chore(findings): ironbank-pipelines/oscap-podman

Summary

ironbank-pipelines/oscap-podman has 164 new findings discovered during continuous monitoring.

id	source	severity	package
85567da27ab943cdfb6f54ec28a6fb7d	Anchore Compliance	Critical
e07d84b039b0e6fcea42fbda1d378647	Anchore Compliance	Critical
addbb93c22e9b0988b8b40392a4538cb	Anchore Compliance	Low
b18c88ddeab24abfb92ae2ccddb0b022	Anchore Compliance	Critical
32018e242b2672ea73079a76f6c7cc06	Anchore Compliance	Critical
3586a2452876996feb1aa2373ecfb7b4	Anchore Compliance	Critical
074244acba2da21079cc7bf23bc0c58e	Anchore Compliance	Critical
CVE-2021-35937	Anchore CVE	Medium	rpm-sign-libs-4.16.1.3-25.el9
GHSA-v845-jxx5-vc9f	Anchore CVE	Medium	urllib3-1.26.16
CVE-2023-3817	Anchore CVE	Low	openssl-1:3.0.7-24.el9
CVE-2021-22925	Anchore CVE	Low	libcurl-minimal-7.76.1-26.el9_3.2
CVE-2021-35938	Anchore CVE	Medium	rpm-plugin-systemd-inhibit-4.16.1.3-25.el9
CVE-2023-24593	Anchore CVE	Low	glib2-2.68.4-11.el9
CVE-2021-3997	Anchore CVE	Medium	systemd-252-18.el9
CVE-2023-29383	Anchore CVE	Medium	util-linux-2.37.4-15.el9
GHSA-cwvm-v4w8-q58c	Anchore CVE	Medium	GitPython-3.1.32
CVE-2023-37920	Anchore CVE	Low	ca-certificates-2023.2.60_v7.0.306-90.1.el9_2
CVE-2022-48566	Anchore CVE	Medium	python3-3.9.18-1.el9_3
CVE-2023-5156	Anchore CVE	Medium	glibc-minimal-langpack-2.34-83.el9_3.7
CVE-2021-44568	Anchore CVE	Low	libsolv-0.7.24-2.el9
CVE-2020-19187	Anchore CVE	Medium	ncurses-libs-6.2-10.20210508.el9
CVE-2023-2975	Anchore CVE	Low	openssl-1:3.0.7-24.el9
CVE-2023-25180	Anchore CVE	Low	glib2-2.68.4-11.el9
CVE-2023-5678	Anchore CVE	Low	openssl-1:3.0.7-24.el9
CVE-2023-3817	Anchore CVE	Low	openssl-libs-1:3.0.7-24.el9
CVE-2023-0687	Anchore CVE	Medium	glibc-common-2.34-83.el9_3.7
CVE-2022-48565	Anchore CVE	Medium	python3-libs-3.9.18-1.el9_3
CVE-2023-29383	Anchore CVE	Medium	libfdisk-2.37.4-15.el9
CVE-2023-40217	Anchore CVE	Medium	python-3.11.4
CVE-2023-0687	Anchore CVE	Medium	glibc-2.34-83.el9_3.7
CVE-2021-35939	Anchore CVE	Medium	rpm-plugin-systemd-inhibit-4.16.1.3-25.el9
CVE-2021-35938	Anchore CVE	Medium	rpm-4.16.1.3-25.el9
CVE-2020-19185	Anchore CVE	Medium	ncurses-libs-6.2-10.20210508.el9
CVE-2023-39322	Anchore CVE	Medium	conmon-2:2.1.8-1.el9
CVE-2020-19186	Anchore CVE	Medium	ncurses-libs-6.2-10.20210508.el9
CVE-2022-47673	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2023-45853	Anchore CVE	Medium	zlib-1.2.11-40.el9
CVE-2023-28320	Anchore CVE	Low	libcurl-minimal-7.76.1-26.el9_3.2
CVE-2023-2222	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2023-5363	Anchore CVE	Medium	openssl-libs-1:3.0.7-24.el9
CVE-2020-19190	Anchore CVE	Medium	ncurses-base-6.2-10.20210508.el9
CVE-2022-47010	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2023-2953	Anchore CVE	Low	openldap-compat-2.6.3-1.el9
CVE-2023-28320	Anchore CVE	Low	curl-minimal-7.76.1-26.el9_3.2
CVE-2023-29383	Anchore CVE	Medium	libuuid-2.37.4-15.el9
CVE-2023-2953	Anchore CVE	Low	openldap-2.6.3-1.el9
CVE-2021-3997	Anchore CVE	Medium	systemd-libs-252-18.el9
CVE-2021-35939	Anchore CVE	Medium	rpm-build-libs-4.16.1.3-25.el9
CVE-2020-19188	Anchore CVE	Medium	ncurses-base-6.2-10.20210508.el9
CVE-2021-4217	Anchore CVE	Low	unzip-6.0-56.el9
CVE-2021-35937	Anchore CVE	Medium	rpm-4.16.1.3-25.el9
CVE-2023-0687	Anchore CVE	Medium	glibc-langpack-en-2.34-83.el9_3.7
CVE-2023-2975	Anchore CVE	Low	openssl-libs-1:3.0.7-24.el9
CVE-2023-4039	Anchore CVE	Medium	libgcc-11.4.1-2.1.el9
GHSA-g4mx-q9vg-27p4	Anchore CVE	Medium	urllib3-1.26.16
CVE-2022-48566	Anchore CVE	Medium	python3-libs-3.9.18-1.el9_3
CVE-2021-23336	Anchore CVE	Medium	python3-libs-3.9.18-1.el9_3
CVE-2020-19187	Anchore CVE	Medium	ncurses-base-6.2-10.20210508.el9
CVE-2021-23840	Anchore CVE	Medium	openssl-libs-1:3.0.7-24.el9
CVE-2022-47695	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2020-19726	Anchore CVE	Medium	gdb-gdbserver-10.2-11.el9
CVE-2023-32636	Anchore CVE	Low	glib2-2.68.4-11.el9
CVE-2021-32256	Anchore CVE	Medium	gdb-gdbserver-10.2-11.el9
CVE-2022-45703	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2023-39319	Anchore CVE	Medium	podman-2:4.6.1-5.el9
CVE-2021-3997	Anchore CVE	Medium	systemd-pam-252-18.el9
CVE-2022-47011	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2023-39322	Anchore CVE	Medium	podman-2:4.6.1-5.el9
CVE-2020-19189	Anchore CVE	Medium	ncurses-base-6.2-10.20210508.el9
CVE-2022-0391	Anchore CVE	Medium	python3-3.9.18-1.el9_3
CVE-2023-4039	Anchore CVE	Medium	libstdc++-11.4.1-2.1.el9
CVE-2023-5156	Anchore CVE	Medium	glibc-2.34-83.el9_3.7
CVE-2020-19189	Anchore CVE	Medium	ncurses-libs-6.2-10.20210508.el9
CVE-2022-24795	Anchore CVE	Medium	yajl-2.1.0-22.el9
CVE-2022-48554	Anchore CVE	Low	file-libs-5.39-14.el9
CVE-2023-5981	Anchore CVE	Medium	gnutls-3.7.6-23.el9
GHSA-mq26-g339-26xf	Anchore CVE	Medium	pip-23.2.1
CVE-2023-27043	Anchore CVE	Medium	python3-libs-3.9.18-1.el9_3
CVE-2018-20225	Anchore CVE	High	pip-23.3.1
CVE-2020-19190	Anchore CVE	Medium	ncurses-libs-6.2-10.20210508.el9
CVE-2021-22925	Anchore CVE	Low	curl-minimal-7.76.1-26.el9_3.2
CVE-2023-29383	Anchore CVE	Medium	libblkid-2.37.4-15.el9
CVE-2020-35342	Anchore CVE	Medium	gdb-gdbserver-10.2-11.el9
CVE-2023-29383	Anchore CVE	Medium	libsmartcols-2.37.4-15.el9
CVE-2021-41190	Anchore CVE	Low	podman-2:4.6.1-5.el9
CVE-2021-35938	Anchore CVE	Medium	rpm-sign-libs-4.16.1.3-25.el9
CVE-2021-46174	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2021-35937	Anchore CVE	Medium	rpm-libs-4.16.1.3-25.el9
CVE-2023-39615	Anchore CVE	Medium	libxml2-2.9.13-4.el9
CVE-2022-30631	Anchore CVE	Medium	podman-2:4.6.1-5.el9
CVE-2021-35937	Anchore CVE	Medium	rpm-plugin-systemd-inhibit-4.16.1.3-25.el9
GHSA-r9hx-vwmv-q579	Anchore CVE	High	setuptools-65.5.0
CVE-2023-5156	Anchore CVE	Medium	glibc-common-2.34-83.el9_3.7
CVE-2021-27212	Anchore CVE	Medium	openldap-2.6.3-1.el9
CVE-2021-3997	Anchore CVE	Medium	systemd-rpm-macros-252-18.el9
CVE-2023-29383	Anchore CVE	Medium	libmount-2.37.4-15.el9
CVE-2022-0391	Anchore CVE	Medium	python3-libs-3.9.18-1.el9_3
CVE-2022-47007	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2020-19185	Anchore CVE	Medium	ncurses-base-6.2-10.20210508.el9
CVE-2021-23840	Anchore CVE	Medium	openssl-1:3.0.7-24.el9
CVE-2021-35938	Anchore CVE	Medium	rpm-libs-4.16.1.3-25.el9
CVE-2023-5363	Anchore CVE	Medium	openssl-1:3.0.7-24.el9
CVE-2022-48064	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2018-20225	Anchore CVE	High	pip-23.3.1
CVE-2023-4039	Anchore CVE	Medium	libgomp-11.4.1-2.1.el9
CVE-2023-5678	Anchore CVE	Low	openssl-libs-1:3.0.7-24.el9
CVE-2022-47696	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2021-27212	Anchore CVE	Medium	openldap-compat-2.6.3-1.el9
CVE-2022-48063	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2023-3446	Anchore CVE	Low	openssl-1:3.0.7-24.el9
CVE-2023-5156	Anchore CVE	Medium	glibc-langpack-en-2.34-83.el9_3.7
CVE-2023-39321	Anchore CVE	Medium	podman-2:4.6.1-5.el9
CVE-2023-41105	Anchore CVE	High	python-3.11.4
GHSA-mq26-g339-26xf	Anchore CVE	Medium	pip-23.1.2
CVE-2020-19188	Anchore CVE	Medium	ncurses-libs-6.2-10.20210508.el9
CVE-2023-0778	Anchore CVE	Medium	podman-2:4.6.1-5.el9
CVE-2023-3446	Anchore CVE	Low	openssl-libs-1:3.0.7-24.el9
CVE-2023-45803	Anchore CVE	Medium	python3-urllib3-1.26.5-3.el9
CVE-2023-0687	Anchore CVE	Medium	glibc-minimal-langpack-2.34-83.el9_3.7
CVE-2018-20225	Anchore CVE	High	pip-23.1.2
CVE-2020-21490	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2021-35937	Anchore CVE	Medium	rpm-build-libs-4.16.1.3-25.el9
CVE-2022-35206	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2021-35938	Anchore CVE	Medium	rpm-build-libs-4.16.1.3-25.el9
CVE-2021-35938	Anchore CVE	Medium	python3-rpm-4.16.1.3-25.el9
CVE-2021-35937	Anchore CVE	Medium	python3-rpm-4.16.1.3-25.el9
CVE-2021-3572	Anchore CVE	Low	python3-pip-wheel-21.2.3-7.el9
CVE-2021-35939	Anchore CVE	Medium	python3-rpm-4.16.1.3-25.el9
CVE-2023-39318	Anchore CVE	Medium	podman-2:4.6.1-5.el9
GHSA-wfm5-v35h-vwf4	Anchore CVE	High	GitPython-3.1.32
CVE-2023-29409	Anchore CVE	Medium	podman-2:4.6.1-5.el9
CVE-2021-35939	Anchore CVE	Medium	rpm-4.16.1.3-25.el9
CVE-2021-35939	Anchore CVE	Medium	rpm-libs-4.16.1.3-25.el9
CVE-2020-19724	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2021-35939	Anchore CVE	Medium	rpm-sign-libs-4.16.1.3-25.el9
CVE-2020-19186	Anchore CVE	Medium	ncurses-base-6.2-10.20210508.el9
CVE-2023-27043	Anchore CVE	Medium	python3-3.9.18-1.el9_3
CVE-2022-48065	Anchore CVE	Low	gdb-gdbserver-10.2-11.el9
CVE-2023-29383	Anchore CVE	Medium	util-linux-core-2.37.4-15.el9
CVE-2022-48565	Anchore CVE	Medium	python3-3.9.18-1.el9_3
CVE-2021-23336	Anchore CVE	Medium	python3-3.9.18-1.el9_3
CVE-2023-46218	Anchore CVE	Medium	curl-minimal-7.76.1-26.el9_3.2
CVE-2023-46218	Anchore CVE	Medium	libcurl-minimal-7.76.1-26.el9_3.2
CVE-2023-45803	Anchore CVE	Medium	python3-pip-wheel-21.2.3-7.el9
CCE-83895-3	OSCAP Compliance	Medium
CVE-2023-39323	Twistlock CVE	Critical	go-1.20.6
CVE-2023-39323	Twistlock CVE	Critical	go-1.20.6
CVE-2023-39323	Twistlock CVE	Critical	go-1.20.6
CVE-2023-43804	Twistlock CVE	High	urllib3-1.26.16
PRISMA-2022-0168	Twistlock CVE	High	pip-23.1.2
CVE-2023-40590	Twistlock CVE	High	gitpython-3.1.32
CVE-2023-41040	Twistlock CVE	Medium	gitpython-3.1.32
CVE-2023-39319	Twistlock CVE	Medium	go-1.20.6
CVE-2023-39319	Twistlock CVE	Medium	go-1.20.6
CVE-2023-39319	Twistlock CVE	Medium	go-1.20.6
CVE-2023-39318	Twistlock CVE	Medium	go-1.20.6
CVE-2023-39318	Twistlock CVE	Medium	go-1.20.6
CVE-2023-39318	Twistlock CVE	Medium	go-1.20.6
CVE-2022-40897	Twistlock CVE	Medium	setuptools-65.5.0
CVE-2023-29409	Twistlock CVE	Medium	go-1.20.6
CVE-2023-29409	Twistlock CVE	Medium	go-1.20.6
CVE-2023-29409	Twistlock CVE	Medium	go-1.20.6
CVE-2023-45803	Twistlock CVE	Medium	urllib3-1.26.16
CVE-2023-5752	Twistlock CVE	Low	pip-23.1.2

VAT: https://vat.dso.mil/vat/image?imageName=ironbank-pipelines/oscap-podman&tag=v0.1.3&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=ironbank-pipelines/oscap-podman&tag=v0.1.2&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Dec 12, 2023 by Ghost User

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

Admin message

chore(findings): ironbank-pipelines/oscap-podman

Summary

Tasks

Questions?