chore(findings): ibv/collaboard/cb-migration
Summary
ibv/collaboard/cb-migration has 36 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2024-26462 | Anchore CVE | Medium | libkrb5support0-1.17-6ubuntu4.4 |
GHSA-5f2m-466j-3848 | Anchore CVE | High | System.Private.Uri-4.3.0 |
CVE-2024-26462 | Anchore CVE | Medium | krb5-locales-1.17-6ubuntu4.4 |
CVE-2024-26462 | Anchore CVE | Medium | libgssapi-krb5-2-1.17-6ubuntu4.4 |
CVE-2024-26458 | Anchore CVE | Medium | libkrb5support0-1.17-6ubuntu4.4 |
GHSA-555c-2p6r-68mm | Anchore CVE | High | System.Security.Cryptography.Pkcs-6.0.0 |
CVE-2024-26458 | Anchore CVE | Medium | krb5-locales-1.17-6ubuntu4.4 |
CVE-2024-26458 | Anchore CVE | Medium | libgssapi-krb5-2-1.17-6ubuntu4.4 |
GHSA-x674-v45j-fwxw | Anchore CVE | Low | Microsoft.Identity.Client-4.56.0 |
CVE-2024-26461 | Anchore CVE | Medium | krb5-locales-1.17-6ubuntu4.4 |
CVE-2024-26462 | Anchore CVE | Medium | libkrb5-3-1.17-6ubuntu4.4 |
CVE-2024-26461 | Anchore CVE | Medium | libkrb5support0-1.17-6ubuntu4.4 |
GHSA-x5qj-9vmx-7g6g | Anchore CVE | Medium | System.Private.Uri-4.3.0 |
GHSA-wvxc-855f-jvrv | Anchore CVE | Medium | Azure.Identity-1.10.3 |
CVE-2024-26461 | Anchore CVE | Medium | libkrb5-3-1.17-6ubuntu4.4 |
CVE-2024-26462 | Anchore CVE | Medium | libk5crypto3-1.17-6ubuntu4.4 |
GHSA-x674-v45j-fwxw | Anchore CVE | Low | Microsoft.Identity.Client-4.56.0.0 |
CVE-2024-26458 | Anchore CVE | Medium | libkrb5-3-1.17-6ubuntu4.4 |
CVE-2024-26458 | Anchore CVE | Medium | libk5crypto3-1.17-6ubuntu4.4 |
GHSA-xhfc-gr8f-ffwc | Anchore CVE | High | System.Private.Uri-4.3.0 |
GHSA-vh55-786g-wjwj | Anchore CVE | Medium | System.Security.Cryptography.Xml-4.5.0 |
CVE-2024-26461 | Anchore CVE | Medium | libgssapi-krb5-2-1.17-6ubuntu4.4 |
CVE-2024-26461 | Anchore CVE | Medium | libk5crypto3-1.17-6ubuntu4.4 |
xccdf_org.ssgproject.content_rule_permissions_local_var_log | OSCAP Compliance | Medium | |
CVE-2023-29331 | Twistlock CVE | High | system.security.cryptography.pkcs-6.0.0 |
CVE-2019-0981 | Twistlock CVE | High | system.private.uri-4.3.0 |
CVE-2019-0980 | Twistlock CVE | High | system.private.uri-4.3.0 |
CVE-2022-34716 | Twistlock CVE | Medium | system.security.cryptography.xml-4.5.0 |
CVE-2019-0657 | Twistlock CVE | Medium | system.private.uri-4.3.0 |
CVE-2024-29992 | Twistlock CVE | Medium | azure.identity-1.10.3 |
CVE-2024-26462 | Twistlock CVE | Medium | krb5-1.17-6ubuntu4.4 |
CVE-2024-27086 | Twistlock CVE | Low | microsoft.identity.client-4.56.0 |
CVE-2024-26461 | Twistlock CVE | Low | krb5-1.17-6ubuntu4.4 |
CVE-2024-26458 | Twistlock CVE | Low | krb5-1.17-6ubuntu4.4 |
CVE-2024-4741 | Twistlock CVE | Low | openssl-1.1.1f-1ubuntu2.22 |
CVE-2024-2511 | Twistlock CVE | Low | openssl-1.1.1f-1ubuntu2.22 |
VAT: https://vat.dso.mil/vat/image?imageName=ibv/collaboard/cb-migration&tag=6.4.2&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=ibv/collaboard/cb-migration&tag=6.3.2&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.