chore(findings): parasoft/dtp
Summary
parasoft/dtp has 112 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2021-40690 | twistlock_cve | High | org.apache.cxf_cxf-core-3.4.4 |
CVE-2021-45105 | twistlock_cve | High | org.apache.logging.log4j_log4j-core-2.14.0 |
CVE-2022-0529 | anchore_cve | Low | unzip-6.0-45.el8_4 |
CVE-2021-4217 | anchore_cve | Low | unzip-6.0-45.el8_4 |
CVE-2022-0530 | anchore_cve | Low | unzip-6.0-45.el8_4 |
CVE-2021-3733 | twistlock_cve | Moderate | python3-libs-3.6.8-41.el8 |
CVE-2021-3733 | twistlock_cve | Moderate | platform-python-3.6.8-41.el8 |
CVE-2020-12401 | twistlock_cve | Moderate | nss-util-3.67.0-7.el8_5 |
CVE-2020-12401 | twistlock_cve | Moderate | nss-softokn-3.67.0-7.el8_5 |
CVE-2020-12401 | twistlock_cve | Moderate | nss-3.67.0-7.el8_5 |
CVE-2020-12401 | twistlock_cve | Moderate | nss-softokn-freebl-3.67.0-7.el8_5 |
CVE-2020-12401 | twistlock_cve | Moderate | nss-sysinit-3.67.0-7.el8_5 |
CVE-2020-12401 | anchore_cve | Medium | nss-softokn-3.67.0-7.el8_5 |
CVE-2020-12401 | anchore_cve | Medium | nss-sysinit-3.67.0-7.el8_5 |
CVE-2020-12401 | anchore_cve | Medium | nss-3.67.0-7.el8_5 |
CVE-2020-12401 | anchore_cve | Medium | nss-util-3.67.0-7.el8_5 |
CVE-2020-12401 | anchore_cve | Medium | nss-softokn-freebl-3.67.0-7.el8_5 |
CVE-2021-4189 | twistlock_cve | Moderate | python3-libs-3.6.8-41.el8 |
CVE-2021-4189 | twistlock_cve | Moderate | platform-python-3.6.8-41.el8 |
CVE-2021-4189 | anchore_cve | Medium | python3-libs-3.6.8-41.el8 |
CVE-2021-4189 | anchore_cve | Medium | platform-python-3.6.8-41.el8 |
CCE-85902-5 | oscap_comp | Medium | Uninherited |
CCE-85897-7 | oscap_comp | Medium | Uninherited |
CCE-85870-4 | oscap_comp | Medium | Uninherited |
CCE-85899-3 | oscap_comp | Medium | Uninherited |
CCE-86233-4 | oscap_comp | Medium | Uninherited |
CCE-85910-8 | oscap_comp | Medium | Uninherited |
CCE-80667-9 | oscap_comp | Medium | Uninherited |
CCE-80668-7 | oscap_comp | Medium | Uninherited |
CCE-80669-5 | oscap_comp | Medium | Uninherited |
CCE-80670-3 | oscap_comp | Medium | Uninherited |
CCE-81037-4 | oscap_comp | Medium | Uninherited |
CCE-81035-8 | oscap_comp | Medium | Uninherited |
CVE-2021-35939 | twistlock_cve | Moderate | rpm-4.14.3-19.el8_5.2 |
CVE-2021-35938 | twistlock_cve | Moderate | rpm-4.14.3-19.el8_5.2 |
CVE-2021-35937 | twistlock_cve | Moderate | rpm-4.14.3-19.el8_5.2 |
CVE-2021-35939 | twistlock_cve | Moderate | rpm-build-libs-4.14.3-19.el8_5.2 |
CVE-2021-35938 | twistlock_cve | Moderate | rpm-build-libs-4.14.3-19.el8_5.2 |
CVE-2021-35937 | twistlock_cve | Moderate | rpm-build-libs-4.14.3-19.el8_5.2 |
CVE-2021-35939 | twistlock_cve | Moderate | rpm-libs-4.14.3-19.el8_5.2 |
CVE-2021-35938 | twistlock_cve | Moderate | rpm-libs-4.14.3-19.el8_5.2 |
CVE-2021-35937 | twistlock_cve | Moderate | rpm-libs-4.14.3-19.el8_5.2 |
CVE-2021-35939 | twistlock_cve | Moderate | python3-rpm-4.14.3-19.el8_5.2 |
CVE-2021-35938 | twistlock_cve | Moderate | python3-rpm-4.14.3-19.el8_5.2 |
CVE-2021-35937 | twistlock_cve | Moderate | python3-rpm-4.14.3-19.el8_5.2 |
CVE-2021-35939 | anchore_cve | Medium | rpm-4.14.3-19.el8_5.2 |
CVE-2021-35938 | anchore_cve | Medium | rpm-build-libs-4.14.3-19.el8_5.2 |
CVE-2021-35937 | anchore_cve | Medium | rpm-build-libs-4.14.3-19.el8_5.2 |
CVE-2021-35939 | anchore_cve | Medium | python3-rpm-4.14.3-19.el8_5.2 |
CVE-2021-35939 | anchore_cve | Medium | rpm-build-libs-4.14.3-19.el8_5.2 |
CVE-2021-35937 | anchore_cve | Medium | python3-rpm-4.14.3-19.el8_5.2 |
CVE-2021-35937 | anchore_cve | Medium | rpm-libs-4.14.3-19.el8_5.2 |
CVE-2021-35938 | anchore_cve | Medium | rpm-libs-4.14.3-19.el8_5.2 |
CVE-2021-35937 | anchore_cve | Medium | rpm-4.14.3-19.el8_5.2 |
CVE-2021-35938 | anchore_cve | Medium | rpm-4.14.3-19.el8_5.2 |
CVE-2021-35938 | anchore_cve | Medium | python3-rpm-4.14.3-19.el8_5.2 |
CVE-2021-35939 | anchore_cve | Medium | rpm-libs-4.14.3-19.el8_5.2 |
CVE-2021-44569 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2021-44568 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2022-0391 | twistlock_cve | Moderate | python3-libs-3.6.8-41.el8 |
CVE-2022-0391 | twistlock_cve | Moderate | platform-python-3.6.8-41.el8 |
CVE-2021-44577 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2021-44576 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2021-44575 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2021-44573 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2021-44571 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2021-44574 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2022-24329 | twistlock_cve | Medium | kotlin-stdlib_kotlin-stdlib-1.4.32 |
CVE-2021-44570 | twistlock_cve | Moderate | libsolv-0.7.19-1.el8 |
CVE-2021-45346 | twistlock_cve | Low | sqlite-libs-3.26.0-15.el8 |
CVE-2022-0391 | anchore_cve | Medium | platform-python-3.6.8-41.el8 |
CVE-2022-0391 | anchore_cve | Medium | python3-libs-3.6.8-41.el8 |
CVE-2022-0235 | twistlock_cve | Moderate | python3-syspurpose-1.28.13-2.el8 |
CVE-2022-0235 | twistlock_cve | Moderate | python3-subscription-manager-rhsm-1.28.13-2.el8 |
CVE-2022-0235 | twistlock_cve | Moderate | dnf-plugin-subscription-manager-1.28.13-2.el8 |
CVE-2022-22824 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2022-22823 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2022-22822 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2022-22827 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2022-22826 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2022-22825 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2017-15412 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2016-5131 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2017-0663 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2021-46143 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2022-25314 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2017-9047 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2022-25313 | twistlock_cve | Moderate | expat-2.2.5-4.el8_5.3 |
CVE-2017-9050 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2017-9049 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2017-7375 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2016-4658 | twistlock_cve | Moderate | python3-libxml2-2.9.7-12.el8_5 |
CVE-2017-9048 | twistlock_cve | Low | python3-libxml2-2.9.7-12.el8_5 |
CVE-2017-18258 | twistlock_cve | Low | python3-libxml2-2.9.7-12.el8_5 |
CVE-2017-14501 | twistlock_cve | Low | libarchive-3.3.3-3.el8_5 |
CVE-2017-14166 | twistlock_cve | Low | libarchive-3.3.3-3.el8_5 |
CVE-2017-14166 | anchore_cve | Low | libarchive-3.3.3-3.el8_5 |
CVE-2017-14501 | anchore_cve | Low | libarchive-3.3.3-3.el8_5 |
CVE-2021-44568 | anchore_cve | Low | libsolv-0.7.19-1.el8 |
CVE-2022-25314 | anchore_cve | Medium | expat-2.2.5-4.el8_5.3 |
CVE-2022-25313 | anchore_cve | Medium | expat-2.2.5-4.el8_5.3 |
CVE-2021-43859 | twistlock_cve | High | com.thoughtworks.xstream_xstream-1.4.18 |
CVE-2021-44228 | twistlock_cve | Critical | org.apache.logging.log4j_log4j-core-2.14.0 |
CVE-2021-45046 | twistlock_cve | Critical | org.apache.logging.log4j_log4j-core-2.14.0 |
CVE-2022-25236 | twistlock_cve | Important | expat-2.2.5-4.el8_5.3 |
CVE-2022-25235 | twistlock_cve | Important | expat-2.2.5-4.el8_5.3 |
CVE-2021-44964 | twistlock_cve | Important | lua-libs-5.3.4-12.el8 |
CVE-2022-0778 | twistlock_cve | Important | openssl-libs-1.1.1k-5.el8_5 |
CVE-2022-0778 | twistlock_cve | Important | openssl-1.1.1k-5.el8_5 |
CVE-2020-36518 | twistlock_cve | High | com.fasterxml.jackson.core_jackson-databind-2.12.5 |
CVE-2020-36518 | twistlock_cve | High | com.fasterxml.jackson.core_jackson-databind-2.12.0 |
CVE-2020-36518 | twistlock_cve | High | com.fasterxml.jackson.core_jackson-databind-2.12.3 |
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/parasoft/parasoft/dtp/-/jobs/9126994
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official