UNCLASSIFIED - NO CUI

chore(findings): collaborationai/crowd-vector/ingress

Summary

collaborationai/crowd-vector/ingress has 105 new findings discovered during continuous monitoring.

id source package
CVE-2019-18276 anchore_cve bash-4.4.19-12.el8
CVE-2021-22898 anchore_cve curl-7.61.1-14.el8_3.1
CVE-2019-13012 anchore_cve glib2-2.56.4-8.el8
CVE-2016-10228 anchore_cve glibc-2.28-127.el8_3.2
CVE-2019-9169 anchore_cve glibc-2.28-127.el8_3.2
CVE-2021-33574 anchore_cve glibc-2.28-127.el8_3.2
CVE-2016-10228 anchore_cve glibc-common-2.28-127.el8_3.2
CVE-2019-9169 anchore_cve glibc-common-2.28-127.el8_3.2
CVE-2021-33574 anchore_cve glibc-common-2.28-127.el8_3.2
CVE-2016-10228 anchore_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2019-9169 anchore_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2021-33574 anchore_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2017-14502 anchore_cve libarchive-3.3.2-9.el8
CVE-2021-22898 anchore_cve libcurl-7.61.1-14.el8_3.1
CVE-2019-2708 anchore_cve libdb-5.3.28-39.el8
CVE-2019-2708 anchore_cve libdb-utils-5.3.28-39.el8
CVE-2021-33560 anchore_cve libgcrypt-1.8.5-4.el8
CVE-2021-3200 anchore_cve libsolv-0.7.11-1.el8
CVE-2021-3541 anchore_cve libxml2-2.9.7-8.el8
CVE-2021-3580 anchore_cve nettle-3.4.1-4.el8_3
CVE-2020-26116 anchore_cve platform-python-3.6.8-31.el8
CVE-2020-26116 anchore_cve python3-libs-3.6.8-31.el8
CVE-2021-3541 anchore_cve python3-libxml2-2.9.7-8.el8
CVE-2021-3572 anchore_cve python3-pip-wheel-9.0.3-18.el8
CVE-2021-35937 anchore_cve python3-rpm-4.14.3-4.el8
CVE-2021-35938 anchore_cve python3-rpm-4.14.3-4.el8
CVE-2021-35939 anchore_cve python3-rpm-4.14.3-4.el8
CVE-2020-26137 anchore_cve python3-urllib3-1.24.2-4.el8
CVE-2021-35937 anchore_cve rpm-4.14.3-4.el8
CVE-2021-35938 anchore_cve rpm-4.14.3-4.el8
CVE-2021-35939 anchore_cve rpm-4.14.3-4.el8
CVE-2021-35937 anchore_cve rpm-build-libs-4.14.3-4.el8
CVE-2021-35938 anchore_cve rpm-build-libs-4.14.3-4.el8
CVE-2021-35939 anchore_cve rpm-build-libs-4.14.3-4.el8
CVE-2021-35937 anchore_cve rpm-libs-4.14.3-4.el8
CVE-2021-35938 anchore_cve rpm-libs-4.14.3-4.el8
CVE-2021-35939 anchore_cve rpm-libs-4.14.3-4.el8
CVE-2019-3842 anchore_cve systemd-239-41.el8_3.2
CVE-2019-3842 anchore_cve systemd-libs-239-41.el8_3.2
CVE-2019-3842 anchore_cve systemd-pam-239-41.el8_3.2
CVE-2021-22898 twistlock_cve curl-7.61.1-14.el8_3.1
CVE-2020-13543 twistlock_cve glib2-2.56.4-8.el8
CVE-2020-13584 twistlock_cve glib2-2.56.4-8.el8
CVE-2020-9948 twistlock_cve glib2-2.56.4-8.el8
CVE-2020-9951 twistlock_cve glib2-2.56.4-8.el8
CVE-2020-9983 twistlock_cve glib2-2.56.4-8.el8
CVE-2019-9169 twistlock_cve glibc-2.28-127.el8_3.2
CVE-2021-33574 twistlock_cve glibc-2.28-127.el8_3.2
CVE-2016-10228 twistlock_cve glibc-common-2.28-127.el8_3.2
CVE-2019-25013 twistlock_cve glibc-common-2.28-127.el8_3.2
CVE-2019-9169 twistlock_cve glibc-common-2.28-127.el8_3.2
CVE-2020-27618 twistlock_cve glibc-common-2.28-127.el8_3.2
CVE-2021-3326 twistlock_cve glibc-common-2.28-127.el8_3.2
CVE-2016-10228 twistlock_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2019-25013 twistlock_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2019-9169 twistlock_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2020-27618 twistlock_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2021-3326 twistlock_cve glibc-minimal-langpack-2.28-127.el8_3.2
CVE-2020-28196 twistlock_cve krb5-libs-1.18.2-5.el8
CVE-2017-14502 twistlock_cve libarchive-3.3.2-9.el8
CVE-2020-8231 twistlock_cve libcurl-7.61.1-14.el8_3.1
CVE-2020-8284 twistlock_cve libcurl-7.61.1-14.el8_3.1
CVE-2020-8285 twistlock_cve libcurl-7.61.1-14.el8_3.1
CVE-2020-8286 twistlock_cve libcurl-7.61.1-14.el8_3.1
CVE-2019-2708 twistlock_cve libdb-5.3.28-39.el8
CVE-2019-2708 twistlock_cve libdb-utils-5.3.28-39.el8
CVE-2021-3445 twistlock_cve libdnf-0.48.0-5.el8
CVE-2021-33560 twistlock_cve libgcrypt-1.8.5-4.el8
CVE-2021-3200 twistlock_cve libsolv-0.7.11-1.el8
CVE-2020-16135 twistlock_cve libssh-0.9.4-2.el8
CVE-2020-24977 twistlock_cve libxml2-2.9.7-8.el8
CVE-2021-3516 twistlock_cve libxml2-2.9.7-8.el8
CVE-2021-3517 twistlock_cve libxml2-2.9.7-8.el8
CVE-2021-3541 twistlock_cve libxml2-2.9.7-8.el8
CVE-2021-3520 twistlock_cve lz4-libs-1.8.3-2.el8
CVE-2020-29361 twistlock_cve p11-kit-trust-0.23.14-5.el8_0
CVE-2020-29362 twistlock_cve p11-kit-trust-0.23.14-5.el8_0
CVE-2020-29363 twistlock_cve p11-kit-trust-0.23.14-5.el8_0
CVE-2020-26116 twistlock_cve platform-python-3.6.8-31.el8
CVE-2020-27619 twistlock_cve platform-python-3.6.8-31.el8
CVE-2021-23336 twistlock_cve platform-python-3.6.8-31.el8
CVE-2021-3177 twistlock_cve platform-python-3.6.8-31.el8
CVE-2020-26116 twistlock_cve python3-libs-3.6.8-31.el8
CVE-2020-27619 twistlock_cve python3-libs-3.6.8-31.el8
CVE-2021-23336 twistlock_cve python3-libs-3.6.8-31.el8
CVE-2021-3177 twistlock_cve python3-libs-3.6.8-31.el8
CVE-2020-24977 twistlock_cve python3-libxml2-2.9.7-8.el8
CVE-2021-3516 twistlock_cve python3-libxml2-2.9.7-8.el8
CVE-2021-3517 twistlock_cve python3-libxml2-2.9.7-8.el8
CVE-2021-3518 twistlock_cve python3-libxml2-2.9.7-8.el8
CVE-2021-3537 twistlock_cve python3-libxml2-2.9.7-8.el8
CVE-2021-3541 twistlock_cve python3-libxml2-2.9.7-8.el8
CVE-2021-20271 twistlock_cve python3-rpm-4.14.3-4.el8
CVE-2020-26137 twistlock_cve python3-urllib3-1.24.2-4.el8
CVE-2021-20271 twistlock_cve rpm-4.14.3-4.el8
CVE-2021-3421 twistlock_cve rpm-4.14.3-4.el8
CVE-2021-20271 twistlock_cve rpm-build-libs-4.14.3-4.el8
CVE-2021-20271 twistlock_cve rpm-libs-4.14.3-4.el8
CVE-2020-13434 twistlock_cve sqlite-libs-3.26.0-11.el8
CVE-2020-15358 twistlock_cve sqlite-libs-3.26.0-11.el8
CVE-2019-3842 twistlock_cve systemd-239-41.el8_3.2
CVE-2019-3842 twistlock_cve systemd-libs-239-41.el8_3.2
CVE-2020-13776 twistlock_cve systemd-libs-239-41.el8_3.2
CVE-2019-3842 twistlock_cve systemd-pam-239-41.el8_3.2
CVE-2020-13776 twistlock_cve systemd-pam-239-41.el8_3.2

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/collaborationai/crowd-vector/ingress/-/jobs/4613491

Definition of Done

Justifications:

  • All findings have been justified
  • Justifications have been provided to the container hardening team

Approval Process:

  • Findings Approver has reviewed and approved all justifications
  • Approval request has been sent to Authorizing Official
  • Approval request has been processed by Authorizing Official
Edited by sean.melissari

UNCLASSIFIED - NO CUI