chore(findings): jfrog/artifactory/artifactory-oss
Summary
jfrog/artifactory/artifactory-oss has 16 new findings discovered during continuous monitoring.
| id | source | package |
|---|---|---|
| GHSA-7hfm-57qf-j43q | anchore_cve | commons-compress-1.20 |
| GHSA-7hfm-57qf-j43q | anchore_cve | commons-compress-1.20 |
| GHSA-crv7-7245-f45f | anchore_cve | commons-compress-1.20 |
| GHSA-crv7-7245-f45f | anchore_cve | commons-compress-1.20 |
| GHSA-mc84-pj99-q6hh | anchore_cve | commons-compress-1.20 |
| GHSA-mc84-pj99-q6hh | anchore_cve | commons-compress-1.20 |
| GHSA-xqfj-vm6h-2x34 | anchore_cve | commons-compress-1.20 |
| GHSA-xqfj-vm6h-2x34 | anchore_cve | commons-compress-1.20 |
| CVE-2021-28153 | anchore_cve | glib2-2.56.4-10.el8_4.1 |
| GHSA-9279-7hph-r3xw | anchore_cve | sshd-core-2.6.0 |
| GHSA-3jfq-g458-7qm9 | anchore_cve | tar-6.0.5 |
| GHSA-r628-mhmh-qjhw | anchore_cve | tar-6.0.5 |
| VULNDB-264109 | anchore_cve | xstream-1.4.17 |
| CVE-2021-28153 | twistlock_cve | glib2-2.56.4-10.el8_4.1 |
| CVE-2021-32803 | twistlock_cve | tar-6.0.5 |
| CVE-2021-32804 | twistlock_cve | tar-6.0.5 |
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/jfrog/artifactory/artifactory-oss/-/jobs/5570585
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official