chore(findings): opensource/jupyter/jupyter_codeserver_proxy
Summary
opensource/jupyter/jupyter_codeserver_proxy has 153 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-3235 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-3234 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CCE-86534-5 | OSCAP Compliance | Medium | |
CCE-85888-6 | OSCAP Compliance | Medium | |
CCE-84038-9 | OSCAP Compliance | Medium | |
CVE-2022-39260 | Twistlock CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-39260 | Twistlock CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2022-39260 | Twistlock CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-39253 | Twistlock CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-39253 | Twistlock CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2022-39253 | Twistlock CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2020-35525 | OSCAP Compliance | Medium | |
CVE-2020-35527 | OSCAP Compliance | Medium | |
CVE-2022-37434 | OSCAP Compliance | Medium | |
CVE-2022-2509 | OSCAP Compliance | Medium | |
CVE-2022-39286 | Twistlock CVE | High | jupyter-core-4.11.1 |
GHSA-m678-f26j-3hrp | Anchore CVE | High | jupyter-core-4.11.1 |
CVE-2022-42919 | Twistlock CVE | Critical | platform-python-3.6.8-45.el8 |
CVE-2022-42919 | Twistlock CVE | Critical | python3-libs-3.6.8-45.el8 |
CVE-2021-44906 | Twistlock CVE | Medium | nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2021-44906 | Twistlock CVE | Medium | nodejs-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2021-44906 | Twistlock CVE | Medium | npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a |
CVE-2022-3517 | Twistlock CVE | Medium | nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2022-3517 | Twistlock CVE | Medium | npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a |
CVE-2022-3517 | Twistlock CVE | Medium | nodejs-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2020-10735 | Twistlock CVE | Medium | python3-libs-3.6.8-45.el8 |
CVE-2020-10735 | Twistlock CVE | Medium | platform-python-3.6.8-45.el8 |
CVE-2022-0235 | Twistlock CVE | Medium | npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a |
CVE-2022-0235 | Twistlock CVE | Medium | nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2022-0235 | Twistlock CVE | Medium | nodejs-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2022-36087 | Twistlock CVE | Medium | oauthlib-3.2.0 |
CVE-2022-3296 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-3256 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-3235 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-3234 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-3037 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2946 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2021-3826 | Twistlock CVE | Low | libgomp-8.5.0-10.1.el8_6 |
CVE-2021-3826 | Twistlock CVE | Low | cpp-8.5.0-10.1.el8_6 |
CVE-2021-3826 | Twistlock CVE | Low | binutils-2.30-113.el8 |
CVE-2022-3219 | Twistlock CVE | Low | gnupg2-2.2.20-2.el8 |
CVE-2022-3153 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-38533 | Twistlock CVE | Low | binutils-2.30-113.el8 |
CVE-2022-2980 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2923 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-3705 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-3352 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2017-15897 | Twistlock CVE | Low | npm-8.15.0-1.16.17.1.1.module+el8.6.0+16848+a483195a |
CVE-2017-15897 | Twistlock CVE | Low | nodejs-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2017-15897 | Twistlock CVE | Low | nodejs-full-i18n-16.17.1-1.module+el8.6.0+16848+a483195a |
CVE-2022-35252 | Twistlock CVE | Low | curl-7.61.1-22.el8_6.3 |
CVE-2022-35252 | Twistlock CVE | Low | libcurl-7.61.1-22.el8_6.3 |
CVE-2022-2849 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-2845 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-38128 | Twistlock CVE | Low | binutils-2.30-113.el8 |
CVE-2022-38127 | Twistlock CVE | Low | binutils-2.30-113.el8 |
CVE-2022-38126 | Twistlock CVE | Low | binutils-2.30-113.el8 |
CVE-2022-38457 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2020-10735 | Anchore CVE | Medium | python3-libs-3.6.8-45.el8 |
CVE-2022-2208 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-3344 | Anchore CVE | Low | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2183 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-3028 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2018-25032 | Anchore CVE | High | python-3.8.13 |
CVE-2022-2285 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-38533 | Anchore CVE | Low | binutils-2.30-113.el8 |
CVE-2022-39188 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2845 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-41674 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-39260 | Anchore CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2022-30594 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-39260 | Anchore CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-3435 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-39260 | Anchore CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-2938 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2785 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3219 | Anchore CVE | Low | gnupg2-2.2.20-2.el8 |
CVE-2022-2873 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2946 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2849 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-41218 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3296 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2819 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2207 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-42721 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-40133 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2663 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-42703 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2287 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-39190 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-36402 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-20368 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2206 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-36879 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-42722 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2210 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-3586 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2905 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2182 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-2923 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-35252 | Anchore CVE | Low | libcurl-7.61.1-22.el8_6.3 |
CVE-2021-3826 | Anchore CVE | Low | binutils-2.30-113.el8 |
CVE-2022-36280 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3303 | Anchore CVE | Low | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2980 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2020-10735 | Anchore CVE | Medium | platform-python-3.6.8-45.el8 |
CVE-2022-2284 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-3153 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-39260 | Anchore CVE | Medium | git-core-doc-2.31.1-2.el8 |
CVE-2022-3424 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-25265 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3239 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2964 | Anchore CVE | High | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3256 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-20166 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-42720 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3707 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-39189 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-2286 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-38096 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3037 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
GHSA-3pgj-pg6c-r5p7 | Anchore CVE | Medium | oauthlib-3.2.0 |
CVE-2022-35252 | Anchore CVE | Low | curl-7.61.1-22.el8_6.3 |
CVE-2022-34903 | OSCAP Compliance | Medium | |
CVE-2015-20107 | OSCAP Compliance | Medium | |
CVE-2022-0391 | OSCAP Compliance | Medium | |
CVE-2022-32206 | OSCAP Compliance | Medium | |
CVE-2022-32208 | OSCAP Compliance | Medium | |
CVE-2022-3705 | Anchore CVE | Low | vim-minimal-2:8.0.1763-19.el8_6.4 |
CVE-2022-36067 | Twistlock CVE | Critical | vm2-3.9.7 |
CVE-2022-32190 | Twistlock CVE | Critical | go-1.19 |
PRISMA-2022-0039 | Twistlock CVE | High | minimatch-3.0.4 |
CVE-2022-41715 | Twistlock CVE | High | go-1.19 |
CVE-2022-3517 | Twistlock CVE | High | minimatch-3.0.4 |
CVE-2022-2880 | Twistlock CVE | High | go-1.19 |
CVE-2022-2879 | Twistlock CVE | High | go-1.19 |
CVE-2022-27664 | Twistlock CVE | High | go-1.19 |
CVE-2020-29652 | Twistlock CVE | High | golang.org/x/crypto-v0.0.0-20191206172530-e9b2fee46413 |
CVE-2022-3479 | Twistlock CVE | Medium | nss-util-3.67.0-7.el8_5 |
CVE-2022-3479 | Twistlock CVE | Medium | nss-softokn-3.67.0-7.el8_5 |
CVE-2022-3479 | Twistlock CVE | Medium | nss-3.67.0-7.el8_5 |
CVE-2022-3479 | Twistlock CVE | Medium | nss-softokn-freebl-3.67.0-7.el8_5 |
CVE-2022-3479 | Twistlock CVE | Medium | nss-sysinit-3.67.0-7.el8_5 |
CVE-2022-41716 | Twistlock CVE | Medium | go-1.19 |
GHSA-39hc-v87j-747x | Twistlock CVE | Medium | cryptography-37.0.4 |
CVE-2022-3278 | Twistlock CVE | Low | vim-minimal-8.0.1763-19.el8_6.4 |
CVE-2022-39253 | Anchore CVE | Medium | git-core-doc-2.31.1-2.el8 |
GHSA-39hc-v87j-747x | Anchore CVE | Medium | cryptography-37.0.4 |
CVE-2022-39253 | Anchore CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2022-39253 | Anchore CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-39253 | Anchore CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-2602 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
CVE-2022-3640 | Anchore CVE | Medium | kernel-headers-4.18.0-372.19.1.el8_6 |
VAT: https://vat.dso.mil/vat/image?imageName=opensource/jupyter/jupyter_codeserver_proxy&tag=4.7.1&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/jupyter/jupyter_codeserver_proxy/-/jobs/13842829
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.