chore(findings): kubeflow/common/kflogin-ui-v0.5.0
Summary
kubeflow/common/kflogin-ui-v0.5.0 has 16 new findings discovered during continuous monitoring.
| id | source | package |
|---|---|---|
| GHSA-hj48-42vr-x3v9 | anchore_cve | path-parse-1.0.6 |
| GHSA-hj48-42vr-x3v9 | anchore_cve | path-parse-1.0.6 |
| GHSA-3jfq-g458-7qm9 | anchore_cve | tar-2.2.1 |
| GHSA-r628-mhmh-qjhw | anchore_cve | tar-2.2.1 |
| GHSA-3jfq-g458-7qm9 | anchore_cve | tar-4.4.13 |
| GHSA-r628-mhmh-qjhw | anchore_cve | tar-4.4.13 |
| GHSA-3jfq-g458-7qm9 | anchore_cve | tar-4.4.8 |
| GHSA-r628-mhmh-qjhw | anchore_cve | tar-4.4.8 |
| GHSA-hh27-ffr2-f2jc | anchore_cve | url-parse-1.4.4 |
| CVE-2021-32803 | twistlock_cve | tar-2.2.1 |
| CVE-2021-32804 | twistlock_cve | tar-2.2.1 |
| CVE-2021-32803 | twistlock_cve | tar-4.4.13 |
| CVE-2021-32804 | twistlock_cve | tar-4.4.13 |
| CVE-2021-32803 | twistlock_cve | tar-4.4.8 |
| CVE-2021-32804 | twistlock_cve | tar-4.4.8 |
| CVE-2021-3664 | twistlock_cve | url-parse-1.4.4 |
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/kubeflow/common/kflogin-ui-v0.5.0/-/jobs/5623487
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Al Fontaine