chore(findings): indrasoft/vauban/vauban-data-mediator

Summary

indrasoft/vauban/vauban-data-mediator has 27 new findings discovered during continuous monitoring.

id	source	package
CVE-2021-34429	twistlock_cve	org.eclipse.jetty_jetty-io-9.4.38.v20210224
CCE-80788-3	oscap_comp	Uninherited
CCE-83478-8	oscap_comp	Uninherited
CCE-83480-4	oscap_comp	Uninherited
CCE-80668-7	oscap_comp	Uninherited
CCE-80654-7	oscap_comp	Uninherited
CCE-82046-4	oscap_comp	Uninherited
CCE-80656-2	oscap_comp	Uninherited
CCE-80647-1	oscap_comp	Uninherited
CCE-80648-9	oscap_comp	Uninherited
CCE-80652-1	oscap_comp	Uninherited
CCE-84037-1	oscap_comp	Uninherited
CCE-81036-6	oscap_comp	Uninherited
CCE-82888-9	oscap_comp	Uninherited
CCE-80783-4	oscap_comp	Uninherited
CCE-86519-6	oscap_comp	Uninherited
CVE-2019-13117	twistlock_cve	libxslt-1.1.32-6.el8
CVE-2019-13118	twistlock_cve	libxslt-1.1.32-6.el8
CVE-2016-4607	twistlock_cve	libxslt-1.1.32-6.el8
CVE-2018-1121	twistlock_cve	procps-ng-3.3.15-6.el8
CVE-2021-35515	twistlock_cve	org.apache.commons_commons-compress-1.20
CVE-2021-36090	twistlock_cve	org.apache.commons_commons-compress-1.20
CVE-2021-35516	twistlock_cve	org.apache.commons_commons-compress-1.20
CVE-2021-35517	twistlock_cve	org.apache.commons_commons-compress-1.20
CVE-2020-13936	twistlock_cve	org.apache.velocity_velocity-engine-core-2.0
CVE-2021-37136	twistlock_cve	io.netty_netty-codec-4.1.42.Final
CVE-2021-37137	twistlock_cve	io.netty_netty-codec-4.1.42.Final

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/indrasoft/vauban/vauban-data-mediator/-/jobs/7861406

Definition of Done

Justifications:

• All findings have been justified
• Justifications have been provided to the container hardening team

Approval Process:

• Findings Approver has reviewed and approved all justifications
• Approval request has been sent to Authorizing Official
• Approval request has been processed by Authorizing Official