UNCLASSIFIED - NO CUI

Skip to content

chore(findings): cloudfit/cfs/cfs-database

Summary

cloudfit/cfs/cfs-database has 107 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=cloudfit/cfs/cfs-database&tag=2025.09.25.1&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-3094 Twistlock CVE Critical xz-5.4.5-r1 0.86006 false
CVE-2024-3094 Anchore CVE Critical xz-libs-5.4.5-r1 0.86006 false
CVE-2024-6119 Twistlock CVE High openssl-3.1.8-r0 0.15242 false
CVE-2024-6119 Anchore CVE High libcrypto3-3.1.8-r0 0.15242 false
CVE-2024-6119 Anchore CVE High libssl3-3.1.8-r0 0.15242 false
CVE-2024-6119 Anchore CVE High openssl-3.1.8-r0 0.15242 false
CVE-2024-5535 Twistlock CVE Low openssl-3.1.8-r0 0.08034 false
CVE-2024-5535 Anchore CVE Critical libcrypto3-3.1.8-r0 0.08034 false
CVE-2024-5535 Anchore CVE Critical openssl-3.1.8-r0 0.08034 false
CVE-2024-5535 Anchore CVE Critical libssl3-3.1.8-r0 0.08034 false
CVE-2024-2511 Twistlock CVE Low openssl-3.1.8-r0 0.02723 false
CVE-2024-2511 Anchore CVE Medium libcrypto3-3.1.8-r0 0.02723 false
CVE-2024-2511 Anchore CVE Medium openssl-3.1.8-r0 0.02723 false
CVE-2024-2511 Anchore CVE Medium libssl3-3.1.8-r0 0.02723 false
CVE-2024-9143 Twistlock CVE Low openssl-3.1.8-r0 0.00652 false
CVE-2024-9143 Anchore CVE Medium libcrypto3-3.1.8-r0 0.00652 false
CVE-2024-9143 Anchore CVE Medium libssl3-3.1.8-r0 0.00652 false
CVE-2024-9143 Anchore CVE Medium openssl-3.1.8-r0 0.00652 false
CVE-2025-49796 Anchore CVE Critical libxml2-2.11.8-r3 0.00438 false
CVE-2025-49796 Twistlock CVE Low libxml2-2.11.8-r3 0.00438 false
CVE-2024-34459 Twistlock CVE Low libxml2-2.11.8-r3 0.00390 false
CVE-2024-34459 Anchore CVE High libxml2-2.11.8-r3 0.00390 false
CVE-2024-12797 Twistlock CVE Low openssl-3.1.8-r0 0.00338 false
CVE-2024-12797 Anchore CVE Medium libssl3-3.1.8-r0 0.00338 false
CVE-2024-12797 Anchore CVE Medium libcrypto3-3.1.8-r0 0.00338 false
CVE-2024-12797 Anchore CVE Medium openssl-3.1.8-r0 0.00338 false
CVE-2025-49794 Anchore CVE Critical libxml2-2.11.8-r3 0.00251 false
CVE-2025-49794 Twistlock CVE Low libxml2-2.11.8-r3 0.00251 false
CVE-2025-21490 Twistlock CVE Low mariadb-10.11.14-r0 0.00228 false
CVE-2025-21490 Anchore CVE Medium mariadb-10.11.14-r0 0.00228 false
CVE-2025-21490 Anchore CVE Medium mariadb-backup-10.11.14-r0 0.00228 false
CVE-2025-21490 Anchore CVE Medium mariadb-common-10.11.14-r0 0.00228 false
CVE-2025-21490 Anchore CVE Medium mariadb-client-10.11.14-r0 0.00228 false
CVE-2025-31115 Twistlock CVE Low xz-5.4.5-r1 0.00180 false
CVE-2025-31115 Anchore CVE High xz-libs-5.4.5-r1 0.00180 false
CVE-2024-4741 Twistlock CVE Low openssl-3.1.8-r0 0.00154 false
CVE-2024-4741 Anchore CVE High libcrypto3-3.1.8-r0 0.00154 false
CVE-2024-4741 Anchore CVE High libssl3-3.1.8-r0 0.00154 false
CVE-2024-4741 Anchore CVE High openssl-3.1.8-r0 0.00154 false
CVE-2025-6021 Anchore CVE High libxml2-2.11.8-r3 0.00152 false
CVE-2025-6021 Twistlock CVE Low libxml2-2.11.8-r3 0.00152 false
CVE-2025-49795 Anchore CVE High libxml2-2.11.8-r3 0.00128 false
CVE-2025-49795 Twistlock CVE Low libxml2-2.11.8-r3 0.00128 false
CVE-2025-31498 Twistlock CVE Low c-ares-1.27.0-r0 0.00123 false
CVE-2025-31498 Anchore CVE High c-ares-1.27.0-r0 0.00123 false
CVE-2024-13176 Twistlock CVE Low openssl-3.1.8-r0 0.00118 false
CVE-2024-13176 Anchore CVE Medium libssl3-3.1.8-r0 0.00118 false
CVE-2024-13176 Anchore CVE Medium openssl-3.1.8-r0 0.00118 false
CVE-2024-13176 Anchore CVE Medium libcrypto3-3.1.8-r0 0.00118 false
CVE-2024-25062 Twistlock CVE High libxml2-2.11.8-r3 0.00111 false
CVE-2024-25062 Anchore CVE High libxml2-2.11.8-r3 0.00111 false
CVE-2024-4603 Twistlock CVE Low openssl-3.1.8-r0 0.00092 false
CVE-2024-4603 Anchore CVE Medium libssl3-3.1.8-r0 0.00092 false
CVE-2024-4603 Anchore CVE Medium openssl-3.1.8-r0 0.00092 false
CVE-2024-4603 Anchore CVE Medium libcrypto3-3.1.8-r0 0.00092 false
CVE-2025-9086 Twistlock CVE Low curl-8.12.1-r0 0.00077 false
CVE-2025-9086 Anchore CVE High libcurl-8.12.1-r0 0.00077 false
CVE-2025-5399 Twistlock CVE Low curl-8.12.1-r0 0.00065 false
CVE-2025-5399 Anchore CVE High libcurl-8.12.1-r0 0.00065 false
CVE-2025-27113 Twistlock CVE High libxml2-2.11.8-r3 0.00059 false
CVE-2025-27113 Anchore CVE High libxml2-2.11.8-r3 0.00059 false
CVE-2025-32414 Twistlock CVE High libxml2-2.11.8-r3 0.00037 false
CVE-2025-32414 Anchore CVE High libxml2-2.11.8-r3 0.00037 false
CVE-2025-10148 Twistlock CVE Low curl-8.12.1-r0 0.00036 false
CVE-2025-10148 Anchore CVE Medium libcurl-8.12.1-r0 0.00036 false
CVE-2023-42365 Twistlock CVE Medium busybox-1.36.1-r20 0.00032 false
CVE-2023-42365 Anchore CVE Medium ssl_client-1.36.1-r20 0.00032 false
CVE-2023-42365 Anchore CVE Medium busybox-binsh-1.36.1-r20 0.00032 false
CVE-2023-42365 Anchore CVE Medium busybox-1.36.1-r20 0.00032 false
CVE-2025-58050 Twistlock CVE Critical pcre2-10.42-r2 0.00030 false
CVE-2025-58050 Anchore CVE Critical pcre2-10.42-r2 0.00030 false
CVE-2023-42364 Twistlock CVE Medium busybox-1.36.1-r20 0.00030 false
CVE-2023-42364 Anchore CVE Medium busybox-binsh-1.36.1-r20 0.00030 false
CVE-2023-42364 Anchore CVE Medium busybox-1.36.1-r20 0.00030 false
CVE-2023-42364 Anchore CVE Medium ssl_client-1.36.1-r20 0.00030 false
CVE-2025-6170 Anchore CVE Low libxml2-2.11.8-r3 0.00029 false
CVE-2025-6170 Twistlock CVE Low libxml2-2.11.8-r3 0.00029 false
CVE-2023-42363 Twistlock CVE Medium busybox-1.36.1-r20 0.00026 false
CVE-2023-42363 Anchore CVE Medium busybox-1.36.1-r20 0.00026 false
CVE-2023-42363 Anchore CVE Medium busybox-binsh-1.36.1-r20 0.00026 false
CVE-2023-42363 Anchore CVE Medium ssl_client-1.36.1-r20 0.00026 false
CVE-2025-5025 Anchore CVE Medium libcurl-8.12.1-r0 0.00024 false
CVE-2023-42366 Twistlock CVE Medium busybox-1.36.1-r20 0.00024 false
CVE-2023-42366 Anchore CVE Medium busybox-1.36.1-r20 0.00024 false
CVE-2023-42366 Anchore CVE Medium ssl_client-1.36.1-r20 0.00024 false
CVE-2023-42366 Anchore CVE Medium busybox-binsh-1.36.1-r20 0.00024 false
CVE-2025-4947 Twistlock CVE Low curl-8.12.1-r0 0.00022 false
CVE-2025-4947 Anchore CVE Medium libcurl-8.12.1-r0 0.00022 false
CVE-2025-32415 Twistlock CVE High libxml2-2.11.8-r3 0.00022 false
CVE-2025-32415 Anchore CVE High libxml2-2.11.8-r3 0.00022 false
CVE-2024-56171 Twistlock CVE Critical libxml2-2.11.8-r3 0.00020 false
CVE-2024-56171 Anchore CVE Critical libxml2-2.11.8-r3 0.00020 false
CVE-2025-26519 Twistlock CVE Low musl-1.2.4_git20230717-r5 0.00014 false
CVE-2025-26519 Anchore CVE High musl-1.2.4_git20230717-r5 0.00014 false
CVE-2025-26519 Anchore CVE High musl-utils-1.2.4_git20230717-r5 0.00014 false
CVE-2025-24928 Twistlock CVE High libxml2-2.11.8-r3 0.00014 false
CVE-2025-24928 Anchore CVE High libxml2-2.11.8-r3 0.00014 false
CVE-2025-9231 Twistlock CVE Low openssl-3.1.8-r0 0.00013 false
CVE-2025-9231 Anchore CVE Medium libssl3-3.1.8-r0 0.00013 false
CVE-2025-9231 Anchore CVE Medium openssl-3.1.8-r0 0.00013 false
CVE-2025-9231 Anchore CVE Medium libcrypto3-3.1.8-r0 0.00013 false
CVE-2024-56406 Twistlock CVE Low perl-5.38.5-r0 0.00013 false
CVE-2024-56406 Anchore CVE High perl-5.38.5-r0 0.00013 false
CVE-2025-4575 Twistlock CVE Low openssl-3.1.8-r0 0.00011 false
CVE-2025-4575 Anchore CVE Medium openssl-3.1.8-r0 0.00011 false
CVE-2025-4575 Anchore CVE Medium libssl3-3.1.8-r0 0.00011 false
CVE-2025-4575 Anchore CVE Medium libcrypto3-3.1.8-r0 0.00011 false

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=cloudfit/cfs/cfs-database&tag=2025.09.25.1&branch=master

Tasks

Contributor:

  • Apply the StatusReview label to this issue for a merge request review and wait for feedback

OR

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI