UNCLASSIFIED - NO CUI

chore(findings): kubeflow/common/ingress-setup-91db78e53a3b

Summary

kubeflow/common/ingress-setup-91db78e53a3b has 55 new findings discovered during continuous monitoring.

id source package
CVE-2021-22876 anchore_cve curl-7.61.1-18.el8
CVE-2021-22898 anchore_cve curl-7.61.1-18.el8
CVE-2021-27218 anchore_cve glib2-2.56.4-10.el8_4
CVE-2021-28153 anchore_cve glib2-2.56.4-10.el8_4
CVE-2021-27645 anchore_cve glibc-2.28-151.el8
CVE-2021-33574 anchore_cve glibc-2.28-151.el8
CVE-2021-27645 anchore_cve glibc-common-2.28-151.el8
CVE-2021-33574 anchore_cve glibc-common-2.28-151.el8
CVE-2021-27645 anchore_cve glibc-langpack-en-2.28-151.el8
CVE-2021-33574 anchore_cve glibc-langpack-en-2.28-151.el8
CVE-2021-27645 anchore_cve glibc-minimal-langpack-2.28-151.el8
CVE-2021-33574 anchore_cve glibc-minimal-langpack-2.28-151.el8
CVE-2021-22876 anchore_cve libcurl-7.61.1-18.el8
CVE-2021-22898 anchore_cve libcurl-7.61.1-18.el8
CVE-2021-3445 anchore_cve libdnf-0.55.0-7.el8
CVE-2021-33560 anchore_cve libgcrypt-1.8.5-4.el8
CVE-2021-3200 anchore_cve libsolv-0.7.16-2.el8
CVE-2021-3580 anchore_cve nettle-3.4.1-4.el8_3
CVE-2021-3426 anchore_cve platform-python-3.6.8-37.el8
CVE-2021-3572 anchore_cve platform-python-pip-9.0.3-19.el8
CVE-2021-3445 anchore_cve python3-hawkey-0.55.0-7.el8
CVE-2021-3445 anchore_cve python3-libdnf-0.55.0-7.el8
CVE-2021-3426 anchore_cve python3-libs-3.6.8-37.el8
CVE-2021-3572 anchore_cve python3-pip-wheel-9.0.3-19.el8
CVE-2021-20266 anchore_cve python3-rpm-4.14.3-14.el8_4
CVE-2021-3421 anchore_cve python3-rpm-4.14.3-14.el8_4
CVE-2021-35937 anchore_cve python3-rpm-4.14.3-14.el8_4
CVE-2021-35938 anchore_cve python3-rpm-4.14.3-14.el8_4
CVE-2021-35939 anchore_cve python3-rpm-4.14.3-14.el8_4
CVE-2021-20266 anchore_cve rpm-4.14.3-14.el8_4
CVE-2021-3421 anchore_cve rpm-4.14.3-14.el8_4
CVE-2021-35937 anchore_cve rpm-4.14.3-14.el8_4
CVE-2021-35938 anchore_cve rpm-4.14.3-14.el8_4
CVE-2021-35939 anchore_cve rpm-4.14.3-14.el8_4
CVE-2021-20266 anchore_cve rpm-build-libs-4.14.3-14.el8_4
CVE-2021-3421 anchore_cve rpm-build-libs-4.14.3-14.el8_4
CVE-2021-35937 anchore_cve rpm-build-libs-4.14.3-14.el8_4
CVE-2021-35938 anchore_cve rpm-build-libs-4.14.3-14.el8_4
CVE-2021-35939 anchore_cve rpm-build-libs-4.14.3-14.el8_4
CVE-2021-20266 anchore_cve rpm-libs-4.14.3-14.el8_4
CVE-2021-3421 anchore_cve rpm-libs-4.14.3-14.el8_4
CVE-2021-35937 anchore_cve rpm-libs-4.14.3-14.el8_4
CVE-2021-35938 anchore_cve rpm-libs-4.14.3-14.el8_4
CVE-2021-35939 anchore_cve rpm-libs-4.14.3-14.el8_4
CVE-2021-22876 twistlock_cve curl-7.61.1-18.el8
CVE-2021-22898 twistlock_cve curl-7.61.1-18.el8
CVE-2021-27218 twistlock_cve glib2-2.56.4-10.el8_4
CVE-2021-28153 twistlock_cve glib2-2.56.4-10.el8_4
CVE-2021-33574 twistlock_cve glibc-2.28-151.el8
CVE-2021-3445 twistlock_cve libdnf-0.55.0-7.el8
CVE-2021-33560 twistlock_cve libgcrypt-1.8.5-4.el8
CVE-2021-3200 twistlock_cve libsolv-0.7.16-2.el8
CVE-2020-16135 twistlock_cve libssh-0.9.4-2.el8
CVE-2021-20266 twistlock_cve rpm-4.14.3-14.el8_4
CVE-2021-3421 twistlock_cve rpm-4.14.3-14.el8_4

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/kubeflow/common/ingress-setup-91db78e53a3b/-/jobs/4608772

Definition of Done

Justifications:

  • All findings have been justified
  • Justifications have been provided to the container hardening team

Approval Process:

  • Findings Approver has reviewed and approved all justifications
  • Approval request has been sent to Authorizing Official
  • Approval request has been processed by Authorizing Official

UNCLASSIFIED - NO CUI