chore(findings): kubeflow/common/kflogin-ui-v0.5.0
Summary
kubeflow/common/kflogin-ui-v0.5.0 has 16 new findings discovered during continuous monitoring.
| id | source | package |
|---|---|---|
| GHSA-hj48-42vr-x3v9 | anchore_cve | path-parse-1.0.6 |
| GHSA-hj48-42vr-x3v9 | anchore_cve | path-parse-1.0.6 |
| GHSA-3jfq-g458-7qm9 | anchore_cve | tar-2.2.1 |
| GHSA-r628-mhmh-qjhw | anchore_cve | tar-2.2.1 |
| GHSA-3jfq-g458-7qm9 | anchore_cve | tar-4.4.13 |
| GHSA-r628-mhmh-qjhw | anchore_cve | tar-4.4.13 |
| GHSA-3jfq-g458-7qm9 | anchore_cve | tar-4.4.8 |
| GHSA-r628-mhmh-qjhw | anchore_cve | tar-4.4.8 |
| GHSA-hh27-ffr2-f2jc | anchore_cve | url-parse-1.4.4 |
| CVE-2021-32803 | twistlock_cve | tar-2.2.1 |
| CVE-2021-32804 | twistlock_cve | tar-2.2.1 |
| CVE-2021-32803 | twistlock_cve | tar-4.4.13 |
| CVE-2021-32804 | twistlock_cve | tar-4.4.13 |
| CVE-2021-32803 | twistlock_cve | tar-4.4.8 |
| CVE-2021-32804 | twistlock_cve | tar-4.4.8 |
| CVE-2021-3664 | twistlock_cve | url-parse-1.4.4 |
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/kubeflow/common/kflogin-ui-v0.5.0/-/jobs/5623487
Definition of Done
Justifications:
- All findings have been justified
- Justifications have been provided to the container hardening team
Approval Process:
- Findings Approver has reviewed and approved all justifications
- Approval request has been sent to Authorizing Official
- Approval request has been processed by Authorizing Official
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information