chore(findings): opensource/argoproj/argocd
Summary
opensource/argoproj/argocd has 77 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2024-2511 | Anchore CVE | Low | openssl-1:3.0.7-27.el9 |
CVE-2022-41725 | Anchore CVE | Medium | git-lfs-3.4.1-1.el9 |
CVE-2023-39321 | Anchore CVE | Medium | git-lfs-3.4.1-1.el9 |
CVE-2021-3928 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-3324 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-48235 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-29409 | Anchore CVE | Medium | git-lfs-3.4.1-1.el9 |
CVE-2022-1619 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-2889 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-0054 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-46246 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-2609 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-48237 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-2257 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-3968 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-1264 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-3297 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-48231 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-48234 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-1725 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-1127 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-0051 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-4292 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-4136 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-1170 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-48232 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-4166 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2020-20703 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-2862 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-0049 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.20.10 |
CVE-2023-2610 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-4781 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-29458 | Anchore CVE | Low | ncurses-6.2-10.20210508.el9 |
CVE-2022-2982 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-5344 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-51767 | Anchore CVE | Medium | openssh-clients-8.7p1-38.el9 |
CVE-2024-22667 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-1620 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-4141 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-1616 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-2304 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-3927 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-29406 | Anchore CVE | Medium | git-lfs-3.4.1-1.el9 |
CVE-2023-5441 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-3016 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-4735 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-50495 | Anchore CVE | Low | ncurses-6.2-10.20210508.el9 |
CVE-2023-4734 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-4173 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-3974 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-4738 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-3278 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-4751 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-24536 | Anchore CVE | Medium | git-lfs-3.4.1-1.el9 |
CVE-2022-0213 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-4187 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2021-3973 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-39326 | Anchore CVE | Medium | stdlib-go1.21.3 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.21.3 |
CVE-2023-45285 | Anchore CVE | High | stdlib-go1.20.10 |
CVE-2023-5535 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-48706 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-48236 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-4293 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-3099 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-0512 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-2042 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-0351 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-2817 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-41724 | Anchore CVE | Medium | git-lfs-3.4.1-1.el9 |
CVE-2023-48233 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2022-2874 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2023-24534 | Anchore CVE | Medium | git-lfs-3.4.1-1.el9 |
CVE-2023-51767 | Anchore CVE | Medium | openssh-8.7p1-38.el9 |
CVE-2022-3134 | Anchore CVE | Low | vim-filesystem-2:8.2.2637-20.el9_1 |
CVE-2024-2511 | Twistlock CVE | Low | openssl-3.0.7-27.el9 |
VAT: https://vat.dso.mil/vat/image?imageName=opensource/argoproj/argocd&tag=v2.10.9&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/argoproj/argocd&tag=v2.10.8&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.