chore(findings): hashicorp/secure-secrets-management/vault-enterprise
Summary
hashicorp/secure-secrets-management/vault-enterprise has 115 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
addbb93c22e9b0988b8b40392a4538cb | anchore_comp | Low | |
CCE-80809-7 | oscap_comp | Medium | |
CCE-85987-6 | oscap_comp | Medium | |
CCE-86519-6 | oscap_comp | Medium | |
CVE-2015-20107 | anchore_cve | Medium | platform-python-3.6.8-45.el8 |
CVE-2015-20107 | twistlock_cve | Medium | platform-python-3.6.8-45.el8 |
CVE-2015-20107 | anchore_cve | Medium | python3-libs-3.6.8-45.el8 |
CVE-2015-20107 | twistlock_cve | Medium | python3-libs-3.6.8-45.el8 |
CVE-2015-5237 | anchore_cve | High | google.golang.org/protobuf-v1.27.1 |
CVE-2016-4658 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2016-5131 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2017-0663 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2017-15412 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2017-18258 | twistlock_cve | Low | python3-libxml2-2.9.7-13.el8 |
CVE-2017-7375 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2017-9047 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2017-9048 | twistlock_cve | Low | python3-libxml2-2.9.7-13.el8 |
CVE-2017-9049 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2017-9050 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2018-17572 | twistlock_cve | Medium | github.com/influxdata/influxdb-v0.0.0-20190411212539-d24b7ba8c4c4 |
CVE-2018-17572 | anchore_cve | Medium | github.com/influxdata/influxdb-v0.0.0-20190411212539-d24b7ba8c4c4 |
CVE-2019-10743 | twistlock_cve | Medium | github.com/mholt/archiver-v3.1.1 |
CVE-2019-20933 | anchore_cve | Critical | github.com/influxdata/influxdb-v0.0.0-20190411212539-d24b7ba8c4c4 |
CVE-2020-7218 | anchore_cve | High | github.com/hashicorp/nomad/api-v0.0.0-20211006193434-215bf04bc650 |
CVE-2020-7956 | anchore_cve | Critical | github.com/hashicorp/nomad/api-v0.0.0-20211006193434-215bf04bc650 |
CVE-2020-8929 | anchore_cve | Medium | github.com/google/tink/go-v1.4.0 |
CVE-2021-22570 | anchore_cve | High | google.golang.org/protobuf-v1.27.1 |
CVE-2021-32575 | anchore_cve | Medium | github.com/hashicorp/nomad/api-v0.0.0-20211006193434-215bf04bc650 |
CVE-2021-3283 | anchore_cve | High | github.com/hashicorp/nomad/api-v0.0.0-20211006193434-215bf04bc650 |
CVE-2021-35937 | anchore_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35937 | twistlock_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35937 | anchore_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35937 | twistlock_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35937 | anchore_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35937 | twistlock_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35937 | anchore_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35937 | twistlock_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35938 | anchore_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35938 | anchore_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35938 | anchore_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35938 | anchore_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35938 | twistlock_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35939 | twistlock_cve | Medium | python3-rpm-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35939 | twistlock_cve | Medium | rpm-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35939 | twistlock_cve | Medium | rpm-build-libs-4.14.3-23.el8 |
CVE-2021-35939 | anchore_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-35939 | twistlock_cve | Medium | rpm-libs-4.14.3-23.el8 |
CVE-2021-37218 | anchore_cve | High | github.com/hashicorp/nomad/api-v0.0.0-20211006193434-215bf04bc650 |
CVE-2021-3733 | twistlock_cve | Medium | platform-python-3.6.8-45.el8 |
CVE-2021-3733 | twistlock_cve | Medium | python3-libs-3.6.8-45.el8 |
CVE-2021-43529 | anchore_cve | Critical | nss-3.67.0-7.el8_5 |
CVE-2021-43529 | anchore_cve | Critical | nss-softokn-3.67.0-7.el8_5 |
CVE-2021-43529 | anchore_cve | Critical | nss-softokn-freebl-3.67.0-7.el8_5 |
CVE-2021-43529 | anchore_cve | Critical | nss-sysinit-3.67.0-7.el8_5 |
CVE-2021-43529 | anchore_cve | Critical | nss-util-3.67.0-7.el8_5 |
CVE-2021-44568 | anchore_cve | Low | libsolv-0.7.20-1.el8 |
CVE-2021-44568 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44569 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44570 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44571 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44573 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44574 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44575 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44576 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2021-44577 | twistlock_cve | Medium | libsolv-0.7.20-1.el8 |
CVE-2022-0235 | twistlock_cve | Medium | dnf-plugin-subscription-manager-1.28.29-3.el8 |
CVE-2022-0391 | anchore_cve | Medium | platform-python-3.6.8-45.el8 |
CVE-2022-0391 | twistlock_cve | Medium | platform-python-3.6.8-45.el8 |
CVE-2022-0391 | anchore_cve | Medium | python3-libs-3.6.8-45.el8 |
CVE-2022-0391 | twistlock_cve | Medium | python3-libs-3.6.8-45.el8 |
CVE-2022-1304 | anchore_cve | Medium | libcom_err-1.45.6-4.el8 |
CVE-2022-1304 | twistlock_cve | Medium | libcom_err-1.45.6-4.el8 |
CVE-2022-1434 | twistlock_cve | Medium | openssl-1.1.1k-6.el8_5 |
CVE-2022-1434 | twistlock_cve | Medium | openssl-libs-1.1.1k-6.el8_5 |
CVE-2022-1621 | anchore_cve | Medium | vim-minimal-2:8.0.1763-16.el8_5.13 |
CVE-2022-1621 | twistlock_cve | Medium | vim-minimal-8.0.1763-16.el8_5.13 |
CVE-2022-1629 | anchore_cve | Medium | vim-minimal-2:8.0.1763-16.el8_5.13 |
CVE-2022-1629 | twistlock_cve | Medium | vim-minimal-8.0.1763-16.el8_5.13 |
CVE-2022-1733 | twistlock_cve | Low | vim-minimal-8.0.1763-16.el8_5.13 |
CVE-2022-1735 | twistlock_cve | Low | vim-minimal-8.0.1763-16.el8_5.13 |
CVE-2022-1769 | twistlock_cve | Low | vim-minimal-8.0.1763-16.el8_5.13 |
CVE-2022-1771 | twistlock_cve | Low | vim-minimal-8.0.1763-16.el8_5.13 |
CVE-2022-21698 | anchore_cve | High | github.com/prometheus/client_golang-v1.11.0 |
CVE-2022-23772 | twistlock_cve | High | go-1.17.5 |
CVE-2022-23773 | twistlock_cve | High | go-1.17.5 |
CVE-2022-23806 | twistlock_cve | Critical | go-1.17.5 |
CVE-2022-24675 | twistlock_cve | High | go-1.17.5 |
CVE-2022-24687 | anchore_cve | Medium | github.com/hashicorp/consul/api-v1.11.0 |
CVE-2022-24921 | twistlock_cve | High | go-1.17.5 |
CVE-2022-25313 | anchore_cve | Medium | expat-2.2.5-8.el8 |
CVE-2022-25313 | twistlock_cve | Medium | expat-2.2.5-8.el8 |
CVE-2022-25314 | anchore_cve | Medium | expat-2.2.5-8.el8 |
CVE-2022-25314 | twistlock_cve | Medium | expat-2.2.5-8.el8 |
CVE-2022-27782 | anchore_cve | Medium | curl-7.61.1-22.el8 |
CVE-2022-27782 | twistlock_cve | Medium | curl-7.61.1-22.el8 |
CVE-2022-27782 | anchore_cve | Medium | libcurl-7.61.1-22.el8 |
CVE-2022-27782 | twistlock_cve | Medium | libcurl-7.61.1-22.el8 |
CVE-2022-27943 | twistlock_cve | Medium | libgcc-8.5.0-10.el8 |
CVE-2022-27943 | twistlock_cve | Medium | libstdc++-8.5.0-10.el8 |
CVE-2022-28327 | twistlock_cve | High | go-1.17.5 |
CVE-2022-29153 | anchore_cve | High | github.com/hashicorp/consul/api-v1.11.0 |
CVE-2022-29824 | anchore_cve | Medium | libxml2-2.9.7-13.el8 |
CVE-2022-29824 | twistlock_cve | Medium | libxml2-2.9.7-13.el8 |
CVE-2022-29824 | anchore_cve | Medium | python3-libxml2-2.9.7-13.el8 |
CVE-2022-29824 | twistlock_cve | Medium | python3-libxml2-2.9.7-13.el8 |
GHSA-25xm-hr59-7c27 | anchore_cve | High | github.com/ulikunitz/xz-v0.5.6 |
GHSA-q6gq-997w-f55g | anchore_cve | High | github.com/ulikunitz/xz-v0.5.6 |
CVE-2022-25244 | twistlock_cve | Medium | vault-1.9.3 |
CVE-2022-25243 | twistlock_cve | Medium | vault-1.9.3 |
VAT: https://vat.dso.mil/vat/container/17903?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/hashicorp/secure-secrets-management/vault-enterprise/-/jobs/12266141
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.