chore(findings): opensource/goharbor/notary-signer
Summary
opensource/goharbor/notary-signer has 27 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2020-29652 | twistlock_cve | High | golang.org/x/crypto-v0.0.0-20200302210943-78000ba7a073 |
CVE-2021-33198 | twistlock_cve | High | go-1.14.15 |
CVE-2021-33195 | twistlock_cve | High | go-1.14.15 |
CVE-2021-33194 | twistlock_cve | High | go-1.14.15 |
CVE-2021-29923 | twistlock_cve | High | go-1.14.15 |
CVE-2021-27918 | twistlock_cve | High | go-1.14.15 |
CVE-2021-33196 | twistlock_cve | High | go-1.14.15 |
CVE-2021-38297 | twistlock_cve | Critical | go-1.14.15 |
CVE-2021-44716 | twistlock_cve | High | go-1.14.15 |
CVE-2021-41771 | twistlock_cve | High | go-1.14.15 |
CVE-2021-41772 | twistlock_cve | High | go-1.14.15 |
CVE-2021-44716 | twistlock_cve | High | go-1.17.2 |
CVE-2021-41771 | twistlock_cve | High | go-1.17.2 |
CVE-2021-41772 | twistlock_cve | High | go-1.17.2 |
CVE-2022-23806 | twistlock_cve | Critical | go-1.14.15 |
CVE-2022-23806 | twistlock_cve | Critical | go-1.17.2 |
CVE-2021-39293 | twistlock_cve | High | go-1.14.15 |
CVE-2020-8912 | twistlock_cve | Low | github.com/aws/aws-sdk-go-v1.17.7 |
CVE-2022-27191 | twistlock_cve | High | go-1.17.2 |
CVE-2022-27191 | twistlock_cve | High | go-1.14.15 |
PRISMA-2022-0113 | twistlock_cve | Medium | github.com/aws/aws-sdk-go-v1.17.7 |
CVE-2022-23773 | twistlock_cve | High | go-1.17.2 |
CVE-2022-23773 | twistlock_cve | High | go-1.14.15 |
CVE-2022-23772 | twistlock_cve | High | go-1.14.15 |
CVE-2022-23772 | twistlock_cve | High | go-1.17.2 |
CVE-2022-24921 | twistlock_cve | High | go-1.14.15 |
CVE-2022-24921 | twistlock_cve | High | go-1.17.2 |
VAT: https://vat.dso.mil/vat/container/17167?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/goharbor/notary-signer/-/jobs/9863612
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Ghost User