UNCLASSIFIED - NO CUI

Skip to content

chore(findings): opensource/cassproject/cass

Summary

opensource/cassproject/cass has 17 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-42898 Twistlock CVE Critical krb5-libs-1.18.2-21.el8
CVE-2022-45061 Twistlock CVE Medium platform-python-3.6.8-48.el8_7
CVE-2022-45061 Twistlock CVE Medium python3-libs-3.6.8-48.el8_7
CVE-2022-36227 Twistlock CVE Low libarchive-3.3.3-4.el8
CVE-2022-45061 Anchore CVE Medium platform-python-3.6.8-48.el8_7
CVE-2007-4559 Anchore CVE Medium python3-libs-3.6.8-48.el8_7
CVE-2022-36227 Anchore CVE Low libarchive-3.3.3-4.el8
CVE-2022-45061 Anchore CVE Medium python3-libs-3.6.8-48.el8_7
CVE-2022-43680 Anchore CVE Medium expat-2.2.5-10.el8
CVE-2007-4559 Anchore CVE Medium platform-python-3.6.8-48.el8_7
CVE-2021-46848 Anchore CVE Medium libtasn1-4.13-3.el8
CVE-2022-35737 Anchore CVE Medium sqlite-libs-3.26.0-16.el8_6
CVE-2022-42898 Anchore CVE High krb5-libs-1.18.2-21.el8
CVE-2022-45873 Twistlock CVE Medium systemd-libs-239-68.el8
CVE-2022-45873 Twistlock CVE Medium systemd-pam-239-68.el8
CVE-2022-45873 Twistlock CVE Medium systemd-239-68.el8
CVE-2022-42898 OSCAP Compliance Medium

VAT: https://vat.dso.mil/vat/image?imageName=opensource/cassproject/cass&tag=1.5.17&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/cassproject/cass/-/jobs/16330441

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Florian Tolk
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI