chore(findings): f18-navy-boeing/osee/osee-postgres
Summary
f18-navy-boeing/osee/osee-postgres has 111 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CCE-85987-6 | oscap_comp | Medium | |
CVE-2020-36188 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-12814 | anchore_cve | Medium | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-9546 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-19361 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-20330 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-14719 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-11307 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14379 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-8740 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-10968 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-20505 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-11112 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-9547 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36184 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-8457 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-16943 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2016-6153 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2018-12022 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14893 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-17267 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2021-20190 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36187 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13632 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2015-3717 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-36179 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-19360 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11111 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-9548 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-14060 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-14195 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-12384 | anchore_cve | Medium | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13630 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-11619 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-19362 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11113 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36183 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-35728 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36180 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2014-9390 | anchore_cve | Critical | org.eclipse.egit-5.8.0.202006091008-r |
CVE-2020-14061 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-17531 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36186 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-14718 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-35490 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2017-17485 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-14720 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11655 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-19645 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-12086 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13631 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-16335 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36181 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2017-10989 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-16168 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-24750 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-7489 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-8840 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14540 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-14892 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-15358 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2018-20346 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-24616 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-20506 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2018-14721 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13435 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-36182 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36189 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-10969 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11620 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-35491 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-19646 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2018-5968 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-25649 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2008-0732 | anchore_cve | Low | geronimo-jta_1.1_spec-1.1.1 |
CVE-2011-5034 | anchore_cve | High | geronimo-jta_1.1_spec-1.1.1 |
CVE-2020-14062 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2015-5895 | anchore_cve | High | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-13434 | anchore_cve | Medium | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2020-10673 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-8908 | anchore_cve | Low | com.google.guava-27.1.0-SNAPSHOT |
CVE-2020-36185 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2018-12023 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-10672 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2019-16942 | anchore_cve | Critical | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-11656 | anchore_cve | Critical | org.xerial.sqlite-3.8.9-SNAPSHOT |
CVE-2019-14439 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-36518 | anchore_cve | High | com.fasterxml.jackson.core.jackson-databind-2.9.2-SNAPSHOT |
CVE-2020-13630 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13631 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-11655 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13434 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2014-9390 | anchore_cve | Critical | org.eclipse.egit_5.8.0.202006091008-r-5.8.0.202006091008-r |
CVE-2019-8457 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-20505 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13632 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-20346 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2015-5895 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2017-10989 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2019-19646 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-15358 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-8740 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2019-19645 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-11656 | anchore_cve | Critical | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2016-6153 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13435 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2018-20506 | anchore_cve | High | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2019-16168 | anchore_cve | Medium | org.xerial.sqlite_3.8.9.v202107120022-DEV-3.8.9.v202107120022-dev |
CVE-2020-13956 | anchore_cve | Medium | org.apache.commons.httpclient_3.1.0.v201012070820-3.1.0.v201012070820 |
CVE-2022-25647 | anchore_cve | High | com.google.gson-2.8.2-SNAPSHOT |
f29704a9e7a9d718201772ca89fdd181 | anchore_comp | Low |
VAT: https://vat.dso.mil/vat/container/17672?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/f18-navy-boeing/osee/osee-postgres/-/jobs/10571353
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Ghost User