UNCLASSIFIED - NO CUI

Skip to content

chore(findings): opensource/metrostar/tip-dependencies

Summary

opensource/metrostar/tip-dependencies has 454 new findings discovered during continuous monitoring.

id source severity package
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
CVE-2022-45061 Anchore CVE High python-3.10.4
CVE-2022-42919 Anchore CVE High python-3.10.4
GHSA-2p9h-ccw7-33gf Anchore CVE Medium cleo-0.8.1
CVE-2022-37454 Anchore CVE Critical python-3.10.4
GHSA-43fp-rhv2-5gv8 Anchore CVE Medium certifi-2021.10.8
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.37.1
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-62.1.0
CVE-2020-10735 Anchore CVE High python-3.10.4
GHSA-w7pp-m8wf-vj6r Anchore CVE Medium cryptography-36.0.2
GHSA-x4qr-2fvf-3mr5 Anchore CVE High cryptography-36.0.2
CVE-2007-4559 Anchore CVE Medium python-3.10.4
CVE-2020-10735 Anchore CVE High python-3.10.4
CVE-2021-28861 Anchore CVE High python-3.10.4
CVE-2015-20107 Anchore CVE High python-3.10.4
CVE-2022-45061 Anchore CVE High python-3.10.4
CVE-2018-25032 Anchore CVE High python-3.10.4
CVE-2022-42919 Anchore CVE High python-3.10.4
CVE-2022-37454 Anchore CVE Critical python-3.10.4
CVE-2023-24329 Anchore CVE High python-3.10.4
CVE-2023-24329 Anchore CVE High python-3.10.4
CVE-2023-27043 Anchore CVE Medium python-3.10.4
CVE-2023-27043 Anchore CVE Medium python-3.10.4
GHSA-5cpq-8wj7-hf2v Anchore CVE Low cryptography-36.0.2
CVE-2023-36632 Anchore CVE High python-3.10.4
GHSA-j8r2-6x86-q33q Anchore CVE Medium requests-2.27.1
CVE-2023-36632 Anchore CVE High python-3.10.4
GHSA-xqr8-7jwr-rhp7 Anchore CVE High certifi-2021.10.8
GHSA-jm77-qphf-c4w8 Anchore CVE Low cryptography-36.0.2
CVE-2023-40217 Anchore CVE Medium python-3.10.4
CVE-2023-40217 Anchore CVE Medium python-3.10.4
GHSA-v8gr-m533-ghj9 Anchore CVE Low cryptography-36.0.2
GHSA-v845-jxx5-vc9f Anchore CVE Medium urllib3-1.26.9
GHSA-g4mx-q9vg-27p4 Anchore CVE Medium urllib3-1.26.9
GHSA-mq26-g339-26xf Anchore CVE Medium pip-22.0.4
CVE-2023-37920 Anchore CVE Low ca-certificates-2023.2.60_v7.0.306-80.0.el8_8
CVE-2023-2222 Anchore CVE Low gdb-gdbserver-8.2-20.el8
CVE-2022-47010 Anchore CVE Low gdb-gdbserver-8.2-20.el8
CVE-2022-47011 Anchore CVE Low gdb-gdbserver-8.2-20.el8
CVE-2022-47007 Anchore CVE Low gdb-gdbserver-8.2-20.el8
GHSA-jfhm-5ghh-2f97 Anchore CVE Medium cryptography-36.0.2
CVE-2023-7008 Anchore CVE Medium systemd-libs-239-78.el8
CVE-2023-7008 Anchore CVE Medium systemd-239-78.el8
CVE-2023-7008 Anchore CVE Medium systemd-pam-239-78.el8
GHSA-h5c8-rqwp-cp95 Anchore CVE Medium Jinja2-3.1.1
CVE-2021-43618 Anchore CVE Medium gmp-1:6.1.2-10.el8
CVE-2023-5455 Anchore CVE Medium krb5-libs-1.18.2-26.el8_9
CVE-2024-22365 Anchore CVE Medium pam-1.3.1-27.el8
CVE-2023-29499 Anchore CVE Low glib2-2.56.4-161.el8
CVE-2023-32665 Anchore CVE Low glib2-2.56.4-161.el8
CVE-2023-32611 Anchore CVE Low glib2-2.56.4-161.el8
CVE-2023-6004 Anchore CVE Low libssh-config-0.9.6-13.el8_9
CVE-2023-6004 Anchore CVE Low libssh-0.9.6-13.el8_9
CVE-2023-6918 Anchore CVE Low libssh-config-0.9.6-13.el8_9
CVE-2023-6918 Anchore CVE Low libssh-0.9.6-13.el8_9
GHSA-3ww4-gg4f-jr7f Anchore CVE High cryptography-36.0.2
CVE-2024-25062 Anchore CVE Medium python3-libxml2-2.9.7-18.el8_9
CVE-2024-25062 Anchore CVE Medium libxml2-2.9.7-18.el8_9
GHSA-9v9h-cgj8-h64p Anchore CVE Medium cryptography-36.0.2
CVE-2024-2236 Anchore CVE Medium libgcrypt-1.8.5-7.el8_6
CVE-2024-28182 Anchore CVE Medium libnghttp2-1.33.0-5.el8_9
CVE-2024-2398 Anchore CVE Medium curl-7.61.1-33.el8_9.5
CVE-2024-2398 Anchore CVE Medium libcurl-7.61.1-33.el8_9.5
CVE-2024-26458 Anchore CVE Low krb5-libs-1.18.2-26.el8_9
CVE-2024-3205 Anchore CVE Medium libyaml-0.1.7-5.el8
CVE-2024-2511 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2024-26461 Anchore CVE Low krb5-libs-1.18.2-26.el8_9
CVE-2024-2511 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
GHSA-jjg7-2v4v-x38h Anchore CVE Medium idna-3.3
CVE-2020-17049 Anchore CVE Medium krb5-libs-1.18.2-26.el8_9
GHSA-mr82-8j83-vxmv Anchore CVE Medium pydantic-1.9.0
CVE-2023-6597 Anchore CVE High python3-libs-3.6.8-56.el8_9.3
CVE-2023-2953 Anchore CVE Low openldap-2.4.46-18.el8
CVE-2024-0450 Anchore CVE Medium python3-libs-3.6.8-56.el8_9.3
CVE-2023-6597 Anchore CVE High platform-python-3.6.8-56.el8_9.3
CVE-2024-0450 Anchore CVE Medium platform-python-3.6.8-56.el8_9.3
CVE-2023-0464 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2020-12413 Anchore CVE Low nss-3.90.0-6.el8_9
CVE-2023-50495 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2022-0235 Anchore CVE Medium subscription-manager-1.28.40-1.el8_9
CVE-2020-19189 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-19188 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2021-39537 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2024-25260 Anchore CVE Low elfutils-libelf-0.189-3.el8
CVE-2019-9674 Anchore CVE Low python3-libs-3.6.8-56.el8_9.3
CVE-2005-2541 Anchore CVE Medium tar-2:1.30-9.el8
CVE-2019-19244 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2020-19185 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2019-12904 Anchore CVE Medium libgcrypt-1.8.5-7.el8_6
CVE-2020-12413 Anchore CVE Low nss-softokn-freebl-3.90.0-6.el8_9
CVE-2022-23990 Anchore CVE Medium expat-2.2.5-11.el8_9.1
CVE-2018-19211 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2021-42694 Anchore CVE Medium libgcc-8.5.0-20.el8
CVE-2021-20193 Anchore CVE Medium tar-2:1.30-9.el8
CVE-2024-0232 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2024-25260 Anchore CVE Low elfutils-libs-0.189-3.el8
CVE-2020-12413 Anchore CVE Low nss-util-3.90.0-6.el8_9
CVE-2018-20657 Anchore CVE Low libgcc-8.5.0-20.el8
CVE-2024-0727 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2021-33294 Anchore CVE Low elfutils-debuginfod-client-0.189-3.el8
CVE-2019-9674 Anchore CVE Low platform-python-3.6.8-56.el8_9.3
CVE-2021-3997 Anchore CVE Medium systemd-libs-239-78.el8
CVE-2023-0466 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2020-35512 Anchore CVE Low dbus-daemon-1:1.12.8-26.el8
CCE-85888-6 OSCAP Compliance Medium
CCE-83434-1 OSCAP Compliance Medium
CCE-84038-9 OSCAP Compliance Medium
CCE-86931-3 OSCAP Compliance Medium
CCE-86916-4 OSCAP Compliance Medium
CCE-85902-5 OSCAP Compliance High
CCE-85897-7 OSCAP Compliance Medium
CCE-85870-4 OSCAP Compliance Medium
CCE-85899-3 OSCAP Compliance Medium
CCE-86261-5 OSCAP Compliance Medium
CCE-80675-2 OSCAP Compliance Medium
CCE-85964-5 OSCAP Compliance Medium
CCE-82891-3 OSCAP Compliance Medium
CCE-84220-3 OSCAP Compliance Low
CCE-83733-6 OSCAP Compliance Low
CCE-80763-6 OSCAP Compliance Medium
CCE-83918-3 OSCAP Compliance Medium
CCE-82988-7 OSCAP Compliance Low
CCE-82840-0 OSCAP Compliance Low
CCE-84300-3 OSCAP Compliance Medium
CCE-86266-4 OSCAP Compliance Medium
CCE-80785-9 OSCAP Compliance High
CCE-82155-3 OSCAP Compliance High
CCE-80942-6 OSCAP Compliance High
CCE-80789-1 OSCAP Compliance High
CCE-86478-5 OSCAP Compliance Medium
CCE-82028-2 OSCAP Compliance Medium
CCE-80832-9 OSCAP Compliance Medium
CCE-82059-7 OSCAP Compliance Medium
CCE-81031-7 OSCAP Compliance Low
CCE-82005-0 OSCAP Compliance Low
CCE-80834-5 OSCAP Compliance Medium
CCE-82297-3 OSCAP Compliance Low
CCE-80835-2 OSCAP Compliance Medium
CCE-86960-2 OSCAP Compliance Medium
CCE-90784-0 OSCAP Compliance Medium
CCE-80837-8 OSCAP Compliance Medium
CCE-80838-6 OSCAP Compliance Medium
CCE-80839-4 OSCAP Compliance Medium
CCE-80844-4 OSCAP Compliance Medium
CCE-81043-2 OSCAP Compliance Medium
CCE-82191-8 OSCAP Compliance Medium
CCE-82998-6 OSCAP Compliance Medium
CCE-87036-0 OSCAP Compliance Medium
CCE-86260-7 OSCAP Compliance Medium
CCE-80846-9 OSCAP Compliance Medium
CCE-83303-8 OSCAP Compliance Medium
CCE-82976-2 OSCAP Compliance Low
CCE-85983-5 OSCAP Compliance Medium
CCE-82859-0 OSCAP Compliance Medium
CCE-80847-7 OSCAP Compliance Medium
CCE-80644-8 OSCAP Compliance Medium
CCE-81044-0 OSCAP Compliance Low
CCE-80851-9 OSCAP Compliance Low
CCE-80852-7 OSCAP Compliance Low
CCE-80853-5 OSCAP Compliance Low
CCE-80854-3 OSCAP Compliance Low
CCE-82730-3 OSCAP Compliance Medium
CCE-80859-2 OSCAP Compliance Medium
CCE-86339-9 OSCAP Compliance Medium
CCE-86098-1 OSCAP Compliance Medium
CCE-85992-6 OSCAP Compliance Medium
CCE-83426-7 OSCAP Compliance Medium
CCE-80863-4 OSCAP Compliance Medium
CCE-80868-3 OSCAP Compliance Medium
CCE-80869-1 OSCAP Compliance High
CCE-86353-0 OSCAP Compliance Medium
CCE-82249-4 OSCAP Compliance Medium
CCE-80886-5 OSCAP Compliance Medium
CCE-82426-8 OSCAP Compliance Medium
CCE-82853-3 OSCAP Compliance Medium
CCE-90781-6 OSCAP Compliance Medium
CCE-82462-3 OSCAP Compliance Low
CCE-84027-2 OSCAP Compliance High
CCE-81027-5 OSCAP Compliance Medium
CCE-81030-9 OSCAP Compliance Medium
CCE-82215-5 OSCAP Compliance Medium
CCE-80913-7 OSCAP Compliance Low
CCE-80952-5 OSCAP Compliance Medium
CCE-80915-2 OSCAP Compliance Medium
CCE-81054-9 OSCAP Compliance Low
CCE-80916-0 OSCAP Compliance Medium
CCE-82974-7 OSCAP Compliance Medium
CCE-80953-3 OSCAP Compliance Medium
CCE-82934-1 OSCAP Compliance Medium
CCE-80917-8 OSCAP Compliance Medium
CCE-81011-9 OSCAP Compliance Medium
CCE-86220-1 OSCAP Compliance Medium
CCE-81021-8 OSCAP Compliance Medium
CCE-80918-6 OSCAP Compliance Medium
CCE-80919-4 OSCAP Compliance Medium
CCE-80920-2 OSCAP Compliance Medium
CCE-80921-0 OSCAP Compliance Medium
CCE-80922-8 OSCAP Compliance Medium
CCE-81006-9 OSCAP Compliance Medium
CCE-81009-3 OSCAP Compliance Medium
CCE-81013-5 OSCAP Compliance Medium
CCE-82863-2 OSCAP Compliance Medium
CCE-81007-7 OSCAP Compliance Medium
CCE-81010-1 OSCAP Compliance Medium
CCE-81015-0 OSCAP Compliance Medium
CCE-82211-4 OSCAP Compliance Medium
CCE-83774-0 OSCAP Compliance Medium
CVE-2023-0286 Twistlock CVE High cryptography-36.0.2
CVE-2024-25062 Twistlock CVE Medium libxml2-2.9.7-18.el8_9
CVE-2024-25062 Twistlock CVE Medium python3-libxml2-2.9.7-18.el8_9
CVE-2022-23491 Twistlock CVE Medium certifi-2021.10.8
CVE-2023-5455 Twistlock CVE Medium krb5-libs-1.18.2-26.el8_9
CVE-2018-20839 Twistlock CVE Medium systemd-pam-239-78.el8
CVE-2018-20839 Twistlock CVE Medium systemd-libs-239-78.el8
CVE-2018-20839 Twistlock CVE Medium systemd-239-78.el8
CVE-2022-0235 Twistlock CVE Medium python3-syspurpose-1.28.40-1.el8_9
CVE-2022-0235 Twistlock CVE Medium python3-cloud-what-1.28.40-1.el8_9
CVE-2022-0235 Twistlock CVE Medium subscription-manager-rhsm-certificates-20220623-1.el8
CVE-2022-0235 Twistlock CVE Medium python3-subscription-manager-rhsm-1.28.40-1.el8_9
CVE-2022-0235 Twistlock CVE Medium dnf-plugin-subscription-manager-1.28.40-1.el8_9
CVE-2022-0235 Twistlock CVE Medium subscription-manager-1.28.40-1.el8_9
CVE-2023-7008 Twistlock CVE Medium systemd-libs-239-78.el8
CVE-2023-7008 Twistlock CVE Medium systemd-239-78.el8
CVE-2023-7008 Twistlock CVE Medium systemd-pam-239-78.el8
CVE-2022-42966 Twistlock CVE Medium cleo-0.8.1
CVE-2024-22365 Twistlock CVE Medium pam-1.3.1-27.el8
CVE-2024-0727 Twistlock CVE Medium cryptography-36.0.2
CVE-2023-37920 Twistlock CVE Low ca-certificates-2023.2.60_v7.0.306-80.0.el8_8
CVE-2024-26461 Twistlock CVE Low krb5-libs-1.18.2-26.el8_9
CVE-2024-26458 Twistlock CVE Low krb5-libs-1.18.2-26.el8_9
CVE-2020-21674 Twistlock CVE Low libarchive-3.3.3-5.el8
CVE-2019-19244 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2023-2953 Twistlock CVE Low openldap-2.4.46-18.el8
CVE-2020-35512 Twistlock CVE Low dbus-libs-1.12.8-26.el8
CVE-2020-35512 Twistlock CVE Low dbus-common-1.12.8-26.el8
CVE-2020-35512 Twistlock CVE Low dbus-tools-1.12.8-26.el8
CVE-2020-35512 Twistlock CVE Low dbus-1.12.8-26.el8
CVE-2020-35512 Twistlock CVE Low dbus-daemon-1.12.8-26.el8
CVE-2023-50495 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2023-50495 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2023-32665 Twistlock CVE Low glib2-2.56.4-161.el8
CVE-2023-32611 Twistlock CVE Low glib2-2.56.4-161.el8
CVE-2023-2650 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2023-2650 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2020-19190 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-19190 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-19189 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-19189 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-19188 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-19188 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-19187 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-19187 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-19186 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-19186 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-19185 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-19185 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2023-32636 Twistlock CVE Low glib2-2.56.4-161.el8
CVE-2023-29499 Twistlock CVE Low glib2-2.56.4-161.el8
CVE-2023-6004 Twistlock CVE Low libssh-0.9.6-13.el8_9
CVE-2023-6004 Twistlock CVE Low libssh-config-0.9.6-13.el8_9
CVE-2023-4156 Twistlock CVE Low gawk-4.2.1-4.el8
CVE-2023-0464 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2023-0464 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2020-12413 Twistlock CVE Low nss-util-3.90.0-6.el8_9
CVE-2020-12413 Twistlock CVE Low nss-3.90.0-6.el8_9
CVE-2020-12413 Twistlock CVE Low nss-softokn-3.90.0-6.el8_9
CVE-2020-12413 Twistlock CVE Low nss-sysinit-3.90.0-6.el8_9
CVE-2020-12413 Twistlock CVE Low nss-softokn-freebl-3.90.0-6.el8_9
CVE-2024-0727 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2024-0727 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2022-47011 Twistlock CVE Low gdb-gdbserver-8.2-20.el8
CVE-2022-47010 Twistlock CVE Low gdb-gdbserver-8.2-20.el8
CVE-2022-47007 Twistlock CVE Low gdb-gdbserver-8.2-20.el8
CVE-2022-27943 Twistlock CVE Low libgcc-8.5.0-20.el8
CVE-2022-27943 Twistlock CVE Low libstdc++-8.5.0-20.el8
CVE-2021-3997 Twistlock CVE Low systemd-libs-239-78.el8
CVE-2021-3997 Twistlock CVE Low systemd-pam-239-78.el8
CVE-2021-3997 Twistlock CVE Low systemd-239-78.el8
CVE-2021-39537 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2021-39537 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2023-0466 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2023-0466 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2023-0465 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2023-0465 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2022-41409 Twistlock CVE Low pcre2-10.32-3.el8_6
CVE-2024-0232 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2018-19211 Twistlock CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2018-19211 Twistlock CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2019-8906 Twistlock CVE Low file-libs-5.33-25.el8
CVE-2019-8905 Twistlock CVE Low file-libs-5.33-25.el8
CVE-2024-25260 Twistlock CVE Low elfutils-default-yama-scope-0.189-3.el8
CVE-2024-25260 Twistlock CVE Low elfutils-libelf-0.189-3.el8
CVE-2024-25260 Twistlock CVE Low elfutils-libs-0.189-3.el8
CVE-2021-33294 Twistlock CVE Low elfutils-libelf-0.189-3.el8
CVE-2021-33294 Twistlock CVE Low elfutils-libs-0.189-3.el8
CVE-2021-33294 Twistlock CVE Low elfutils-default-yama-scope-0.189-3.el8
CVE-2023-6918 Twistlock CVE Low libssh-config-0.9.6-13.el8_9
CVE-2023-6918 Twistlock CVE Low libssh-0.9.6-13.el8_9
CVE-2023-39804 Twistlock CVE Low tar-1.30-9.el8
CVE-2021-20193 Twistlock CVE Low tar-1.30-9.el8
CVE-2019-9937 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2019-9936 Twistlock CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2019-9923 Twistlock CVE Low tar-1.30-9.el8
CVE-2019-14250 Twistlock CVE Low libgcc-8.5.0-20.el8
CVE-2019-14250 Twistlock CVE Low libstdc++-8.5.0-20.el8
CVE-2018-20657 Twistlock CVE Low libstdc++-8.5.0-20.el8
CVE-2018-20657 Twistlock CVE Low libgcc-8.5.0-20.el8
CVE-2018-1000880 Twistlock CVE Low libarchive-3.3.3-5.el8
CVE-2018-1000879 Twistlock CVE Low libarchive-3.3.3-5.el8
GHSA-v8gr-m533-ghj9 Twistlock CVE Low cryptography-36.0.2
GHSA-jm77-qphf-c4w8 Twistlock CVE Low cryptography-36.0.2
GHSA-5cpq-8wj7-hf2v Twistlock CVE Low cryptography-36.0.2
CVE-2024-2236 Twistlock CVE Medium libgcrypt-1.8.5-7.el8_6
CVE-2024-28182 Twistlock CVE Medium libnghttp2-1.33.0-5.el8_9
CVE-2024-2398 Twistlock CVE Medium libcurl-7.61.1-33.el8_9.5
CVE-2024-2398 Twistlock CVE Medium curl-7.61.1-33.el8_9.5
CVE-2024-3205 Twistlock CVE Medium libyaml-0.1.7-5.el8
CVE-2022-23990 Twistlock CVE Medium expat-2.2.5-11.el8_9.1
CVE-2023-52426 Twistlock CVE Medium expat-2.2.5-11.el8_9.1
CVE-2023-27534 Twistlock CVE Low libcurl-7.61.1-33.el8_9.5
CVE-2023-27534 Twistlock CVE Low curl-7.61.1-33.el8_9.5
CVE-2024-2511 Twistlock CVE Low openssl-1.1.1k-12.el8_9
CVE-2024-2511 Twistlock CVE Low openssl-libs-1.1.1k-12.el8_9
CVE-2020-17049 Twistlock CVE Medium krb5-libs-1.18.2-26.el8_9
CVE-2024-3651 Twistlock CVE Medium idna-3.3
CVE-2021-4209 Twistlock CVE Low gnutls-3.6.16-8.el8_9.3
CVE-2019-16866 Twistlock CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2019-16866 Twistlock CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2023-6597 Twistlock CVE Critical platform-python-3.6.8-56.el8_9.3
CVE-2023-6597 Twistlock CVE Critical python3-libs-3.6.8-56.el8_9.3
CVE-2024-0450 Twistlock CVE Medium platform-python-3.6.8-56.el8_9.3
CVE-2024-0450 Twistlock CVE Medium python3-libs-3.6.8-56.el8_9.3
CVE-2024-3772 Twistlock CVE Medium pydantic-1.9.0
CVE-2023-43804 Twistlock CVE Medium platform-python-pip-9.0.3-23.el8_9.1
CVE-2023-43804 Twistlock CVE Medium python3-pip-wheel-9.0.3-23.el8_9.1
CVE-2024-29040 Twistlock CVE Medium tpm2-tss-2.3.2-5.el8
CVE-2019-17543 Anchore CVE Medium lz4-libs-1.8.3-3.el8_4
CVE-2021-39537 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2018-19217 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2023-2650 Anchore CVE Medium openssl-1:1.1.1k-12.el8_9
CVE-2023-36191 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2018-1000879 Anchore CVE Low libarchive-3.3.3-5.el8
CVE-2023-27534 Anchore CVE Low libcurl-7.61.1-33.el8_9.5
CVE-2024-0727 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2023-27534 Anchore CVE Low curl-7.61.1-33.el8_9.5
CVE-2020-21674 Anchore CVE Medium libarchive-3.3.3-5.el8
CVE-2018-1000654 Anchore CVE Low libtasn1-4.13-4.el8_7
CVE-2020-19187 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2022-27943 Anchore CVE Low libstdc++-8.5.0-20.el8
CVE-2022-0235 Anchore CVE Medium dnf-plugin-subscription-manager-1.28.40-1.el8_9
CVE-2023-0465 Anchore CVE Low openssl-1:1.1.1k-12.el8_9
CVE-2020-12413 Anchore CVE Low nss-softokn-3.90.0-6.el8_9
CVE-2021-3997 Anchore CVE Medium systemd-pam-239-78.el8
CVE-2024-25260 Anchore CVE Low elfutils-default-yama-scope-0.189-3.el8
CVE-2023-0464 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2021-3997 Anchore CVE Medium systemd-239-78.el8
CVE-2022-0235 Anchore CVE Medium python3-syspurpose-1.28.40-1.el8_9
CVE-2020-19188 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2019-9923 Anchore CVE Low tar-2:1.30-9.el8
CVE-2020-35512 Anchore CVE Low dbus-1:1.12.8-26.el8
CVE-2019-16866 Anchore CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2023-39804 Anchore CVE Low tar-2:1.30-9.el8
CVE-2022-27943 Anchore CVE Low libgcc-8.5.0-20.el8
CVE-2020-35512 Anchore CVE Low dbus-tools-1:1.12.8-26.el8
CVE-2023-4156 Anchore CVE Low gawk-4.2.1-4.el8
CVE-2020-19186 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2018-19217 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-19189 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2022-0235 Anchore CVE Medium python3-subscription-manager-rhsm-1.28.40-1.el8_9
CVE-2024-3651 Anchore CVE Medium python3-idna-2.5-5.el8
CVE-2019-8906 Anchore CVE Low file-libs-5.33-25.el8
CVE-2023-45322 Anchore CVE Low python3-libxml2-2.9.7-18.el8_9
CVE-2018-20839 Anchore CVE Medium systemd-pam-239-78.el8
CVE-2018-19211 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2019-16866 Anchore CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2021-4209 Anchore CVE Low gnutls-3.6.16-8.el8_9.3
CVE-2020-35512 Anchore CVE Low dbus-common-1:1.12.8-26.el8
CVE-2020-19186 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-19187 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2019-14250 Anchore CVE Low libgcc-8.5.0-20.el8
CVE-2024-25260 Anchore CVE Low elfutils-debuginfod-client-0.189-3.el8
CVE-2023-32636 Anchore CVE Low glib2-2.56.4-161.el8
CVE-2021-33294 Anchore CVE Low elfutils-default-yama-scope-0.189-3.el8
CVE-2018-20657 Anchore CVE Low libstdc++-8.5.0-20.el8
CVE-2023-2650 Anchore CVE Medium openssl-libs-1:1.1.1k-12.el8_9
CVE-2022-41409 Anchore CVE Low pcre2-10.32-3.el8_6
CVE-2023-45322 Anchore CVE Low libxml2-2.9.7-18.el8_9
CVE-2020-19190 Anchore CVE Low ncurses-libs-6.1-10.20180224.el8
CVE-2020-35512 Anchore CVE Low dbus-libs-1:1.12.8-26.el8
CVE-2018-20839 Anchore CVE Medium systemd-239-78.el8
CVE-2018-20225 Anchore CVE Low platform-python-pip-9.0.3-23.el8_9.1
CVE-2021-33294 Anchore CVE Low elfutils-libelf-0.189-3.el8
CVE-2023-50495 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2018-1000880 Anchore CVE Low libarchive-3.3.3-5.el8
CVE-2019-8905 Anchore CVE Low file-libs-5.33-25.el8
CVE-2020-19190 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2023-0466 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2019-9937 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2023-0465 Anchore CVE Low openssl-libs-1:1.1.1k-12.el8_9
CVE-2021-42694 Anchore CVE Medium libstdc++-8.5.0-20.el8
CVE-2019-14250 Anchore CVE Low libstdc++-8.5.0-20.el8
CVE-2019-12900 Anchore CVE Low bzip2-libs-1.0.6-26.el8
CVE-2018-20225 Anchore CVE Low python3-pip-wheel-9.0.3-23.el8_9.1
CVE-2019-9936 Anchore CVE Low sqlite-libs-3.26.0-19.el8_9
CVE-2022-0235 Anchore CVE Medium python3-cloud-what-1.28.40-1.el8_9
CVE-2021-24032 Anchore CVE Low libzstd-1.4.4-1.el8
CVE-2020-19185 Anchore CVE Low ncurses-base-6.1-10.20180224.el8
CVE-2020-12413 Anchore CVE Low nss-sysinit-3.90.0-6.el8_9
CVE-2021-33294 Anchore CVE Low elfutils-libs-0.189-3.el8
CVE-2018-20839 Anchore CVE Medium systemd-libs-239-78.el8
CVE-2023-43804 Anchore CVE Medium platform-python-pip-9.0.3-23.el8_9.1
CVE-2023-43804 Anchore CVE Medium python3-pip-wheel-9.0.3-23.el8_9.1
CVE-2019-1010022 Anchore CVE Critical glibc-gconv-extra-2.28-236.el8_9.13
CVE-2019-1010022 Anchore CVE Critical glibc-langpack-en-2.28-236.el8_9.13
CVE-2019-1010022 Anchore CVE Critical glibc-minimal-langpack-2.28-236.el8_9.13
CVE-2019-1010022 Anchore CVE Critical glibc-2.28-236.el8_9.13
CVE-2019-1010022 Anchore CVE Critical glibc-common-2.28-236.el8_9.13
CVE-2023-0464 Anchore CVE High openssl-1.1.1o
CVE-2023-4807 Anchore CVE High openssl-1.1.1o
CVE-2023-2650 Anchore CVE Medium openssl-1.1.1o
CVE-2023-0286 Anchore CVE High openssl-1.1.1o
CVE-2023-0466 Anchore CVE Medium openssl-1.1.1o
CVE-2022-2068 Anchore CVE Critical openssl-1.1.1o
CVE-2022-4450 Anchore CVE High openssl-1.1.1o
CVE-2023-5678 Anchore CVE Medium openssl-1.1.1o
CVE-2023-0465 Anchore CVE Medium openssl-1.1.1o
CVE-2022-2097 Anchore CVE Medium openssl-1.1.1o
CVE-2024-0727 Anchore CVE Medium openssl-1.1.1o
CVE-2022-4304 Anchore CVE Medium openssl-1.1.1o
CVE-2023-0215 Anchore CVE High openssl-1.1.1o
CVE-2023-3817 Anchore CVE Medium openssl-1.1.1o
CVE-2024-33655 Anchore CVE Low unbound-libs-1.16.2-5.el8_9.6
GHSA-h75v-3vvj-5mfj Anchore CVE Medium Jinja2-3.1.1
GHSA-g7vv-2v7x-gj9p Anchore CVE Low tqdm-4.64.0
CVE-2024-33655 Anchore CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-34062 Twistlock CVE Low tqdm-4.64.0
CVE-2024-34064 Twistlock CVE Medium jinja2-3.1.1
CVE-2023-37920 Twistlock CVE Critical certifi-2021.10.8
CVE-2023-43804 Twistlock CVE High urllib3-1.26.9
CVE-2023-50782 Twistlock CVE High cryptography-36.0.2
CVE-2023-49083 Twistlock CVE High cryptography-36.0.2
CVE-2022-40898 Twistlock CVE High wheel-0.37.1
CVE-2023-23931 Twistlock CVE Medium cryptography-36.0.2
CVE-2024-22195 Twistlock CVE Medium jinja2-3.1.1
CVE-2023-32681 Twistlock CVE Medium requests-2.27.1
CVE-2022-40897 Twistlock CVE Medium setuptools-62.1.0
CVE-2023-45803 Twistlock CVE Medium urllib3-1.26.9
CVE-2023-5752 Twistlock CVE Low pip-22.0.4
CVE-2024-34397 Twistlock CVE Medium glib2-2.56.4-161.el8
CVE-2024-33655 Twistlock CVE Low python3-unbound-1.16.2-5.el8_9.6
CVE-2024-33655 Twistlock CVE Low unbound-libs-1.16.2-5.el8_9.6
CVE-2024-34459 Twistlock CVE Low libxml2-2.9.7-18.el8_9
CVE-2024-34459 Twistlock CVE Medium python3-libxml2-2.9.7-18.el8_9
CVE-2024-35195 Twistlock CVE Medium requests-2.27.1

VAT: https://vat.dso.mil/vat/image?imageName=opensource/metrostar/tip-dependencies&tag=0.0.6&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/metrostar/tip-dependencies/-/jobs/23485308

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Verification" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI