UNCLASSIFIED - NO CUI

chore(findings): gitlab/gitlab/gitlab-sidekiq

Summary

gitlab/gitlab/gitlab-sidekiq has 102 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9-micro:9.6 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=gitlab/gitlab/gitlab-sidekiq&tag=18.6.2&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-41996 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00690 false
CVE-2025-8194 Anchore CVE High python-3.9.23 0.00223 false
CVE-2025-8194 Anchore CVE High python-3.9.23 0.00223 false
CVE-2024-5642 Anchore CVE Medium python-3.9.23 0.00187 false
CVE-2024-5642 Anchore CVE Medium python-3.9.23 0.00187 false
CVE-2025-6069 Anchore CVE Medium python-3.9.23 0.00163 false
CVE-2025-6069 Anchore CVE Medium python-3.9.23 0.00163 false
CVE-2024-13176 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00123 false
CVE-2025-8291 Anchore CVE Medium python-3.9.23 0.00113 false
CVE-2025-8291 Anchore CVE Medium python-3.9.23 0.00113 false
CVE-2025-58181 Twistlock CVE Medium golang.org/x/crypto/ssh-v0.40.0 0.00091 false
CVE-2025-13836 Anchore CVE Medium python-3.9.23 0.00066 false
CVE-2025-13836 Anchore CVE Medium python-3.9.23 0.00066 false
CVE-2025-12084 Anchore CVE Medium python-3.9.23 0.00060 false
CVE-2025-12084 Anchore CVE Medium python-3.9.23 0.00060 false
CVE-2025-66564 Twistlock CVE High github.com/sigstore/timestamp-authority-v1.2.8 0.00052 false
CVE-2025-32728 Twistlock CVE Medium openssh-8.7p1-46.el9 0.00048 false
CVE-2025-32728 Anchore CVE Medium openssh-8.7p1-46.el9 0.00048 false
CVE-2025-32728 Anchore CVE Medium openssh-clients-8.7p1-46.el9 0.00048 false
CVE-2025-58185 Anchore CVE Medium stdlib-go1.24.6 0.00033 false
CVE-2025-58185 Anchore CVE Medium stdlib-go1.24.6 0.00033 false
CVE-2025-66506 Twistlock CVE High github.com/sigstore/fulcio-v1.7.1 0.00030 false
CVE-2025-58186 Anchore CVE Medium stdlib-go1.24.6 0.00029 false
CVE-2025-58186 Anchore CVE Medium stdlib-go1.24.6 0.00029 false
CVE-2025-9232 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-61725 Anchore CVE High stdlib-go1.24.6 0.00026 false
CVE-2025-61725 Anchore CVE High stdlib-go1.24.6 0.00026 false
CVE-2025-61723 Anchore CVE High stdlib-go1.24.6 0.00026 false
CVE-2025-61723 Anchore CVE High stdlib-go1.24.6 0.00026 false
CVE-2025-61724 Anchore CVE Medium stdlib-go1.24.6 0.00025 false
CVE-2025-61724 Anchore CVE Medium stdlib-go1.24.6 0.00025 false
CVE-2025-47912 Anchore CVE Medium stdlib-go1.24.6 0.00025 false
CVE-2025-47912 Anchore CVE Medium stdlib-go1.24.6 0.00025 false
CVE-2025-61727 Anchore CVE Medium stdlib-go1.24.6 0.00021 false
CVE-2025-61727 Anchore CVE Medium stdlib-go1.24.6 0.00021 false
CVE-2025-58189 Anchore CVE Medium stdlib-go1.24.6 0.00019 false
CVE-2025-58189 Anchore CVE Medium stdlib-go1.24.6 0.00019 false
CVE-2025-13837 Anchore CVE Low python-3.9.23 0.00018 false
CVE-2025-13837 Anchore CVE Low python-3.9.23 0.00018 false
CVE-2025-6075 Anchore CVE Low python-3.9.23 0.00017 false
CVE-2025-6075 Anchore CVE Low python-3.9.23 0.00017 false
CVE-2025-61729 Anchore CVE High stdlib-go1.24.6 0.00016 false
CVE-2025-61729 Anchore CVE High stdlib-go1.24.6 0.00016 false
CVE-2025-58187 Anchore CVE High stdlib-go1.24.6 0.00015 false
CVE-2025-58187 Anchore CVE High stdlib-go1.24.6 0.00015 false
CVE-2025-58188 Anchore CVE High stdlib-go1.24.6 0.00014 false
CVE-2025-58188 Anchore CVE High stdlib-go1.24.6 0.00014 false
CVE-2025-58183 Anchore CVE Medium stdlib-go1.24.6 0.00014 false
CVE-2025-58183 Anchore CVE Medium stdlib-go1.24.6 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-core-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libsmartcols-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libfdisk-2.37.4-21.el9 0.00014 false
CVE-2025-61985 Twistlock CVE Medium openssh-8.7p1-46.el9 0.00011 false
CVE-2025-61985 Anchore CVE Medium openssh-8.7p1-46.el9 0.00011 false
CVE-2025-61985 Anchore CVE Medium openssh-clients-8.7p1-46.el9 0.00011 false
CVE-2023-51767 Anchore CVE Medium openssh-8.7p1-46.el9 0.00010 false
CVE-2023-51767 Anchore CVE Medium openssh-clients-8.7p1-46.el9 0.00010 false
CVE-2025-61984 Twistlock CVE Medium openssh-8.7p1-46.el9 0.00006 false
CVE-2025-61984 Anchore CVE Medium openssh-8.7p1-46.el9 0.00006 false
CVE-2025-61984 Anchore CVE Medium openssh-clients-8.7p1-46.el9 0.00006 false
e7573262736ef52353cde3bae2617782 Anchore Compliance Low N/A N/A
c2e44319ae5b3b040044d8ae116d1c2f Anchore Compliance Low N/A N/A
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low N/A N/A
abb121e9621abdd452f65844954cf1c1 Anchore Compliance Low N/A N/A
GO-2025-3900 Twistlock CVE Medium github.com/go-viper/mapstructure/v2-v2.3.0 N/A N/A
GHSA-j5w8-q4qc-rx2x Anchore CVE Medium golang.org/x/crypto-v0.40.0 N/A N/A
GHSA-f83f-xpx7-ffpw Anchore CVE High github.com/sigstore/fulcio-v1.7.1 N/A N/A
GHSA-f6x5-jh6r-wrfv Anchore CVE Medium golang.org/x/crypto-v0.40.0 N/A N/A
GHSA-4qg8-fj49-pxjh Anchore CVE High github.com/sigstore/timestamp-authority-v1.2.8 N/A N/A
GHSA-2464-8j7c-4cjm Anchore CVE Medium github.com/go-viper/mapstructure/v2-v2.3.0 N/A N/A
CCE-88413-0 OSCAP Compliance Medium N/A N/A
CCE-86356-3 OSCAP Compliance Medium N/A N/A
CCE-86100-5 OSCAP Compliance Medium N/A N/A
CCE-86068-4 OSCAP Compliance Medium N/A N/A
CCE-83647-8 OSCAP Compliance Medium N/A N/A
CCE-83641-1 OSCAP Compliance Low N/A N/A
CCE-83635-3 OSCAP Compliance Medium N/A N/A
CCE-83627-0 OSCAP Compliance Medium N/A N/A
CCE-83621-3 OSCAP Compliance Medium N/A N/A
CCE-83615-5 OSCAP Compliance Medium N/A N/A
CCE-83610-6 OSCAP Compliance Medium N/A N/A
CCE-83606-4 OSCAP Compliance Medium N/A N/A
CCE-83589-2 OSCAP Compliance Medium N/A N/A
CCE-83588-4 OSCAP Compliance Medium N/A N/A
CCE-83587-6 OSCAP Compliance Medium N/A N/A
CCE-83583-5 OSCAP Compliance Medium N/A N/A
CCE-83579-3 OSCAP Compliance Medium N/A N/A
CCE-83575-1 OSCAP Compliance Medium N/A N/A
CCE-83570-2 OSCAP Compliance Medium N/A N/A
CCE-83568-6 OSCAP Compliance Medium N/A N/A
CCE-83567-8 OSCAP Compliance Medium N/A N/A
CCE-83566-0 OSCAP Compliance Medium N/A N/A
CCE-83565-2 OSCAP Compliance Medium N/A N/A
CCE-83564-5 OSCAP Compliance Medium N/A N/A
CCE-83563-7 OSCAP Compliance Medium N/A N/A
698044205a9c4a6d48b7937e66a6bf4f Anchore Compliance Low N/A N/A
639f6f1177735759703e928c14714a59 Anchore Compliance Low N/A N/A
463a9a24225c26f7a5bf3f38908e5cb3 Anchore Compliance Low N/A N/A
3e5fad1c039f3ecfd1dcdc94d2f1f9a0 Anchore Compliance Low N/A N/A
34de21e516c0ca50a96e5386f163f8bf Anchore Compliance Low N/A N/A
320a97c6816565eedf3545833df99dd0 Anchore Compliance Low N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=gitlab/gitlab/gitlab-sidekiq&tag=18.6.2&branch=master

Tasks

Contributor:

  • Apply the StatusReview label to this issue for a merge request review and wait for feedback

OR

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI