chore(findings): indrasoft/vauban/vauban-data-mediator
Summary
indrasoft/vauban/vauban-data-mediator has 111 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2023-22832 | Twistlock CVE | High | org.apache.nifi_nifi-framework-core-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-hashicorp-vault-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-cipher-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-deprecation-log-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-encryptor-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-hashicorp-vault-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-uuid5-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-stateless-bootstrap-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-shared-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-single-user-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-properties-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-expression-language-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-parameter-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-bootstrap-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-factory-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-flow-encryptor-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-xml-processing-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-properties-loader-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-utils-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-aws-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-server-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-gcp-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-azure-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-hashicorp-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-bootstrap-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-stateless-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-loader-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-runtime-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-nar-utils-1.19.1 |
CVE-2007-4559 | Anchore CVE | Medium | python-3.11.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-site-to-site-client-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-properties-loader-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-azure-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-shared-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-nar-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-cipher-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-repository-encryption-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-kerberos-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-utils-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-flow-encryptor-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-user-actions-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-documentation-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-hashicorp-vault-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-data-provenance-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-core-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-registry-client-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-registry-properties-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-aws-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-socket-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-gcp-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-client-dto-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-hashicorp-vault-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-site-to-site-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-factory-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-cluster-protocol-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-toolkit-tls-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-toolkit-encrypt-config-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-toolkit-zookeeper-migrator-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-core-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-toolkit-flowanalyzer-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-registry-flow-diff-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-external-resource-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-kms-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-uuid5-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-properties-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-runtime-manifest-core-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-web-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-repository-models-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-administration-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-loader-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-registry-security-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-authorization-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-ssl-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-toolkit-cli-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-extension-manifest-model-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-authorizer-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-registry-data-model-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-registry-revision-entity-model-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-write-ahead-log-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-logging-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-h2-database-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-schema-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-web-security-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-deprecation-log-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-toolkit-s2s-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-toolkit-admin-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-kerberos-api-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-parameter-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-external-resource-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-encryptor-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-authorization-providers-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-extension-manifest-parser-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-expression-language-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-security-utils-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-xml-processing-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-h2-database-migrator-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-flowfile-repo-serialization-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-framework-components-1.19.1 |
CVE-2023-22832 | Anchore CVE | High | nifi-property-protection-hashicorp-1.19.1 |
VAT: https://vat.dso.mil/vat/image?imageName=indrasoft/vauban/vauban-data-mediator&tag=1.0.5&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/indrasoft/vauban/vauban-data-mediator/-/jobs/19309041
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.