UNCLASSIFIED - NO CUI

chore(findings): confluentinc/cp-kafka-rest

Summary

confluentinc/cp-kafka-rest has 37 new findings discovered during continuous monitoring.

id source severity package
GHSA-jgvc-jfgh-rjvv Anchore CVE Medium jose4j-0.7.9
GHSA-j8r2-6x86-q33q Anchore CVE Medium requests-2.28.2
GHSA-5cpq-8wj7-hf2v Anchore CVE Low cryptography-3.4.8
CVE-2023-35116 Anchore CVE Medium jackson-databind-2.13.4.2
CVE-2023-34453 Anchore CVE High snappy-java-1.1.8.4
CVE-2023-27043 Anchore CVE Medium python39-libs-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2023-34455 Anchore CVE High snappy-java-1.1.8.4
CVE-2007-4559 Anchore CVE Medium python39-libs-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2022-0391 Anchore CVE Medium python39-libs-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2023-27043 Anchore CVE Medium python39-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2023-34454 Anchore CVE High snappy-java-1.1.8.4
CVE-2022-0391 Anchore CVE Medium python39-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2007-4559 Anchore CVE Medium python39-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2023-36632 Anchore CVE Medium python39-libs-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2023-36632 Anchore CVE Medium python39-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
GHSA-cf7p-gm2m-833m Anchore CVE Medium cryptography-3.4.8
GHSA-xqr8-7jwr-rhp7 Anchore CVE Low certifi-2022.12.7
CVE-2023-0286 Twistlock CVE High cryptography-3.4.8
CVE-2023-23931 Twistlock CVE Medium cryptography-3.4.8
CVE-2023-26048 Twistlock CVE Medium org.eclipse.jetty_jetty-server-9.4.48
CVE-2023-26049 Twistlock CVE Low org.eclipse.jetty_jetty-server-9.4.48
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.13.4
PRISMA-2023-0067 Twistlock CVE High com.fasterxml.jackson.core_jackson-core-2.13.2
GHSA-5cpq-8wj7-hf2v Twistlock CVE Low cryptography-3.4.8
CVE-2023-27043 Twistlock CVE Medium python39-pip-20.2.4-7.module+el8.6.0+13003+6bb2c488
CVE-2023-27043 Twistlock CVE Medium python39-setuptools-wheel-50.3.2-4.module+el8.5.0+12204+54860423
CVE-2023-27043 Twistlock CVE Medium python39-setuptools-50.3.2-4.module+el8.5.0+12204+54860423
CVE-2023-27043 Twistlock CVE Medium python39-pip-wheel-20.2.4-7.module+el8.6.0+13003+6bb2c488
CVE-2023-2650 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-27043 Twistlock CVE Medium python39-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2023-27043 Twistlock CVE Medium python39-libs-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2022-0391 Twistlock CVE Medium python39-libs-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
CVE-2022-0391 Twistlock CVE Medium python39-3.9.16-1.module+el8.8.0+18968+3d7b19f0.1
GHSA-58qw-p7qm-5rvh Twistlock CVE Low org.eclipse.jetty_jetty-xml-9.4.48
CVE-2023-38325 Twistlock CVE High cryptography-3.4.8
CVE-2023-3446 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-37920 Twistlock CVE Low certifi-2022.12.7

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=confluentinc/cp-kafka-rest&tag=7.2.4-1-ubi8&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusReview label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI