chore(findings): hashicorp/boundary

Summary

hashicorp/boundary has 121 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9:9.5 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=hashicorp/boundary&tag=0.19.3&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id	source	severity	package	epss_score	kev
CVE-2024-1931	Anchore CVE	Medium	unbound-libs-1.16.2-18.el9_6	0.06753	false
CVE-2024-56433	Anchore CVE	Medium	shadow-utils-2:4.9-12.el9	0.02872	false
CVE-2024-33655	Anchore CVE	Low	unbound-libs-1.16.2-18.el9_6	0.02839	false
CVE-2023-2953	Anchore CVE	Low	openldap-2.6.8-4.el9	0.01417	false
CVE-2024-52533	Twistlock CVE	Medium	glib2-2.68.4-16.el9	0.00719	false
CVE-2024-52533	Anchore CVE	Medium	glib2-2.68.4-16.el9	0.00719	false
CVE-2024-0397	Anchore CVE	Low	python3-3.9.21-2.el9_6.1	0.00393	false
CVE-2024-0397	Anchore CVE	Low	python3-libs-3.9.21-2.el9_6.1	0.00393	false
CVE-2024-7592	Twistlock CVE	Low	python3.9-3.9.21-2.el9_6.1	0.00325	false
CVE-2024-7592	Anchore CVE	Low	python3-libs-3.9.21-2.el9_6.1	0.00325	false
CVE-2024-7592	Anchore CVE	Low	python3-3.9.21-2.el9_6.1	0.00325	false
CVE-2025-1795	Anchore CVE	Low	python3-3.9.21-2.el9_6.1	0.00231	false
CVE-2025-1795	Anchore CVE	Low	python3-libs-3.9.21-2.el9_6.1	0.00231	false
CVE-2022-0529	Twistlock CVE	Low	unzip-6.0-58.el9_5	0.00203	false
CVE-2022-0529	Anchore CVE	Low	unzip-6.0-58.el9_5	0.00203	false
CVE-2024-34459	Anchore CVE	Low	libxml2-2.9.13-10.el9_6	0.00158	false
CVE-2021-4217	Twistlock CVE	Low	unzip-6.0-58.el9_5	0.00134	false
CVE-2021-4217	Anchore CVE	Low	unzip-6.0-58.el9_5	0.00134	false
CVE-2025-1632	Twistlock CVE	Low	libarchive-3.5.3-5.el9_6	0.00126	false
CVE-2025-1632	Anchore CVE	Low	libarchive-3.5.3-5.el9_6	0.00126	false
CVE-2025-1153	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00118	false
CVE-2025-1153	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00118	false
CVE-2021-45941	Twistlock CVE	Medium	libbpf-1.5.0-1.el9	0.00117	false
CVE-2021-45941	Anchore CVE	Medium	libbpf-2:1.5.0-1.el9	0.00117	false
CVE-2021-45940	Twistlock CVE	Medium	libbpf-1.5.0-1.el9	0.00117	false
CVE-2021-45940	Anchore CVE	Low	libbpf-2:1.5.0-1.el9	0.00117	false
CVE-2022-0530	Twistlock CVE	Low	unzip-6.0-58.el9_5	0.00092	false
CVE-2022-0530	Anchore CVE	Low	unzip-6.0-58.el9_5	0.00092	false
CVE-2025-1377	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00083	false
CVE-2025-1377	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00083	false
CVE-2025-1377	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00083	false
CVE-2025-1377	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00083	false
CVE-2025-3360	Twistlock CVE	Low	glib2-2.68.4-16.el9	0.00079	false
CVE-2025-3360	Anchore CVE	Low	glib2-2.68.4-16.el9	0.00079	false
CVE-2025-27113	Anchore CVE	Low	libxml2-2.9.13-10.el9_6	0.00069	false
CVE-2025-6069	Twistlock CVE	Medium	python3.9-3.9.21-2.el9_6.1	0.00067	false
CVE-2025-6069	Anchore CVE	Medium	python3-3.9.21-2.el9_6.1	0.00067	false
CVE-2025-6069	Anchore CVE	Medium	python3-libs-3.9.21-2.el9_6.1	0.00067	false
CVE-2025-1376	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00061	false
CVE-2025-1376	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00061	false
CVE-2025-1376	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00061	false
CVE-2025-1376	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00061	false
CVE-2025-4373	Twistlock CVE	Medium	glib2-2.68.4-16.el9	0.00056	false
CVE-2025-4373	Anchore CVE	Medium	glib2-2.68.4-16.el9	0.00056	false
CVE-2025-1152	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00056	false
CVE-2025-1152	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00056	false
CVE-2025-1150	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00056	false
CVE-2025-1150	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00056	false
CVE-2025-1151	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00051	false
CVE-2025-1151	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00051	false
CVE-2024-57360	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00041	false
CVE-2024-57360	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00041	false
CVE-2025-5914	Twistlock CVE	Low	libarchive-3.5.3-5.el9_6	0.00034	false
CVE-2025-5914	Anchore CVE	Low	libarchive-3.5.3-5.el9_6	0.00034	false
CVE-2025-1371	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00034	false
CVE-2025-1371	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00034	false
CVE-2025-1371	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00034	false
CVE-2025-1371	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00034	false
CVE-2024-43167	Anchore CVE	Low	unbound-libs-1.16.2-18.el9_6	0.00032	false
CVE-2024-43168	Anchore CVE	Low	unbound-libs-1.16.2-18.el9_6	0.00031	false
CVE-2025-32415	Twistlock CVE	Medium	libxml2-2.9.13-10.el9_6	0.00027	false
CVE-2025-32415	Anchore CVE	Medium	libxml2-2.9.13-10.el9_6	0.00027	false
CVE-2025-4516	Twistlock CVE	Medium	python3.9-3.9.21-2.el9_6.1	0.00020	false
CVE-2025-4516	Anchore CVE	Medium	python3-libs-3.9.21-2.el9_6.1	0.00020	false
CVE-2025-4516	Anchore CVE	Medium	python3-3.9.21-2.el9_6.1	0.00020	false
CVE-2025-5245	Twistlock CVE	Medium	gdb-14.2-4.1.el9_6	0.00019	false
CVE-2025-5245	Anchore CVE	Medium	gdb-gdbserver-14.2-4.1.el9_6	0.00019	false
CVE-2025-32414	Anchore CVE	Medium	libxml2-2.9.13-10.el9_6	0.00017	false
CVE-2025-3198	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00016	false
CVE-2025-3198	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00016	false
CVE-2025-5918	Twistlock CVE	Low	libarchive-3.5.3-5.el9_6	0.00015	false
CVE-2025-5918	Anchore CVE	Low	libarchive-3.5.3-5.el9_6	0.00015	false
CVE-2025-5916	Twistlock CVE	Low	libarchive-3.5.3-5.el9_6	0.00015	false
CVE-2025-5916	Anchore CVE	Low	libarchive-3.5.3-5.el9_6	0.00015	false
CVE-2025-5278	Twistlock CVE	Medium	coreutils-8.32-39.el9	0.00015	false
CVE-2025-5278	Anchore CVE	Medium	coreutils-single-8.32-39.el9	0.00015	false
CVE-2025-6170	Twistlock CVE	Low	libxml2-2.9.13-10.el9_6	0.00014	false
CVE-2025-6170	Anchore CVE	Low	libxml2-2.9.13-10.el9_6	0.00014	false
CVE-2024-25260	Twistlock CVE	Low	elfutils-0.192-6.el9_6	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libs-0.192-6.el9_6	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-default-yama-scope-0.192-6.el9_6	0.00014	false
CVE-2024-25260	Anchore CVE	Low	elfutils-libelf-0.192-6.el9_6	0.00014	false
CVE-2025-5917	Twistlock CVE	Low	libarchive-3.5.3-5.el9_6	0.00013	false
CVE-2025-5917	Anchore CVE	Low	libarchive-3.5.3-5.el9_6	0.00013	false
CVE-2025-5915	Twistlock CVE	Low	libarchive-3.5.3-5.el9_6	0.00013	false
CVE-2025-5915	Anchore CVE	Low	libarchive-3.5.3-5.el9_6	0.00013	false
CVE-2025-4598	Twistlock CVE	Medium	systemd-252-51.el9_6.1	0.00013	false
CVE-2025-4598	Anchore CVE	Medium	systemd-rpm-macros-252-51.el9_6.1	0.00013	false
CVE-2025-4598	Anchore CVE	Medium	systemd-252-51.el9_6.1	0.00013	false
CVE-2025-4598	Anchore CVE	Medium	systemd-pam-252-51.el9_6.1	0.00013	false
CVE-2025-4598	Anchore CVE	Medium	systemd-libs-252-51.el9_6.1	0.00013	false
CVE-2023-30571	Twistlock CVE	Medium	libarchive-3.5.3-5.el9_6	0.00013	false
CVE-2023-30571	Anchore CVE	Medium	libarchive-3.5.3-5.el9_6	0.00013	false
CVE-2022-47011	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00009	false
CVE-2022-47011	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00009	false
CVE-2022-47010	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00009	false
CVE-2022-47010	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00009	false
CVE-2022-47007	Twistlock CVE	Low	gdb-14.2-4.1.el9_6	0.00009	false
CVE-2022-47007	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	0.00009	false
CVE-2022-3606	Twistlock CVE	Low	libbpf-1.5.0-1.el9	0.00009	false
CVE-2022-3606	Anchore CVE	Low	libbpf-2:1.5.0-1.el9	0.00009	false
CVE-2025-6395	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	N/A	false
CVE-2025-6395	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	N/A	false
CVE-2025-32990	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	N/A	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-32990	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	N/A	false
CVE-2025-32989	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	N/A	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	N/A	false
CVE-2025-32989	Anchore CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-32988	Twistlock CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-utils-3.8.3-6.el9	N/A	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-3.8.3-6.el9	N/A	false
CVE-2025-32988	Anchore CVE	Medium	gnutls-dane-3.8.3-6.el9	N/A	false
CVE-2023-2222	Anchore CVE	Low	gdb-gdbserver-14.2-4.1.el9_6	N/A	false
e07d84b039b0e6fcea42fbda1d378647	Anchore Compliance	Critical		N/A	N/A
b18c88ddeab24abfb92ae2ccddb0b022	Anchore Compliance	Critical		N/A	N/A
addbb93c22e9b0988b8b40392a4538cb	Anchore Compliance	Low		N/A	N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=hashicorp/boundary&tag=0.19.3&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Jul 11, 2025 by CHORE_TOKEN

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information