chore(findings): opensource/r/r-studio
Summary
opensource/r/r-studio has 210 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-39260 | Twistlock CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2022-39260 | Twistlock CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-39260 | Twistlock CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-39253 | Twistlock CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-39253 | Twistlock CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-39253 | Twistlock CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2019-19244 | Twistlock CVE | Low | sqlite-3.26.0-16.el8_6 |
CVE-2019-19244 | Twistlock CVE | Low | sqlite-devel-3.26.0-16.el8_6 |
CVE-2019-9937 | Twistlock CVE | Low | sqlite-3.26.0-16.el8_6 |
CVE-2019-9937 | Twistlock CVE | Low | sqlite-devel-3.26.0-16.el8_6 |
CVE-2019-9936 | Twistlock CVE | Low | sqlite-devel-3.26.0-16.el8_6 |
CVE-2019-9936 | Twistlock CVE | Low | sqlite-3.26.0-16.el8_6 |
CVE-2022-30580 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-41715 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-32189 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-30635 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-30633 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-30632 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-30631 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-30630 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-2880 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-2879 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-28131 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-27664 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-32148 | Twistlock CVE | Medium | go-1.18.1 |
CVE-2022-1705 | Twistlock CVE | Medium | go-1.18.1 |
CVE-2022-1962 | Twistlock CVE | Medium | go-1.18.1 |
CVE-2022-30629 | Twistlock CVE | Low | go-1.18.1 |
CVE-2022-39260 | Anchore CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2022-39260 | Anchore CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-39260 | Anchore CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-39260 | Anchore CVE | Medium | git-core-doc-2.31.1-2.el8 |
CVE-2022-41716 | Twistlock CVE | Medium | go-1.18.1 |
CVE-2022-39253 | Anchore CVE | Medium | git-core-doc-2.31.1-2.el8 |
CVE-2022-39253 | Anchore CVE | Medium | git-core-2.31.1-2.el8 |
CVE-2022-39253 | Anchore CVE | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-39253 | Anchore CVE | Medium | git-2.31.1-2.el8 |
CVE-2022-40755 | Anchore CVE | Low | jasper-libs-2.0.14-5.el8 |
CVE-2022-3554 | Anchore CVE | Medium | libX11-common-1.6.8-5.el8 |
CVE-2022-40304 | Twistlock CVE | Medium | libxml2-devel-2.9.7-15.el8 |
CVE-2022-40303 | Twistlock CVE | Medium | libxml2-devel-2.9.7-15.el8 |
CVE-2022-43680 | Twistlock CVE | Medium | expat-devel-2.2.5-10.el8 |
CVE-2022-35252 | Twistlock CVE | Low | libcurl-devel-7.61.1-25.el8 |
CVE-2021-25317 | Twistlock CVE | Low | cups-libs-2.2.6-50.el8 |
CVE-2022-1665 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3239 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-30594 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-2153 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-40304 | Anchore CVE | Medium | libxml2-devel-2.9.7-15.el8 |
CVE-2022-1263 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-2964 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-36280 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-2873 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-41674 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2021-46778 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-42721 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-38457 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2020-36557 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2021-33656 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3707 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-35252 | Anchore CVE | Low | libcurl-devel-7.61.1-25.el8 |
CVE-2022-41218 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-36402 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3640 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-39189 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-40303 | Anchore CVE | Medium | libxml2-devel-2.9.7-15.el8 |
CVE-2022-39188 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-21233 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3344 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-20141 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3028 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-40133 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-38096 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-42722 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3424 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-20166 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-1972 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-2663 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-42720 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2021-33655 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-1789 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-28693 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-2785 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-42703 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3570 | Twistlock CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3570 | Twistlock CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3599 | Twistlock CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3599 | Twistlock CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3598 | Twistlock CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3598 | Twistlock CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3857 | Twistlock CVE | Low | libpng-devel-1.6.34-5.el8 |
CVE-2022-3857 | Twistlock CVE | Low | java-1.8.0-openjdk-devel-1.8.0.352.b08-2.el8_7 |
CVE-2022-3857 | Twistlock CVE | Low | java-1.8.0-openjdk-headless-1.8.0.352.b08-2.el8_7 |
CVE-2022-3857 | Twistlock CVE | Low | java-17-openjdk-devel-17.0.5.0.8-2.el8_6 |
CVE-2022-3857 | Twistlock CVE | Low | java-17-openjdk-headless-17.0.5.0.8-2.el8_6 |
CVE-2022-3857 | Twistlock CVE | Low | java-1.8.0-openjdk-1.8.0.352.b08-2.el8_7 |
CVE-2022-3857 | Twistlock CVE | Low | java-17-openjdk-17.0.5.0.8-2.el8_6 |
CVE-2022-3857 | Twistlock CVE | Low | libpng-1.6.34-5.el8 |
CVE-2022-32190 | Twistlock CVE | High | go-1.18.1 |
CVE-2022-45061 | Twistlock CVE | Medium | platform-python-3.6.8-48.el8_7 |
CVE-2022-45061 | Twistlock CVE | Medium | python3-libs-3.6.8-48.el8_7 |
CVE-2022-36227 | Twistlock CVE | Low | libarchive-3.3.3-4.el8 |
CVE-2022-3857 | Anchore CVE | Low | java-1.8.0-openjdk-1:1.8.0.352.b08-2.el8_7 |
CVE-2022-43680 | Anchore CVE | Medium | expat-devel-2.2.5-10.el8 |
CVE-2022-43680 | Anchore CVE | Medium | expat-2.2.5-10.el8 |
CVE-2022-45061 | Anchore CVE | Medium | python3-libs-3.6.8-48.el8_7 |
CVE-2022-3570 | Anchore CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3857 | Anchore CVE | Low | libpng-devel-2:1.6.34-5.el8 |
CVE-2022-3857 | Anchore CVE | Low | java-1.8.0-openjdk-headless-1:1.8.0.352.b08-2.el8_7 |
CVE-2022-36227 | Anchore CVE | Low | libarchive-3.3.3-4.el8 |
CVE-2022-3857 | Anchore CVE | Low | java-17-openjdk-1:17.0.5.0.8-2.el8_6 |
CVE-2022-3857 | Anchore CVE | Low | java-17-openjdk-devel-1:17.0.5.0.8-2.el8_6 |
CVE-2007-4559 | Anchore CVE | Medium | platform-python-3.6.8-48.el8_7 |
CVE-2021-46848 | Anchore CVE | Medium | libtasn1-4.13-3.el8 |
CVE-2022-41222 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3570 | Anchore CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3625 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3857 | Anchore CVE | Low | libpng-2:1.6.34-5.el8 |
CVE-2022-43945 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-45061 | Anchore CVE | Medium | platform-python-3.6.8-48.el8_7 |
CVE-2022-3566 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-4129 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-35737 | Anchore CVE | Medium | sqlite-devel-3.26.0-16.el8_6 |
CVE-2007-4559 | Anchore CVE | Medium | python3-libs-3.6.8-48.el8_7 |
CVE-2022-23824 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3903 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-35737 | Anchore CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
CVE-2022-3857 | Anchore CVE | Low | java-17-openjdk-headless-1:17.0.5.0.8-2.el8_6 |
CVE-2022-3857 | Anchore CVE | Low | java-1.8.0-openjdk-devel-1:1.8.0.352.b08-2.el8_7 |
CVE-2022-35737 | Anchore CVE | Medium | sqlite-3.26.0-16.el8_6 |
CVE-2022-41858 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3567 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-42896 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-42895 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3970 | Twistlock CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3970 | Twistlock CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2020-17049 | Twistlock CVE | Medium | krb5-libs-1.18.2-22.el8_7 |
CVE-2020-17049 | Twistlock CVE | Medium | krb5-devel-1.18.2-22.el8_7 |
CVE-2022-3627 | Twistlock CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3627 | Twistlock CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3627 | Anchore CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3627 | Anchore CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3970 | Anchore CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3970 | Anchore CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-45939 | Twistlock CVE | Medium | emacs-filesystem-26.1-7.el8 |
CVE-2022-3598 | Anchore CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3599 | Anchore CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3598 | Anchore CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-4139 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3599 | Anchore CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-45939 | Anchore CVE | Medium | emacs-filesystem-1:26.1-7.el8 |
CVE-2022-4269 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-4285 | Twistlock CVE | Medium | gdb-gdbserver-8.2-19.el8 |
CVE-2022-4285 | Twistlock CVE | Medium | binutils-2.30-117.el8 |
CVE-2019-7317 | Twistlock CVE | Low | libpng-devel-1.6.34-5.el8 |
CVE-2019-7317 | Twistlock CVE | Low | libpng-1.6.34-5.el8 |
CVE-2022-3628 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-20154 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CCE-86099-9 | OSCAP Compliance | Medium | |
CVE-2022-45934 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-41717 | Twistlock CVE | Medium | go-1.18.1 |
CVE-2022-4378 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-46908 | Twistlock CVE | Medium | sqlite-devel-3.26.0-16.el8_6 |
CVE-2022-46908 | Twistlock CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
CVE-2022-46908 | Twistlock CVE | Medium | sqlite-3.26.0-16.el8_6 |
CVE-2022-4285 | Anchore CVE | Medium | gdb-gdbserver-8.2-19.el8 |
CVE-2022-4285 | Anchore CVE | Medium | binutils-2.30-117.el8 |
CVE-2022-45919 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3564 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2021-44568 | Twistlock CVE | Low | libsolv-0.7.20-4.el8_7 |
CVE-2022-45886 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-45885 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-45884 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2021-44568 | Anchore CVE | Low | libsolv-0.7.20-4.el8_7 |
CVE-2022-3594 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-45887 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3597 | Twistlock CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3597 | Twistlock CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-4543 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-3606 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-4415 | Twistlock CVE | Medium | systemd-pam-239-68.el8 |
CVE-2022-4415 | Twistlock CVE | Medium | systemd-libs-239-68.el8 |
CVE-2022-4415 | Twistlock CVE | Medium | systemd-239-68.el8 |
CVE-2022-43552 | Twistlock CVE | Low | libcurl-devel-7.61.1-25.el8 |
CVE-2022-43552 | Twistlock CVE | Low | libcurl-7.61.1-25.el8 |
CVE-2022-4662 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-43552 | Anchore CVE | Low | libcurl-7.61.1-25.el8 |
CVE-2022-4415 | Anchore CVE | Medium | systemd-libs-239-68.el8 |
CVE-2022-3619 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-4415 | Anchore CVE | Medium | systemd-239-68.el8 |
CVE-2022-4415 | Anchore CVE | Medium | systemd-pam-239-68.el8 |
CVE-2022-43552 | Anchore CVE | Low | libcurl-devel-7.61.1-25.el8 |
CVE-2022-47938 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-40897 | Twistlock CVE | High | setuptools-39.2.0 |
CVE-2022-4379 | Anchore CVE | High | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-28388 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-46908 | Anchore CVE | Medium | sqlite-devel-3.26.0-16.el8_6 |
CVE-2022-46908 | Anchore CVE | Medium | sqlite-3.26.0-16.el8_6 |
CVE-2022-46908 | Anchore CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
CVE-2022-35737 | Twistlock CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
CVE-2022-35737 | Twistlock CVE | Medium | sqlite-devel-3.26.0-16.el8_6 |
CVE-2022-35737 | Twistlock CVE | Medium | sqlite-3.26.0-16.el8_6 |
CVE-2022-3542 | Anchore CVE | Low | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-45873 | Twistlock CVE | Medium | systemd-pam-239-68.el8 |
CVE-2022-45873 | Twistlock CVE | Medium | systemd-libs-239-68.el8 |
CVE-2022-45873 | Twistlock CVE | Medium | systemd-239-68.el8 |
CVE-2022-3626 | Twistlock CVE | Medium | libtiff-devel-4.0.9-23.el8 |
CVE-2022-3626 | Twistlock CVE | Medium | libtiff-4.0.9-23.el8 |
CVE-2022-3524 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
CVE-2022-43750 | Anchore CVE | Medium | kernel-headers-4.18.0-425.3.1.el8 |
VAT: https://vat.dso.mil/vat/image?imageName=opensource/r/r-studio&tag=2022.07.2-576&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/opensource/r/r-studio/-/jobs/15371173
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.