UNCLASSIFIED - NO CUI

chore(findings): cloudbees/core/core-mm

Summary

cloudbees/core/core-mm has 28 new findings discovered during continuous monitoring.

id	source	package
CVE-2020-35492	anchore_cve	cairo-1.15.12-3.el8
CVE-2021-35515	anchore_cve	commons_compress-1.20
CVE-2021-35516	anchore_cve	commons_compress-1.20
CVE-2021-35517	anchore_cve	commons_compress-1.20
CVE-2021-36090	anchore_cve	commons_compress-1.20
GHSA-m72m-mhq2-9p6c	anchore_cve	jsoup-1.13.1
GHSA-m72m-mhq2-9p6c	anchore_cve	jsoup-1.13.1
VULNDB-266029	anchore_cve	jsoup-1.13.1
VULNDB-266029	anchore_cve	jsoup-1.13.1
VULNDB-266030	anchore_cve	jsoup-1.13.1
VULNDB-266030	anchore_cve	jsoup-1.13.1
CVE-2021-3712	anchore_cve	openssl-1.1.1g-15.el8_3
CVE-2021-30129	anchore_cve	sshd-2.5.1
CVE-2021-39139	anchore_cve	xstream-1.4.17
CVE-2021-39140	anchore_cve	xstream-1.4.17
CVE-2021-39141	anchore_cve	xstream-1.4.17
CVE-2021-39144	anchore_cve	xstream-1.4.17
CVE-2021-39145	anchore_cve	xstream-1.4.17
CVE-2021-39146	anchore_cve	xstream-1.4.17
CVE-2021-39147	anchore_cve	xstream-1.4.17
CVE-2021-39148	anchore_cve	xstream-1.4.17
CVE-2021-39149	anchore_cve	xstream-1.4.17
CVE-2021-39150	anchore_cve	xstream-1.4.17
CVE-2021-39151	anchore_cve	xstream-1.4.17
CVE-2021-39152	anchore_cve	xstream-1.4.17
CVE-2021-39153	anchore_cve	xstream-1.4.17
CVE-2021-39154	anchore_cve	xstream-1.4.17
CVE-2021-3712	twistlock_cve	openssl-1.1.1g-15.el8_3

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/cloudbees/core/core-mm/-/jobs/6064312

Definition of Done

Justifications:

All findings have been justified
Justifications have been provided to the container hardening team

Approval Process:

Findings Approver has reviewed and approved all justifications
Approval request has been sent to Authorizing Official
Approval request has been processed by Authorizing Official

UNCLASSIFIED - NO CUI