UNCLASSIFIED - NO CUI

chore(findings): confluent/confluent-component-operator/cp-server-connect-operator-5.5.x

Summary

confluent/confluent-component-operator/cp-server-connect-operator-5.5.x has 69 new findings discovered during continuous monitoring.

id source package
CVE-2021-27218 anchore_cve glib2-2.56.4-9.el8
CVE-2021-27219 anchore_cve glib2-2.56.4-9.el8
CVE-2021-28153 anchore_cve glib2-2.56.4-9.el8
CVE-2021-3516 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3517 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3518 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3537 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3541 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3520 anchore_cve lz4-libs-1.8.3-2.el8
CVE-2021-3516 anchore_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3517 anchore_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3518 anchore_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3537 anchore_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3541 anchore_cve python3-libxml2-2.9.7-9.el8
CVE-2021-20266 anchore_cve python3-rpm-4.14.3-13.el8
CVE-2021-20271 anchore_cve python3-rpm-4.14.3-13.el8
CVE-2021-3421 anchore_cve python3-rpm-4.14.3-13.el8
CVE-2021-35937 anchore_cve python3-rpm-4.14.3-13.el8
CVE-2021-35938 anchore_cve python3-rpm-4.14.3-13.el8
CVE-2021-35939 anchore_cve python3-rpm-4.14.3-13.el8
CVE-2021-20266 anchore_cve rpm-4.14.3-13.el8
CVE-2021-20271 anchore_cve rpm-4.14.3-13.el8
CVE-2021-3421 anchore_cve rpm-4.14.3-13.el8
CVE-2021-35937 anchore_cve rpm-4.14.3-13.el8
CVE-2021-35938 anchore_cve rpm-4.14.3-13.el8
CVE-2021-35939 anchore_cve rpm-4.14.3-13.el8
CVE-2021-20266 anchore_cve rpm-build-libs-4.14.3-13.el8
CVE-2021-20271 anchore_cve rpm-build-libs-4.14.3-13.el8
CVE-2021-3421 anchore_cve rpm-build-libs-4.14.3-13.el8
CVE-2021-35937 anchore_cve rpm-build-libs-4.14.3-13.el8
CVE-2021-35938 anchore_cve rpm-build-libs-4.14.3-13.el8
CVE-2021-35939 anchore_cve rpm-build-libs-4.14.3-13.el8
CVE-2021-20266 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-20271 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-3421 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-35937 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-35938 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-35939 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-33503 anchore_cve urllib3-1.26.4
GHSA-q2q7-5pp4-w6pg anchore_cve urllib3-1.26.4
CVE-2020-25649 anchore_cve zookeeper-3.5.8
CVE-2020-25649 anchore_cve zookeeper-3.5.8
CVE-2020-27216 anchore_cve zookeeper-3.5.8
CVE-2020-27216 anchore_cve zookeeper-3.5.8
CVE-2020-27218 anchore_cve zookeeper-3.5.8
CVE-2020-27218 anchore_cve zookeeper-3.5.8
CVE-2021-29425 twistlock_cve commons-io_commons-io-2.5
CVE-2021-27218 twistlock_cve glib2-2.56.4-9.el8
CVE-2021-27219 twistlock_cve glib2-2.56.4-9.el8
CVE-2021-28153 twistlock_cve glib2-2.56.4-9.el8
CVE-2021-3516 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-3517 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-3518 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-3537 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-3541 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-3520 twistlock_cve lz4-libs-1.8.3-2.el8
CVE-2021-28169 twistlock_cve org.eclipse.jetty_jetty-io-9.4.39.v20210325
CVE-2021-34428 twistlock_cve org.eclipse.jetty_jetty-io-9.4.39.v20210325
CVE-2021-3516 twistlock_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3517 twistlock_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3518 twistlock_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3537 twistlock_cve python3-libxml2-2.9.7-9.el8
CVE-2021-3541 twistlock_cve python3-libxml2-2.9.7-9.el8
CVE-2021-20271 twistlock_cve python3-rpm-4.14.3-13.el8
CVE-2021-20266 twistlock_cve rpm-4.14.3-13.el8
CVE-2021-20271 twistlock_cve rpm-4.14.3-13.el8
CVE-2021-3421 twistlock_cve rpm-4.14.3-13.el8
CVE-2021-20271 twistlock_cve rpm-build-libs-4.14.3-13.el8
CVE-2021-20271 twistlock_cve rpm-libs-4.14.3-13.el8

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/confluent/confluent-component-operator/cp-server-connect-operator-5.5.x/-/jobs/4609027

Definition of Done

Justifications:

  • All findings have been justified
  • Justifications have been provided to the container hardening team

Approval Process:

  • Findings Approver has reviewed and approved all justifications
  • Approval request has been sent to Authorizing Official
  • Approval request has been processed by Authorizing Official

UNCLASSIFIED - NO CUI