UNCLASSIFIED - NO CUI

Skip to content

chore(findings): hashicorp/boundary

Summary

hashicorp/boundary has 108 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=hashicorp/boundary&tag=0.15.5&branch=master

id source severity package impact workaround
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
CVE-2023-0466 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2021-33294 Anchore CVE Low elfutils-debuginfod-client-0.190-2.el8
CVE-2023-45322 Anchore CVE Low python3-libxml2-2.9.7-18.el8_10.1
CVE-2024-33655 Anchore CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2019-16866 Anchore CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-33655 Anchore CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2023-2650 Anchore CVE Medium openssl-1:1.1.1k-12.el8_9
CVE-2024-0727 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2023-0465 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2023-0464 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2022-0530 Anchore CVE Low unzip-6.0-46.el8
CVE-2024-25260 Anchore CVE Low elfutils-debuginfod-client-0.190-2.el8
CVE-2024-2511 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2021-4217 Anchore CVE Low unzip-6.0-46.el8
CVE-2019-16866 Anchore CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2022-0529 Anchore CVE Low unzip-6.0-46.el8
CVE-2018-20225 Anchore CVE Low platform-python-pip-9.0.3-24.el8
CVE-2024-43167 Anchore CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-4032 Anchore CVE Low python3-libs-3.6.8-62.el8_10
CVE-2024-4741 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2024-43167 Anchore CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2024-6923 Anchore CVE Medium python3-libs-3.6.8-62.el8_10
CVE-2024-34459 Anchore CVE Low libxml2-2.9.7-18.el8_10.1
CVE-2024-5535 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2024-43168 Anchore CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2024-4032 Anchore CVE Low platform-python-3.6.8-62.el8_10
CVE-2024-6923 Anchore CVE Medium platform-python-3.6.8-62.el8_10
CVE-2023-45918 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2024-43168 Anchore CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-5535 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
GHSA-v23v-6jw2-98fq Anchore CVE Critical github.com/docker/docker-v24.0.9+incompatible
CVE-2023-45918 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2024-34459 Anchore CVE Low python3-libxml2-2.9.7-18.el8_10.1
CVE-2024-34397 Anchore CVE Medium glib2-2.56.4-162.el8
CVE-2024-4741 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2023-27534 Anchore CVE Low libcurl-7.61.1-34.el8_10.2
CVE-2023-27534 Anchore CVE Low curl-7.61.1-34.el8_10.2
CVE-2019-1010022 Anchore CVE Critical glibc-gconv-extra-2.28-251.el8_10.4
CVE-2019-1010022 Anchore CVE Critical glibc-langpack-en-2.28-251.el8_10.4
CVE-2024-45490 Anchore CVE Medium expat-2.2.5-13.el8_10
CVE-2024-6232 Anchore CVE Medium platform-python-3.6.8-62.el8_10
CVE-2024-7264 Anchore CVE Low libcurl-7.61.1-34.el8_10.2
CVE-2024-6232 Anchore CVE Medium python3-libs-3.6.8-62.el8_10
CVE-2024-7264 Anchore CVE Low curl-7.61.1-34.el8_10.2
GHSA-jfvp-7x6p-h2pv Anchore CVE Low github.com/opencontainers/runc-v1.1.12
CVE-2024-45491 Anchore CVE Medium expat-2.2.5-13.el8_10
CVE-2024-45492 Anchore CVE Medium expat-2.2.5-13.el8_10
CVE-2024-34158 Anchore CVE High stdlib-go1.22.5
CVE-2024-34155 Anchore CVE Low stdlib-go1.22.5
CVE-2024-34156 Anchore CVE High stdlib-go1.22.5
CVE-2023-7256 Anchore CVE Medium libpcap-14:1.9.1-5.el8
CVE-2024-7592 Anchore CVE Low python3-libs-3.6.8-62.el8_10
CVE-2024-7592 Anchore CVE Low platform-python-3.6.8-62.el8_10
CCE-84254-2 OSCAP Compliance Medium
CCE-84255-9 OSCAP Compliance Medium
CVE-2022-23990 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2023-2650 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2024-5535 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2023-0464 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2024-4741 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2024-4741 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2024-34459 Twistlock CVE Low python3-libxml2-2.9.7-18.el8_10.1
CVE-2024-0727 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2023-0466 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2023-0465 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2019-16866 Twistlock CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2019-16866 Twistlock CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2024-33655 Twistlock CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-33655 Twistlock CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2024-2511 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2024-6923 Twistlock CVE Medium python3-libs-3.6.8-62.el8_10
CVE-2024-6923 Twistlock CVE Medium platform-python-3.6.8-62.el8_10
CVE-2024-0397 Twistlock CVE Low python3-libs-3.6.8-62.el8_10
CVE-2024-0397 Twistlock CVE Low platform-python-3.6.8-62.el8_10
CVE-2024-43168 Twistlock CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2024-43168 Twistlock CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-43167 Twistlock CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2024-43167 Twistlock CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-7264 Twistlock CVE Low curl-7.61.1-34.el8_10.2
CVE-2024-7264 Twistlock CVE Low libcurl-7.61.1-34.el8_10.2
CVE-2023-2953 Twistlock CVE Low openldap-2.4.46-19.el8_10
CVE-2024-45490 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2024-6232 Twistlock CVE Medium python3-libs-3.6.8-62.el8_10
CVE-2024-6232 Twistlock CVE Medium platform-python-3.6.8-62.el8_10
CVE-2024-45310 Twistlock CVE Low github.com/opencontainers/runc-v1.1.12
CVE-2024-45491 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2024-45492 Twistlock CVE Medium expat-2.2.5-13.el8_10
CVE-2024-34156 Twistlock CVE Low encoding/gob-1.22.5
CVE-2024-7592 Twistlock CVE Low python3-libs-3.6.8-62.el8_10
CVE-2024-7592 Twistlock CVE Low platform-python-3.6.8-62.el8_10
CVE-2023-7256 Twistlock CVE Medium libpcap-1.9.1-5.el8
CVE-2024-7531 Anchore CVE Low nss-sysinit-3.101.0-7.el8_8
CVE-2024-6602 Anchore CVE Medium nss-softokn-freebl-3.101.0-7.el8_8
CVE-2024-6602 Anchore CVE Medium nss-util-3.101.0-7.el8_8
CVE-2024-7531 Anchore CVE Low nss-3.101.0-7.el8_8
CVE-2024-7531 Anchore CVE Low nss-softokn-freebl-3.101.0-7.el8_8
CVE-2024-6602 Anchore CVE Medium nss-softokn-3.101.0-7.el8_8
CVE-2024-6602 Anchore CVE Medium nss-3.101.0-7.el8_8
CVE-2024-7531 Anchore CVE Low nss-softokn-3.101.0-7.el8_8
CVE-2024-6602 Anchore CVE Medium nss-sysinit-3.101.0-7.el8_8
CVE-2024-7531 Anchore CVE Low nss-util-3.101.0-7.el8_8
CCE-86106-2 OSCAP Compliance Medium
CVE-2024-7531 Twistlock CVE Low nss-3.101.0-7.el8_8
CVE-2024-7531 Twistlock CVE Low nss-softokn-3.101.0-7.el8_8
CVE-2024-7531 Twistlock CVE Low nss-sysinit-3.101.0-7.el8_8
CVE-2024-7531 Twistlock CVE Low nss-util-3.101.0-7.el8_8
CVE-2024-7531 Twistlock CVE Low nss-softokn-freebl-3.101.0-7.el8_8

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=hashicorp/boundary&tag=0.15.5&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI