chore(findings): collaborationai/crowd-vector/webserver
Summary
collaborationai/crowd-vector/webserver has 29 new findings discovered during continuous monitoring.
| id | source | package |
|---|---|---|
| CCE-80788-3 | oscap_comp | none |
| CCE-83478-8 | oscap_comp | none |
| CCE-83480-4 | oscap_comp | none |
| CCE-80668-7 | oscap_comp | none |
| CCE-80654-7 | oscap_comp | none |
| CCE-82046-4 | oscap_comp | none |
| CCE-80656-2 | oscap_comp | none |
| CCE-80647-1 | oscap_comp | none |
| CCE-80648-9 | oscap_comp | none |
| CCE-80652-1 | oscap_comp | none |
| CCE-84037-1 | oscap_comp | none |
| CCE-81036-6 | oscap_comp | none |
| CCE-82888-9 | oscap_comp | none |
| CCE-80783-4 | oscap_comp | none |
| CCE-86519-6 | oscap_comp | none |
| CVE-2021-32809 | twistlock_cve | ckeditor4-4.16.1 |
| GHSA-7889-rm5j-hpgg | anchore_cve | ckeditor4-4.16.1 |
| GHSA-7889-rm5j-hpgg | anchore_cve | ckeditor4-4.16.1 |
| CVE-2021-3618 | twistlock_cve | nginx-1.20.1-1.el8.ngx |
| CVE-2019-14250 | twistlock_cve | libgomp-8.4.1-1.el8 |
| CVE-2018-20673 | twistlock_cve | libgomp-8.4.1-1.el8 |
| CVE-2018-20657 | twistlock_cve | libgomp-8.4.1-1.el8 |
| CVE-2021-3114 | twistlock_cve | libgomp-8.4.1-1.el8 |
| CVE-2021-32808 | twistlock_cve | ckeditor4-4.16.1 |
| CVE-2021-37695 | twistlock_cve | ckeditor4-4.16.1 |
| GHSA-6226-h7ff-ch6c | anchore_cve | ckeditor4-4.16.1 |
| GHSA-m94c-37g6-cjhc | anchore_cve | ckeditor4-4.16.1 |
| GHSA-6226-h7ff-ch6c | anchore_cve | ckeditor4-4.16.1 |
| GHSA-m94c-37g6-cjhc | anchore_cve | ckeditor4-4.16.1 |
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/collaborationai/crowd-vector/webserver/-/jobs/7565342
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official