu-stig:22.04_stable is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=canonical.azurecr.io/ubuntu-pro/ubuntu-stig&tag=22.04_stable&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-56433 Anchore CVE Low login-1:4.8.1-2ubuntu2.2 0.02872 false
CVE-2024-56433 Anchore CVE Low passwd-1:4.8.1-2ubuntu2.2 0.02872 false
CVE-2022-1271 Anchore CVE High gzip-1.10 0.00672 N/A
CVE-2017-11164 Twistlock CVE Low pcre3-2:8.39-13ubuntu0.22.04.1 0.00476 false
CVE-2017-11164 Anchore CVE Low libpcre3-2:8.39-13ubuntu0.22.04.1 0.00476 false
CVE-2023-7008 Twistlock CVE Low systemd-249.11-0ubuntu3.15 0.00304 false
CVE-2023-7008 Anchore CVE Low libudev1-249.11-0ubuntu3.15 0.00304 false
CVE-2023-7008 Anchore CVE Low libsystemd0-249.11-0ubuntu3.15 0.00304 false
CVE-2021-46848 Anchore CVE Low libtasn1-6-4.18.0-4ubuntu0.1 0.00277 N/A
CVE-2022-3219 Twistlock CVE Low gnupg2-2.2.27-3ubuntu2.3 0.00256 N/A
CVE-2022-3219 Anchore CVE Low gpgv-2.2.27-3ubuntu2.3 0.00256 N/A
CVE-2022-4899 Twistlock CVE Low libzstd-1.4.8+dfsg-3build1 0.00211 false
CVE-2022-4899 Anchore CVE Low libzstd1-1.4.8+dfsg-3build1 0.00211 false
CVE-2016-20013 Twistlock CVE Low glibc-2.35-0ubuntu3.9 0.00201 N/A
CVE-2016-20013 Anchore CVE Low libc-bin-2.35-0ubuntu3.9 0.00201 N/A
CVE-2016-20013 Anchore CVE Low libc6-2.35-0ubuntu3.9 0.00201 N/A
CVE-2024-41996 Twistlock CVE Low openssl-3.0.2-0ubuntu1.19 0.00157 false
CVE-2024-41996 Anchore CVE Low openssl-3.0.2-0ubuntu1.19 0.00157 false
CVE-2024-41996 Anchore CVE Low libssl3-3.0.2-0ubuntu1.19 0.00157 false
CVE-2023-4039 Anchore CVE Low gcc-12-base-12.3.0-1ubuntu1~22.04 0.00070 false
CVE-2023-4039 Anchore CVE Low libstdc++6-12.3.0-1ubuntu1~22.04 0.00070 false
CVE-2023-4039 Anchore CVE Low libgcc-s1-12.3.0-1ubuntu1~22.04 0.00070 false
CVE-2016-2781 Twistlock CVE Low coreutils-8.32-4.1ubuntu1.2 0.00065 N/A
CVE-2016-2781 Anchore CVE Low coreutils-8.32-4.1ubuntu1.2 0.00065 N/A
CVE-2023-50495 Twistlock CVE Low ncurses-6.3-2ubuntu0.1 0.00050 false
CVE-2023-50495 Anchore CVE Low libncurses6-6.3-2ubuntu0.1 0.00050 false
CVE-2023-50495 Anchore CVE Low libtinfo6-6.3-2ubuntu0.1 0.00050 false
CVE-2023-50495 Anchore CVE Low ncurses-bin-6.3-2ubuntu0.1 0.00050 false
CVE-2023-50495 Anchore CVE Low libncursesw6-6.3-2ubuntu0.1 0.00050 false
CVE-2023-50495 Anchore CVE Low ncurses-base-6.3-2ubuntu0.1 0.00050 false
CVE-2022-41409 Twistlock CVE Low pcre2-10.39-3ubuntu0.1 0.00046 false
CVE-2022-41409 Anchore CVE Low libpcre2-8-0-10.39-3ubuntu0.1 0.00046 false
CVE-2022-27943 Twistlock CVE Low gcc-12-12.3.0-1ubuntu1~22.04 0.00044 N/A
CVE-2022-27943 Anchore CVE Low gcc-12-base-12.3.0-1ubuntu1~22.04 0.00044 N/A
CVE-2022-27943 Anchore CVE Low libgcc-s1-12.3.0-1ubuntu1~22.04 0.00044 N/A
CVE-2022-27943 Anchore CVE Low libstdc++6-12.3.0-1ubuntu1~22.04 0.00044 N/A
CVE-2023-45918 Anchore CVE Low ncurses-base-6.3-2ubuntu0.1 0.00043 false
CVE-2023-45918 Anchore CVE Low ncurses-bin-6.3-2ubuntu0.1 0.00043 false
CVE-2023-45918 Anchore CVE Low libncursesw6-6.3-2ubuntu0.1 0.00043 false
CVE-2023-45918 Anchore CVE Low libtinfo6-6.3-2ubuntu0.1 0.00043 false
CVE-2023-45918 Anchore CVE Low libncurses6-6.3-2ubuntu0.1 0.00043 false
CVE-2025-4802 Anchore CVE Medium libc6-2.35-0ubuntu3.9 0.00034 false
CVE-2025-4802 Anchore CVE Medium libc-bin-2.35-0ubuntu3.9 0.00034 false
CVE-2024-2236 Twistlock CVE Low libgcrypt20-1.9.4-3ubuntu3 0.00032 false
CVE-2024-2236 Anchore CVE Low libgcrypt20-1.9.4-3ubuntu3 0.00032 false
CVE-2024-10041 Twistlock CVE Medium pam-1.4.0-11ubuntu2.5 0.00026 false
CVE-2024-10041 Anchore CVE Medium libpam-runtime-1.4.0-11ubuntu2.5 0.00026 false
CVE-2024-10041 Anchore CVE Medium libpam0g-1.4.0-11ubuntu2.5 0.00026 false
CVE-2024-10041 Anchore CVE Medium libpam-modules-bin-1.4.0-11ubuntu2.5 0.00026 false
CVE-2024-10041 Anchore CVE Medium libpam-modules-1.4.0-11ubuntu2.5 0.00026 false
CVE-2023-29383 Twistlock CVE Low shadow-1:4.8.1-2ubuntu2.2 0.00026 false
CVE-2023-29383 Anchore CVE Low login-1:4.8.1-2ubuntu2.2 0.00026 false
CVE-2023-29383 Anchore CVE Low passwd-1:4.8.1-2ubuntu2.2 0.00026 false
CVE-2025-3576 Twistlock CVE Medium krb5-1.19.2-2ubuntu0.6 0.00010 false
CVE-2025-3576 Anchore CVE Medium libk5crypto3-1.19.2-2ubuntu0.6 0.00010 false
CVE-2025-3576 Anchore CVE Medium libgssapi-krb5-2-1.19.2-2ubuntu0.6 0.00010 false
CVE-2025-3576 Anchore CVE Medium libkrb5support0-1.19.2-2ubuntu0.6 0.00010 false
CVE-2025-3576 Anchore CVE Medium libkrb5-3-1.19.2-2ubuntu0.6 0.00010 false
xccdf_org.ssgproject.content_rule_set_password_hashing_algorithm_systemauth OSCAP Compliance Medium N/A N/A
xccdf_org.ssgproject.content_rule_package_apparmor_installed OSCAP Compliance Medium N/A N/A
xccdf_org.ssgproject.content_rule_file_permissions_var_log OSCAP Compliance Medium N/A N/A
xccdf_org.ssgproject.content_rule_apparmor_configured OSCAP Compliance Medium N/A N/A
eec438eed6560f1ea7792b726009538e Anchore Compliance Low N/A N/A
e7573262736ef52353cde3bae2617782 Anchore Compliance Low N/A N/A
e56b64c2a7d254d4174ecaed69899327 Anchore Compliance Critical N/A N/A
da870e801836e419385f2f300713cf7f Anchore Compliance Low N/A N/A
cbff271f45d32e78dcc1979dbca9c14d Anchore Compliance Critical N/A N/A
c2e44319ae5b3b040044d8ae116d1c2f Anchore Compliance Low N/A N/A
bcd159901fe47efddae5c095b4b0d7fd Anchore Compliance Low N/A N/A
b499a7c53e6a0110b1f81fea37c2d0b5 Anchore Compliance Critical N/A N/A
80f3e4d91c9ce25fdb77bba6e44ee0dd Anchore Compliance Critical N/A N/A
8030074f2c8ebd727f6071fea96456d1 Anchore Compliance Critical N/A N/A
75d08d8c7b064bbd44f2f524c924d17b Anchore Compliance Critical N/A N/A
698044205a9c4a6d48b7937e66a6bf4f Anchore Compliance Low N/A N/A
6329fe232b699ab5b4c9002b9f1b1f9e Anchore Compliance Critical N/A N/A
4f9abc83a7a1c95e222b659e0fab27fa Anchore Compliance Low N/A N/A
463a9a24225c26f7a5bf3f38908e5cb3 Anchore Compliance Low N/A N/A
320a97c6816565eedf3545833df99dd0 Anchore Compliance Low N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=canonical.azurecr.io/ubuntu-pro/ubuntu-stig&tag=22.04_stable&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by James Casteel
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI