chore(findings): crunchy-data/crunchy-pgbackrest
Summary
crunchy-data/crunchy-pgbackrest has 104 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2023-0464 | Anchore CVE | Low | openssl-1:1.1.1k-9.el8_7 |
CVE-2023-0466 | Anchore CVE | Low | openssl-1:1.1.1k-9.el8_7 |
CVE-2023-0465 | Anchore CVE | Low | openssl-1:1.1.1k-9.el8_7 |
CVE-2022-48468 | Anchore CVE | Medium | protobuf-c-1.3.0-6.el8 |
CVE-2023-29491 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2022-48337 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2022-48339 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2022-3094 | Anchore CVE | Medium | bind-libs-lite-32:9.11.36-8.el8 |
CVE-2022-3094 | Anchore CVE | Medium | bind-libs-32:9.11.36-8.el8 |
CVE-2022-3094 | Anchore CVE | Medium | bind-license-32:9.11.36-8.el8 |
CVE-2022-48338 | Anchore CVE | Medium | emacs-filesystem-1:26.1-10.el8_8.2 |
CVE-2022-3094 | Anchore CVE | Medium | python3-bind-32:9.11.36-8.el8 |
CVE-2022-3094 | Anchore CVE | Medium | bind-utils-32:9.11.36-8.el8 |
CVE-2023-28321 | Anchore CVE | Medium | libcurl-7.61.1-30.el8_8.2 |
CVE-2023-28321 | Anchore CVE | Medium | curl-7.61.1-30.el8_8.2 |
CVE-2023-24056 | Twistlock CVE | Medium | pkgconf-m4-1.4.2-1.el8 |
CVE-2023-24056 | Twistlock CVE | Medium | pkgconf-pkg-config-1.4.2-1.el8 |
CVE-2023-24056 | Twistlock CVE | Medium | libpkgconf-1.4.2-1.el8 |
CVE-2023-24056 | Twistlock CVE | Medium | pkgconf-1.4.2-1.el8 |
CVE-2023-0512 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0433 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0054 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-4292 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3352 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3296 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3256 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3235 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3234 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3037 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2946 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2819 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2522 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2345 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2344 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2343 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2286 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2285 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2284 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2210 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2207 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2206 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2182 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2175 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2129 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2126 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2125 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2124 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-1619 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-1127 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0288 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0049 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2021-3927 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2287 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2021-4166 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3705 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-0351 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-3153 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-1720 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-4293 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2980 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2923 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2018-20786 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-server-8.0p1-17.el8 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-clients-8.0p1-17.el8 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-8.0p1-17.el8 |
CVE-2022-2208 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2183 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-33070 | Twistlock CVE | Low | protobuf-c-1.3.0-6.el8 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-server-8.0p1-17.el8 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-8.0p1-17.el8 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-clients-8.0p1-17.el8 |
CVE-2021-3974 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2849 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2022-2845 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-24532 | Twistlock CVE | Medium | go-1.19.6 |
CVE-2023-1264 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-1175 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-1170 | Twistlock CVE | Low | vim-filesystem-8.0.1763-19.el8_6.4 |
CVE-2023-0464 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-0466 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-0465 | Twistlock CVE | Low | openssl-1.1.1k-9.el8_7 |
CVE-2023-24537 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24538 | Twistlock CVE | Critical | go-1.19.6 |
CVE-2023-24536 | Twistlock CVE | High | go-1.19.6 |
CVE-2023-24534 | Twistlock CVE | High | go-1.19.6 |
PRISMA-2023-0056 | Twistlock CVE | Medium | github.com/sirupsen/logrus-v1.8.1 |
CVE-2023-28617 | Twistlock CVE | Critical | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-48339 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-45939 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-3094 | Twistlock CVE | Medium | python3-bind-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | bind-license-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | bind-libs-lite-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | bind-libs-9.11.36-8.el8 |
CVE-2022-3094 | Twistlock CVE | Medium | bind-utils-9.11.36-8.el8 |
CVE-2022-48338 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-48337 | Twistlock CVE | Medium | emacs-filesystem-26.1-10.el8_8.2 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-license-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-utils-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-libs-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | bind-libs-lite-9.11.36-8.el8 |
CVE-2022-2795 | Twistlock CVE | Medium | python3-bind-9.11.36-8.el8 |
CVE-2022-27943 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
VAT: https://vat.dso.mil/vat/image?imageName=crunchy-data/crunchy-pgbackrest&tag=ubi8-14.7-5.1.5&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/crunchy-data/crunchy-pgbackrest/-/jobs/11296139
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.