chore(findings): niwc/avaa/tileserver-gl-lite

Summary

niwc/avaa/tileserver-gl-lite has 81 new findings discovered during continuous monitoring.

id	source	severity	package
addbb93c22e9b0988b8b40392a4538cb	anchore_comp	Low
CCE-86519-6	oscap_comp	Medium
CVE-2015-20107	anchore_cve	Medium	platform-python-3.6.8-45.el8
CVE-2015-20107	twistlock_cve	Medium	platform-python-3.6.8-45.el8
CVE-2015-20107	anchore_cve	Medium	python3-libs-3.6.8-45.el8
CVE-2015-20107	twistlock_cve	Medium	python3-libs-3.6.8-45.el8
CVE-2016-4658	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2016-5131	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2017-0663	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2017-15412	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2017-18258	twistlock_cve	Low	python3-libxml2-2.9.7-13.el8
CVE-2017-7375	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2017-9047	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2017-9048	twistlock_cve	Low	python3-libxml2-2.9.7-13.el8
CVE-2017-9049	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2017-9050	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2021-27478	anchore_cve	High	opener-1.5.2
CVE-2021-27482	anchore_cve	High	opener-1.5.2
CVE-2021-27498	anchore_cve	High	opener-1.5.2
CVE-2021-27500	anchore_cve	High	opener-1.5.2
CVE-2021-35937	anchore_cve	Medium	python3-rpm-4.14.3-23.el8
CVE-2021-35937	twistlock_cve	Medium	python3-rpm-4.14.3-23.el8
CVE-2021-35937	anchore_cve	Medium	rpm-4.14.3-23.el8
CVE-2021-35937	twistlock_cve	Medium	rpm-4.14.3-23.el8
CVE-2021-35937	anchore_cve	Medium	rpm-build-libs-4.14.3-23.el8
CVE-2021-35937	twistlock_cve	Medium	rpm-build-libs-4.14.3-23.el8
CVE-2021-35937	anchore_cve	Medium	rpm-libs-4.14.3-23.el8
CVE-2021-35937	twistlock_cve	Medium	rpm-libs-4.14.3-23.el8
CVE-2021-35938	anchore_cve	Medium	python3-rpm-4.14.3-23.el8
CVE-2021-35938	twistlock_cve	Medium	python3-rpm-4.14.3-23.el8
CVE-2021-35938	anchore_cve	Medium	rpm-4.14.3-23.el8
CVE-2021-35938	twistlock_cve	Medium	rpm-4.14.3-23.el8
CVE-2021-35938	anchore_cve	Medium	rpm-build-libs-4.14.3-23.el8
CVE-2021-35938	twistlock_cve	Medium	rpm-build-libs-4.14.3-23.el8
CVE-2021-35938	anchore_cve	Medium	rpm-libs-4.14.3-23.el8
CVE-2021-35938	twistlock_cve	Medium	rpm-libs-4.14.3-23.el8
CVE-2021-35939	anchore_cve	Medium	python3-rpm-4.14.3-23.el8
CVE-2021-35939	twistlock_cve	Medium	python3-rpm-4.14.3-23.el8
CVE-2021-35939	anchore_cve	Medium	rpm-4.14.3-23.el8
CVE-2021-35939	twistlock_cve	Medium	rpm-4.14.3-23.el8
CVE-2021-35939	anchore_cve	Medium	rpm-build-libs-4.14.3-23.el8
CVE-2021-35939	twistlock_cve	Medium	rpm-build-libs-4.14.3-23.el8
CVE-2021-35939	anchore_cve	Medium	rpm-libs-4.14.3-23.el8
CVE-2021-35939	twistlock_cve	Medium	rpm-libs-4.14.3-23.el8
CVE-2021-44568	anchore_cve	Low	libsolv-0.7.20-1.el8
CVE-2021-44568	twistlock_cve	Low	libsolv-0.7.20-1.el8
CVE-2022-0391	anchore_cve	Medium	platform-python-3.6.8-45.el8
CVE-2022-0391	twistlock_cve	Medium	platform-python-3.6.8-45.el8
CVE-2022-0391	anchore_cve	Medium	python3-libs-3.6.8-45.el8
CVE-2022-0391	twistlock_cve	Medium	python3-libs-3.6.8-45.el8
CVE-2022-1292	anchore_cve	Medium	openssl-1:1.1.1k-6.el8_5
CVE-2022-1292	anchore_cve	Medium	openssl-libs-1:1.1.1k-6.el8_5
CVE-2022-1304	anchore_cve	Medium	libcom_err-1.45.6-4.el8
CVE-2022-1304	twistlock_cve	Medium	libcom_err-1.45.6-4.el8
CVE-2022-1621	anchore_cve	Medium	vim-minimal-2:8.0.1763-16.el8_5.13
CVE-2022-1621	twistlock_cve	Medium	vim-minimal-8.0.1763-16.el8_5.13
CVE-2022-1629	anchore_cve	Medium	vim-minimal-2:8.0.1763-16.el8_5.13
CVE-2022-1629	twistlock_cve	Medium	vim-minimal-8.0.1763-16.el8_5.13
CVE-2022-21227	anchore_cve	High	sqlite3-4.2.0
CVE-2022-25313	anchore_cve	Medium	expat-2.2.5-8.el8
CVE-2022-25313	twistlock_cve	Medium	expat-2.2.5-8.el8
CVE-2022-25314	anchore_cve	Medium	expat-2.2.5-8.el8
CVE-2022-25314	twistlock_cve	Medium	expat-2.2.5-8.el8
CVE-2022-27782	anchore_cve	Medium	curl-7.61.1-22.el8
CVE-2022-27782	twistlock_cve	Medium	curl-7.61.1-22.el8
CVE-2022-27782	anchore_cve	Medium	libcurl-7.61.1-22.el8
CVE-2022-27782	twistlock_cve	Medium	libcurl-7.61.1-22.el8
CVE-2022-27943	twistlock_cve	Low	libgcc-8.5.0-10.el8
CVE-2022-27943	twistlock_cve	Low	libstdc++-8.5.0-10.el8
CVE-2022-29824	anchore_cve	Medium	libxml2-2.9.7-13.el8
CVE-2022-29824	twistlock_cve	Medium	libxml2-2.9.7-13.el8
CVE-2022-29824	anchore_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2022-29824	twistlock_cve	Medium	python3-libxml2-2.9.7-13.el8
CVE-2022-29244	twistlock_cve	Medium	npm-8.5.0
GHSA-hj9c-8jmm-8c52	anchore_cve	Medium	npm-8.5.0
CVE-2022-1897	anchore_cve	Medium	vim-minimal-2:8.0.1763-16.el8_5.13
CVE-2022-1897	twistlock_cve	Medium	vim-minimal-8.0.1763-16.el8_5.13
CVE-2022-1785	anchore_cve	Medium	vim-minimal-2:8.0.1763-16.el8_5.13
CVE-2022-1785	twistlock_cve	Medium	vim-minimal-8.0.1763-16.el8_5.13
CVE-2022-1927	anchore_cve	Medium	vim-minimal-2:8.0.1763-16.el8_5.13
CVE-2022-1927	twistlock_cve	Medium	vim-minimal-8.0.1763-16.el8_5.13

VAT: https://vat.dso.mil/vat/container/18484?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/niwc/avaa/tileserver-gl-lite/-/jobs/12272035

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the ~"Approval" label to this issue and wait for feedback

Iron Bank:

Review findings and justifications
Send approval request to Authorizing Official
Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited Jun 15, 2022 by Adam Yohrling

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information