chore(findings): crypticvector/cherrybomb/manager
Summary
crypticvector/cherrybomb/manager has 155 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-r3xc-prgr-mg9p | Anchore CVE | Critical | Django-4.1.7 |
CVE-2023-32681 | Anchore CVE | Medium | python3-requests-2.25.1-6.el9 |
CVE-2023-2602 | Anchore CVE | Low | libcap-2.48-8.el9 |
CVE-2023-2953 | Anchore CVE | Low | openldap-compat-2.6.2-3.el9 |
CVE-2023-2953 | Anchore CVE | Low | openldap-2.6.2-3.el9 |
CVE-2023-2603 | Anchore CVE | Medium | libcap-2.48-8.el9 |
CVE-2023-2650 | Anchore CVE | Medium | openssl-libs-1:3.0.7-6.el9_2 |
CVE-2023-2650 | Anchore CVE | Medium | openssl-1:3.0.7-6.el9_2 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-1:1.12.20-7.el9_1 |
CVE-2023-22652 | Anchore CVE | Medium | libeconf-0.4.1-2.el9 |
CVE-2023-32611 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
CVE-2023-32636 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
CVE-2023-29499 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-common-1:1.12.20-7.el9_1 |
CVE-2023-34969 | Anchore CVE | Medium | dbus-libs-1:1.12.20-7.el9_1 |
CVE-2023-32665 | Anchore CVE | Low | glib2-2.68.4-6.el9 |
GHSA-jh3w-4vvf-mjgr | Anchore CVE | High | Django-4.1.7 |
CVE-2023-28320 | Anchore CVE | Low | curl-minimal-7.76.1-23.el9_2.1 |
CVE-2021-32256 | Anchore CVE | Medium | gdb-gdbserver-10.2-10.el9 |
CVE-2023-0687 | Anchore CVE | Medium | glibc-common-2.34-60.el9 |
CVE-2021-23840 | Anchore CVE | Medium | openssl-libs-1:3.0.7-6.el9_2 |
CVE-2023-0687 | Anchore CVE | Medium | glibc-langpack-en-2.34-60.el9 |
CVE-2023-28320 | Anchore CVE | Low | libcurl-minimal-7.76.1-23.el9_2.1 |
CVE-2023-3446 | Anchore CVE | Low | openssl-libs-1:3.0.7-6.el9_2 |
CVE-2021-44568 | Anchore CVE | Low | libsolv-0.7.22-4.el9 |
CVE-2023-2975 | Anchore CVE | Low | openssl-libs-1:3.0.7-6.el9_2 |
CVE-2021-23840 | Anchore CVE | Medium | openssl-1:3.0.7-6.el9_2 |
CVE-2023-0687 | Anchore CVE | Medium | glibc-2.34-60.el9 |
CVE-2023-3817 | Anchore CVE | Low | openssl-1:3.0.7-6.el9_2 |
CVE-2023-2975 | Anchore CVE | Low | openssl-1:3.0.7-6.el9_2 |
CVE-2023-3817 | Anchore CVE | Low | openssl-libs-1:3.0.7-6.el9_2 |
CVE-2023-0687 | Anchore CVE | Medium | glibc-minimal-langpack-2.34-60.el9 |
CVE-2023-3446 | Anchore CVE | Low | openssl-1:3.0.7-6.el9_2 |
CVE-2023-3899 | Anchore CVE | High | subscription-manager-1.29.33.1-1.el9_2 |
CVE-2023-3899 | Anchore CVE | High | python3-subscription-manager-rhsm-1.29.33.1-1.el9_2 |
CVE-2023-3899 | Anchore CVE | High | python3-cloud-what-1.29.33.1-1.el9_2 |
CVE-2023-3899 | Anchore CVE | High | libdnf-plugin-subscription-manager-1.29.33.1-1.el9_2 |
CVE-2023-36054 | Anchore CVE | Medium | krb5-libs-1.20.1-8.el9 |
CVE-2023-39975 | Anchore CVE | Medium | krb5-libs-1.20.1-8.el9 |
CVE-2022-47673 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2020-35342 | Anchore CVE | Medium | gdb-gdbserver-10.2-10.el9 |
CVE-2022-45703 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2020-21490 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-47011 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-48064 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-47696 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2021-46174 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-47010 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2020-19726 | Anchore CVE | Medium | gdb-gdbserver-10.2-10.el9 |
CVE-2022-48065 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-47695 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-35206 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2020-19724 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-47007 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2022-48063 | Anchore CVE | Low | gdb-gdbserver-10.2-10.el9 |
CVE-2020-19190 | Anchore CVE | Medium | ncurses-base-6.2-8.20210508.el9 |
CVE-2020-19186 | Anchore CVE | Medium | ncurses-libs-6.2-8.20210508.el9 |
CVE-2020-19186 | Anchore CVE | Medium | ncurses-base-6.2-8.20210508.el9 |
CVE-2020-19189 | Anchore CVE | Medium | ncurses-libs-6.2-8.20210508.el9 |
CVE-2020-19185 | Anchore CVE | Medium | ncurses-base-6.2-8.20210508.el9 |
CVE-2020-19188 | Anchore CVE | Medium | ncurses-base-6.2-8.20210508.el9 |
CVE-2020-19185 | Anchore CVE | Medium | ncurses-libs-6.2-8.20210508.el9 |
CVE-2020-19188 | Anchore CVE | Medium | ncurses-libs-6.2-8.20210508.el9 |
CVE-2020-19187 | Anchore CVE | Medium | ncurses-libs-6.2-8.20210508.el9 |
CVE-2020-19190 | Anchore CVE | Medium | ncurses-libs-6.2-8.20210508.el9 |
CVE-2020-19189 | Anchore CVE | Medium | ncurses-base-6.2-8.20210508.el9 |
CVE-2020-22916 | Anchore CVE | Low | xz-libs-5.2.5-8.el9_0 |
CVE-2020-19187 | Anchore CVE | Medium | ncurses-base-6.2-8.20210508.el9 |
CVE-2022-48554 | Anchore CVE | Low | file-libs-5.39-12.el9 |
CVE-2023-30078 | Anchore CVE | High | libeconf-0.4.1-2.el9 |
CVE-2023-30079 | Anchore CVE | High | libeconf-0.4.1-2.el9 |
CVE-2023-39615 | Anchore CVE | Medium | libxml2-2.9.13-3.el9_1 |
CVE-2023-4641 | Anchore CVE | Low | shadow-utils-2:4.9-6.el9 |
CVE-2023-4039 | Anchore CVE | Medium | libgomp-11.3.1-4.3.el9 |
CVE-2023-4527 | Anchore CVE | Medium | glibc-langpack-en-2.34-60.el9 |
CVE-2023-4421 | Anchore CVE | Medium | nss-softokn-3.79.0-18.el9_1 |
CVE-2023-4806 | Anchore CVE | Medium | glibc-minimal-langpack-2.34-60.el9 |
CVE-2023-4813 | Anchore CVE | Medium | glibc-common-2.34-60.el9 |
CVE-2023-4813 | Anchore CVE | Medium | glibc-langpack-en-2.34-60.el9 |
CVE-2023-4527 | Anchore CVE | Medium | glibc-minimal-langpack-2.34-60.el9 |
CVE-2023-4421 | Anchore CVE | Medium | nss-3.79.0-18.el9_1 |
CVE-2023-4813 | Anchore CVE | Medium | glibc-2.34-60.el9 |
CVE-2023-4806 | Anchore CVE | Medium | glibc-common-2.34-60.el9 |
CVE-2023-4421 | Anchore CVE | Medium | nss-softokn-freebl-3.79.0-18.el9_1 |
CVE-2023-4813 | Anchore CVE | Medium | glibc-minimal-langpack-2.34-60.el9 |
CVE-2023-4039 | Anchore CVE | Medium | libstdc++-11.3.1-4.3.el9 |
CVE-2023-4421 | Anchore CVE | Medium | nss-util-3.79.0-18.el9_1 |
CVE-2023-4806 | Anchore CVE | Medium | glibc-langpack-en-2.34-60.el9 |
CVE-2023-4806 | Anchore CVE | Medium | glibc-2.34-60.el9 |
CVE-2023-4527 | Anchore CVE | Medium | glibc-common-2.34-60.el9 |
CVE-2023-4421 | Anchore CVE | Medium | nspr-4.34.0-18.el9_1 |
CVE-2023-4527 | Anchore CVE | Medium | glibc-2.34-60.el9 |
CVE-2023-4039 | Anchore CVE | Medium | libgcc-11.3.1-4.3.el9 |
CVE-2023-4421 | Anchore CVE | Medium | nss-sysinit-3.79.0-18.el9_1 |
CVE-2023-5156 | Anchore CVE | Medium | glibc-common-2.34-60.el9 |
CVE-2023-5156 | Anchore CVE | Medium | glibc-2.34-60.el9 |
CVE-2023-5156 | Anchore CVE | Medium | glibc-minimal-langpack-2.34-60.el9 |
CVE-2023-5156 | Anchore CVE | Medium | glibc-langpack-en-2.34-60.el9 |
CVE-2023-4911 | Anchore CVE | High | glibc-common-2.34-60.el9 |
CVE-2023-4911 | Anchore CVE | High | glibc-langpack-en-2.34-60.el9 |
CVE-2023-4911 | Anchore CVE | High | glibc-minimal-langpack-2.34-60.el9 |
CVE-2023-4911 | Anchore CVE | High | glibc-2.34-60.el9 |
CVE-2022-48565 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.2 |
CVE-2022-48566 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.2 |
CVE-2007-4559 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.2 |
CVE-2022-48566 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.2 |
CVE-2023-27043 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.2 |
CVE-2007-4559 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.2 |
CVE-2023-27043 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.2 |
CVE-2022-0391 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.2 |
CVE-2021-23336 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.2 |
CVE-2021-23336 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.2 |
CVE-2022-0391 | Anchore CVE | Medium | python3-libs-3.9.16-1.el9_2.2 |
CVE-2022-48565 | Anchore CVE | Medium | python3-3.9.16-1.el9_2.2 |
CVE-2023-43804 | Anchore CVE | Medium | python3-urllib3-1.26.5-3.el9 |
CVE-2023-43804 | Anchore CVE | Medium | python3-pip-wheel-21.2.3-6.el9 |
CVE-2023-45322 | Anchore CVE | Medium | libxml2-2.9.13-3.el9_1 |
CVE-2023-38546 | Anchore CVE | Low | curl-minimal-7.76.1-23.el9_2.1 |
CVE-2023-38546 | Anchore CVE | Low | libcurl-minimal-7.76.1-23.el9_2.1 |
CVE-2023-38545 | Anchore CVE | High | libcurl-minimal-7.76.1-23.el9_2.1 |
CVE-2023-44487 | Anchore CVE | High | libnghttp2-1.43.0-5.el9 |
CVE-2023-38545 | Anchore CVE | High | curl-minimal-7.76.1-23.el9_2.1 |
CVE-2023-5388 | Anchore CVE | Medium | nss-sysinit-3.79.0-18.el9_1 |
CVE-2023-5388 | Anchore CVE | Medium | nspr-4.34.0-18.el9_1 |
CVE-2023-5388 | Anchore CVE | Medium | nss-softokn-3.79.0-18.el9_1 |
CVE-2023-5388 | Anchore CVE | Medium | nss-3.79.0-18.el9_1 |
CVE-2023-5388 | Anchore CVE | Medium | nss-softokn-freebl-3.79.0-18.el9_1 |
CVE-2023-5388 | Anchore CVE | Medium | nss-util-3.79.0-18.el9_1 |
CVE-2023-0464 | OSCAP Compliance | Medium | |
CVE-2023-0465 | OSCAP Compliance | Medium | |
CVE-2023-0466 | OSCAP Compliance | Medium | |
CVE-2023-1255 | OSCAP Compliance | Medium | |
CVE-2023-2650 | OSCAP Compliance | Medium | |
CVE-2023-28321 | OSCAP Compliance | Medium | |
CVE-2023-28322 | OSCAP Compliance | Medium | |
CVE-2023-32681 | OSCAP Compliance | Medium | |
CVE-2023-28484 | OSCAP Compliance | Medium | |
CVE-2023-29469 | OSCAP Compliance | Medium | |
CVE-2023-22652 | OSCAP Compliance | Medium | |
CVE-2023-34969 | OSCAP Compliance | Medium | |
CVE-2023-3899 | OSCAP Compliance | Medium | |
CVE-2023-30079 | OSCAP Compliance | Medium | |
CVE-2023-2602 | OSCAP Compliance | Medium | |
CVE-2023-2603 | OSCAP Compliance | Medium | |
CVE-2023-30630 | OSCAP Compliance | Medium | |
CVE-2023-4527 | OSCAP Compliance | Medium | |
CVE-2023-4806 | OSCAP Compliance | Medium | |
CVE-2023-4813 | OSCAP Compliance | Medium | |
CVE-2023-4911 | OSCAP Compliance | Medium | |
CVE-2023-38545 | OSCAP Compliance | Medium | |
CVE-2023-38546 | OSCAP Compliance | Medium | |
CVE-2023-44487 | OSCAP Compliance | Medium | |
CVE-2023-30608 | Twistlock CVE | High | sqlparse-0.4.2 |
CVE-2023-31047 | Twistlock CVE | Critical | django-4.1.7 |
CVE-2023-45803 | Twistlock CVE | Medium | urllib3-1.26.5 |
VAT: https://vat.dso.mil/vat/image?imageName=crypticvector/cherrybomb/manager&tag=0.1.4&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=crypticvector/cherrybomb/manager&tag=0.1.4&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.