chore(findings): diat/aap-rstudio
Summary
diat/aap-rstudio has 121 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2023-28484 | Anchore CVE | Medium | libxml2-devel-2.9.7-16.el8 |
CVE-2022-3570 | Anchore CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-2004 | Anchore CVE | Low | java-17-openjdk-devel-1:17.0.7.0.7-3.el8 |
CVE-2022-3570 | Anchore CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-33068 | Anchore CVE | Medium | java-17-openjdk-1:17.0.7.0.7-3.el8 |
CVE-2022-48281 | Anchore CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-33068 | Anchore CVE | Medium | java-17-openjdk-headless-1:17.0.7.0.7-3.el8 |
CVE-2023-2004 | Anchore CVE | Low | java-17-openjdk-headless-1:17.0.7.0.7-3.el8 |
CVE-2023-28410 | Anchore CVE | Medium | kernel-headers-4.18.0-477.10.1.el8_8 |
CVE-2023-29469 | Anchore CVE | Medium | libxml2-devel-2.9.7-16.el8 |
CVE-2022-2879 | Twistlock CVE | High | go-1.19 |
CVE-2022-3970 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3970 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2017-17095 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2017-17095 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3627 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3627 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-3599 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3599 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-3598 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-3598 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-23990 | Twistlock CVE | Medium | expat-devel-2.2.5-11.el8 |
CVE-2023-0804 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0804 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0803 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0803 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0802 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0802 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0801 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0801 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0800 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0800 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0798 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0798 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0797 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0797 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0796 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0796 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0795 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0795 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-29469 | Twistlock CVE | Medium | libxml2-devel-2.9.7-16.el8 |
CVE-2023-28484 | Twistlock CVE | Medium | libxml2-devel-2.9.7-16.el8 |
CVE-2022-4645 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-4645 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2023-0799 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-0799 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-48281 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-48281 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3570 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2022-3570 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2022-33068 | Twistlock CVE | Medium | java-17-openjdk-devel-17.0.7.0.7-3.el8 |
CVE-2022-33068 | Twistlock CVE | Medium | java-17-openjdk-headless-17.0.7.0.7-3.el8 |
CVE-2022-33068 | Twistlock CVE | Medium | java-17-openjdk-17.0.7.0.7-3.el8 |
CVE-2018-16335 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2018-16335 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2018-15209 | Twistlock CVE | Medium | libtiff-devel-4.0.9-27.el8 |
CVE-2018-15209 | Twistlock CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2019-6128 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2019-6128 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2023-1916 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2023-1916 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-1.8.0-openjdk-devel-1.8.0.372.b07-4.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-17-openjdk-headless-17.0.7.0.7-3.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-1.8.0-openjdk-headless-1.8.0.372.b07-4.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-17-openjdk-devel-17.0.7.0.7-3.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-1.8.0-openjdk-1.8.0.372.b07-4.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-17-openjdk-17.0.7.0.7-3.el8 |
CVE-2022-27943 | Twistlock CVE | Low | libgfortran-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | libquadmath-devel-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | gcc-c++-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | libquadmath-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | libstdc++-devel-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | gcc-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | gcc-gfortran-8.5.0-18.el8 |
CVE-2022-27943 | Twistlock CVE | Low | cpp-8.5.0-18.el8 |
CVE-2022-1354 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2022-1354 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2018-10779 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2018-10779 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2018-17101 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2018-17101 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | gcc-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libstdc++-devel-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libgfortran-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | cpp-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | gcc-c++-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | gcc-gfortran-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libquadmath-devel-8.5.0-18.el8 |
CVE-2019-14250 | Twistlock CVE | Low | libquadmath-8.5.0-18.el8 |
CVE-2018-5360 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2018-5360 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2018-20657 | Twistlock CVE | Low | gcc-c++-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libgfortran-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libgomp-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | cpp-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libquadmath-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | gcc-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | gcc-gfortran-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libquadmath-devel-8.5.0-18.el8 |
CVE-2018-20657 | Twistlock CVE | Low | libstdc++-devel-8.5.0-18.el8 |
CVE-2018-19210 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2018-19210 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2018-10801 | Twistlock CVE | Low | libtiff-devel-4.0.9-27.el8 |
CVE-2018-10801 | Twistlock CVE | Low | libtiff-4.0.9-27.el8 |
CVE-2023-2004 | Anchore CVE | Low | java-17-openjdk-1:17.0.7.0.7-3.el8 |
CVE-2022-33068 | Anchore CVE | Medium | java-17-openjdk-devel-1:17.0.7.0.7-3.el8 |
CVE-2022-48281 | Anchore CVE | Medium | libtiff-4.0.9-27.el8 |
CVE-2023-28321 | Anchore CVE | Medium | curl-7.61.1-30.el8_8.2 |
CVE-2023-28321 | Anchore CVE | Medium | libcurl-7.61.1-30.el8_8.2 |
CVE-2023-28321 | Anchore CVE | Medium | libcurl-devel-7.61.1-30.el8_8.2 |
CVE-2023-32681 | Anchore CVE | Medium | python3-requests-2.20.0-2.1.el8_1 |
CVE-2023-2235 | Anchore CVE | High | kernel-headers-4.18.0-477.10.1.el8_8 |
CVE-2023-2602 | Anchore CVE | Low | libcap-2.48-4.el8 |
CVE-2023-2953 | Anchore CVE | Low | openldap-2.4.46-18.el8 |
CVE-2023-2603 | Anchore CVE | Medium | libcap-2.48-4.el8 |
CVE-2023-24540 | Twistlock CVE | Critical | go-1.19 |
CVE-2023-29400 | Twistlock CVE | High | go-1.19 |
CVE-2023-24539 | Twistlock CVE | High | go-1.19 |
CVE-2023-32681 | Twistlock CVE | Medium | requests-2.20.0 |
VAT: https://vat.dso.mil/vat/image?imageName=diat/aap-rstudio&tag=2023.05&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/diat/aap-rstudio/-/jobs/20948955
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Verification" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.