UNCLASSIFIED - NO CUI

Skip to content

chore(findings): kasm/workspaces/api

Summary

kasm/workspaces/api has 81 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=kasm/workspaces/api&tag=1.17.0&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-39689 Twistlock CVE High certifi-2023.11.17 0.21233 false
CVE-2015-9019 Twistlock CVE Low libxslt-1.1.35-1+deb12u2 0.00984 false
CVE-2015-9019 Anchore CVE Low libxslt1.1-1.1.35-1+deb12u2 0.00984 false
CVE-2024-12797 Twistlock CVE Low cryptography-43.0.1 0.00259 false
CVE-2025-49794 Anchore CVE Critical libxml2-2.9.14+dfsg-1.3~deb12u4 0.00202 false
CVE-2025-49796 Anchore CVE Critical libxml2-2.9.14+dfsg-1.3~deb12u4 0.00200 false
CVE-2023-5388 Twistlock CVE Low nss-2:3.87.1-1+deb12u1 0.00174 false
CVE-2023-5388 Anchore CVE Medium libnss3-2:3.87.1-1+deb12u1 0.00174 false
CVE-2023-6135 Twistlock CVE Low nss-2:3.87.1-1+deb12u1 0.00152 false
CVE-2023-6135 Anchore CVE Medium libnss3-2:3.87.1-1+deb12u1 0.00152 false
CVE-2025-4517 Anchore CVE Critical python-3.12.10 0.00146 false
CVE-2025-47273 Twistlock CVE High setuptools-75.8.0 0.00139 false
CVE-2025-4330 Anchore CVE High python-3.12.10 0.00120 false
CVE-2025-47287 Twistlock CVE High tornado-6.4.2 0.00118 false
CVE-2017-11697 Twistlock CVE Low nss-2:3.87.1-1+deb12u1 0.00113 false
CVE-2017-11697 Anchore CVE Low libnss3-2:3.87.1-1+deb12u1 0.00113 false
CVE-2024-7531 Twistlock CVE Low nss-2:3.87.1-1+deb12u1 0.00112 false
CVE-2024-7531 Anchore CVE Medium libnss3-2:3.87.1-1+deb12u1 0.00112 false
CVE-2025-4138 Anchore CVE High python-3.12.10 0.00100 false
CVE-2024-12718 Anchore CVE Medium python-3.12.10 0.00097 false
CVE-2025-8194 Anchore CVE High python-3.12.10 0.00096 false
CVE-2017-11698 Twistlock CVE Low nss-2:3.87.1-1+deb12u1 0.00094 false
CVE-2017-11698 Anchore CVE Low libnss3-2:3.87.1-1+deb12u1 0.00094 false
CVE-2017-11696 Twistlock CVE Low nss-2:3.87.1-1+deb12u1 0.00094 false
CVE-2017-11696 Anchore CVE Low libnss3-2:3.87.1-1+deb12u1 0.00094 false
CVE-2017-11695 Twistlock CVE Low nss-2:3.87.1-1+deb12u1 0.00094 false
CVE-2017-11695 Anchore CVE Low libnss3-2:3.87.1-1+deb12u1 0.00094 false
CVE-2025-6069 Anchore CVE Medium python-3.12.10 0.00090 false
CVE-2025-6021 Anchore CVE High libxml2-2.9.14+dfsg-1.3~deb12u4 0.00089 false
CVE-2025-6965 Anchore CVE Critical libsqlite3-0-3.40.1-2+deb12u2 0.00075 false
CVE-2025-4435 Anchore CVE High python-3.12.10 0.00067 false
CVE-2025-8714 Anchore CVE High libpq5-15.14-0+deb12u1 0.00063 false
CVE-2025-8714 Anchore CVE High postgresql-client-15-15.14-0+deb12u1 0.00063 false
CVE-2025-47907 Anchore CVE High stdlib-go1.24.2 0.00054 false
CVE-2025-8715 Anchore CVE High libpq5-15.14-0+deb12u1 0.00049 false
CVE-2025-8715 Anchore CVE High postgresql-client-15-15.14-0+deb12u1 0.00049 false
CVE-2025-3576 Anchore CVE Medium krb5-locales-1.20.1-2+deb12u4 0.00047 false
CVE-2025-3576 Anchore CVE Medium libkrb5support0-1.20.1-2+deb12u4 0.00047 false
CVE-2025-3576 Anchore CVE Medium libk5crypto3-1.20.1-2+deb12u4 0.00047 false
CVE-2025-3576 Anchore CVE Medium libgssapi-krb5-2-1.20.1-2+deb12u4 0.00047 false
CVE-2025-3576 Anchore CVE Medium libkrb5-3-1.20.1-2+deb12u4 0.00047 false
CVE-2025-8713 Anchore CVE Low postgresql-client-15-15.14-0+deb12u1 0.00042 false
CVE-2025-8713 Anchore CVE Low libpq5-15.14-0+deb12u1 0.00042 false
CVE-2025-7458 Twistlock CVE Low sqlite3-3.40.1-2+deb12u2 0.00033 false
CVE-2025-7458 Anchore CVE Critical libsqlite3-0-3.40.1-2+deb12u2 0.00033 false
CVE-2024-47081 Twistlock CVE Medium requests-2.32.0 0.00028 false
CVE-2025-4565 Twistlock CVE High protobuf-3.20.2 0.00025 false
CVE-2022-0563 Anchore CVE Low uuid-runtime-2.38.1-5+deb12u3 0.00025 false
CVE-2025-6170 Anchore CVE Low libxml2-2.9.14+dfsg-1.3~deb12u4 0.00021 false
CVE-2025-4516 Anchore CVE Medium python-3.12.10 0.00021 false
CVE-2025-6141 Anchore CVE Low libncursesw6-6.4-4 0.00019 false
CVE-2025-4673 Anchore CVE Medium stdlib-go1.24.2 0.00019 false
CVE-2025-4673 Twistlock CVE Low net/http-1.24.2 0.00019 false
CVE-2025-7425 Twistlock CVE Low libxslt-1.1.35-1+deb12u2 0.00017 false
CVE-2025-7425 Anchore CVE High libxslt1.1-1.1.35-1+deb12u2 0.00017 false
CVE-2025-50181 Twistlock CVE Medium urllib3-1.26.19 Most users dont disable redirects on the PoolManager. Set redirectsFalseredirects0 on the .request call instead of on the toplevel urllib3.PoolManager 0.00015 false
CVE-2025-29088 Twistlock CVE Low sqlite3-3.40.1-2+deb12u2 0.00015 false
CVE-2025-29088 Anchore CVE Medium libsqlite3-0-3.40.1-2+deb12u2 0.00015 false
CVE-2023-4016 Twistlock CVE Low procps-2:4.0.2-3 0.00013 false
CVE-2023-4016 Anchore CVE Low libproc2-0-2:4.0.2-3 0.00013 false
CVE-2023-4016 Anchore CVE Low procps-2:4.0.2-3 0.00013 false
CVE-2025-22874 Twistlock CVE Low crypto/x509-1.24.2 0.00012 false
CVE-2025-22874 Anchore CVE High stdlib-go1.24.2 0.00012 false
CVE-2025-40909 Anchore CVE Medium libperl5.36-5.36.0-7+deb12u3 0.00007 false
CVE-2025-40909 Anchore CVE Medium perl-5.36.0-7+deb12u3 0.00007 false
CVE-2025-40909 Anchore CVE Medium perl-modules-5.36-5.36.0-7+deb12u3 0.00007 false
CVE-2025-8732 Anchore CVE Low libxml2-2.9.14+dfsg-1.3~deb12u4 0.00006 false
CVE-2025-4674 Anchore CVE High stdlib-go1.24.2 0.00006 false
CVE-2025-26434 Twistlock CVE Low libxml2-2.9.14+dfsg-1.3~deb12u4 0.00005 false
CVE-2025-9714 Twistlock CVE Low libxml2-2.9.14+dfsg-1.3~deb12u4 N/A false
CVE-2025-7709 Twistlock CVE Low sqlite3-3.40.1-2+deb12u2 N/A false
c95380953385ef8ce165f719b23f921d Anchore Compliance Critical N/A N/A
be85765032af1072f0b54e2d5a65b648 Anchore Compliance Critical N/A N/A
PRISMA-2021-0090 Twistlock CVE Medium sqlalchemy-1.3.3 N/A N/A
GHSA-pq67-6m6q-mj2v Anchore CVE Medium urllib3-1.26.19 N/A N/A
GHSA-9hjg-9r4m-mvj7 Anchore CVE Medium requests-2.32.0 N/A N/A
GHSA-8qvm-5x2c-j2w7 Anchore CVE High protobuf-3.20.2 N/A N/A
GHSA-7cx3-6m66-7c5m Anchore CVE High tornado-6.4.2 N/A N/A
GHSA-79v4-65xg-pq4g Anchore CVE Low cryptography-43.0.1 N/A N/A
GHSA-5rjg-fvgr-3xxf Anchore CVE High setuptools-75.8.0 N/A N/A
GHSA-248v-346w-9cwc Anchore CVE Low certifi-2023.11.17 N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=kasm/workspaces/api&tag=1.17.0&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI