UNCLASSIFIED - NO CUI

Skip to content

chore(findings): kcs/corestack/compliance

Summary

kcs/corestack/compliance has 41 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=kcs/corestack/compliance&tag=v2503&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-12797 Twistlock CVE Low cryptography-43.0.1 0.00338 false
CVE-2022-0529 Anchore CVE Low unzip-6.0-58.el9_5 0.00242 false
CVE-2022-0529 Twistlock CVE Low unzip-6.0-58.el9_5 0.00242 false
CVE-2021-4217 Anchore CVE Low unzip-6.0-58.el9_5 0.00172 false
CVE-2021-4217 Twistlock CVE Low unzip-6.0-58.el9_5 0.00172 false
CVE-2022-0530 Anchore CVE Low unzip-6.0-58.el9_5 0.00120 false
CVE-2022-0530 Twistlock CVE Low unzip-6.0-58.el9_5 0.00120 false
CVE-2025-6069 Anchore CVE Medium python3.12-devel-3.12.9-1.el9_6.2 0.00116 false
CVE-2025-6069 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00116 false
CVE-2025-6069 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00116 false
CVE-2023-47038 Twistlock CVE Medium perl-0:5.32.1-481.1.el9_6 0.00091 false
CVE-2025-8291 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00073 false
CVE-2025-8291 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00073 false
CVE-2025-8291 Anchore CVE Medium python3.12-devel-3.12.9-1.el9_6.2 0.00073 false
CVE-2025-8291 Twistlock CVE Medium python3.12-3.12.9-1.el9_6.2 0.00073 false
CVE-2022-41409 Anchore CVE Low pcre2-utf16-10.40-6.el9 0.00061 false
CVE-2022-41409 Anchore CVE Low pcre2-devel-10.40-6.el9 0.00061 false
CVE-2022-41409 Anchore CVE Low pcre2-utf32-10.40-6.el9 0.00061 false
CVE-2023-50495 Anchore CVE Low ncurses-6.2-10.20210508.el9_6.2 0.00050 false
CVE-2023-5752 Twistlock CVE Low pip-23.2.1 Only users using Mercurial VCS functionality with untrusted inputs are affected. 0.00044 false
CVE-2023-24056 Anchore CVE Low pkgconf-pkg-config-1.7.3-10.el9 0.00028 false
CVE-2023-24056 Anchore CVE Low pkgconf-1.7.3-10.el9 0.00028 false
CVE-2023-24056 Anchore CVE Low pkgconf-m4-1.7.3-10.el9 0.00028 false
CVE-2023-24056 Anchore CVE Low libpkgconf-1.7.3-10.el9 0.00028 false
CVE-2023-24056 Twistlock CVE Low pkgconf-1.7.3-10.el9 0.00028 false
CVE-2025-50181 Anchore CVE Medium python3.12-pip-wheel-23.2.1-4.el9 0.00023 false
CVE-2025-50181 Anchore CVE Medium python3.12-pip-23.2.1-4.el9 0.00023 false
CVE-2025-8869 Twistlock CVE Medium pip-23.2.1 0.00018 false
CVE-2025-9301 Anchore CVE Low cmake-filesystem-3.26.5-2.el9 0.00017 false
CVE-2025-9301 Twistlock CVE Low cmake-3.26.5-2.el9 0.00017 false
CVE-2025-50182 Anchore CVE Medium python3.12-pip-23.2.1-4.el9 0.00014 false
CVE-2025-50182 Anchore CVE Medium python3.12-pip-wheel-23.2.1-4.el9 0.00014 false
CVE-2025-4516 Anchore CVE Medium python3.12-devel-3.12.9-1.el9_6.2 0.00013 false
CVE-2025-4516 Anchore CVE Medium python3.12-libs-3.12.9-1.el9_6.2 0.00013 false
CVE-2025-4516 Anchore CVE Medium python3.12-3.12.9-1.el9_6.2 0.00013 false
CVE-2025-40909 Twistlock CVE Medium perl-0:5.32.1-481.1.el9_6 0.00009 false
c95380953385ef8ce165f719b23f921d Anchore Compliance Critical N/A N/A
be85765032af1072f0b54e2d5a65b648 Anchore Compliance Critical N/A N/A
ab3200c0c3de735c6be82ff9508dceba Anchore Compliance Critical N/A N/A
PRISMA-2022-0168 Twistlock CVE High pip-23.2.1 N/A N/A
GHSA-79v4-65xg-pq4g Anchore CVE Low cryptography-43.0.1 N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=kcs/corestack/compliance&tag=v2503&branch=master

Tasks

Contributor:

  • Apply the StatusReview label to this issue for a merge request review and wait for feedback

OR

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI