UNCLASSIFIED - NO CUI

Skip to content

chore(findings): radiantone/fid

Summary

radiantone/fid has 86 new findings discovered during continuous monitoring.

id source severity package
b18c88ddeab24abfb92ae2ccddb0b022 Anchore Compliance Critical
CVE-2023-2602 Anchore CVE Low libcap-2.48-8.el9
CVE-2023-2953 Anchore CVE Low openldap-compat-2.6.2-3.el9
CVE-2023-2953 Anchore CVE Low openldap-2.6.2-3.el9
CVE-2023-2603 Anchore CVE Medium libcap-2.48-8.el9
CVE-2023-32665 Anchore CVE Low glib2-2.68.4-6.el9
CVE-2023-32611 Anchore CVE Low glib2-2.68.4-6.el9
CVE-2023-32636 Anchore CVE Low glib2-2.68.4-6.el9
CVE-2023-29499 Anchore CVE Low glib2-2.68.4-6.el9
CVE-2022-0391 Anchore CVE Medium python3-3.9.16-1.el9_2.1
CVE-2022-0391 Anchore CVE Medium python3-libs-3.9.16-1.el9_2.1
CVE-2007-4559 Anchore CVE Medium python3-libs-3.9.16-1.el9_2.1
CVE-2021-23336 Anchore CVE Medium python3-libs-3.9.16-1.el9_2.1
CVE-2023-27043 Anchore CVE Medium python3-libs-3.9.16-1.el9_2.1
CVE-2023-27043 Anchore CVE Medium python3-3.9.16-1.el9_2.1
CVE-2021-23336 Anchore CVE Medium python3-3.9.16-1.el9_2.1
CVE-2007-4559 Anchore CVE Medium python3-3.9.16-1.el9_2.1
CVE-2023-27536 Anchore CVE Medium libcurl-minimal-7.76.1-23.el9_2.2
CVE-2023-27538 Anchore CVE Low curl-minimal-7.76.1-23.el9_2.2
CVE-2023-27533 Anchore CVE Low libcurl-minimal-7.76.1-23.el9_2.2
CVE-2021-3997 Anchore CVE Medium systemd-pam-252-14.el9_2.3
CVE-2023-27533 Anchore CVE Low curl-minimal-7.76.1-23.el9_2.2
CVE-2021-3997 Anchore CVE Medium systemd-rpm-macros-252-14.el9_2.3
CVE-2023-27538 Anchore CVE Low libcurl-minimal-7.76.1-23.el9_2.2
CVE-2021-3997 Anchore CVE Medium systemd-252-14.el9_2.3
CVE-2023-27534 Anchore CVE Low curl-minimal-7.76.1-23.el9_2.2
CVE-2023-27536 Anchore CVE Medium curl-minimal-7.76.1-23.el9_2.2
CVE-2023-27534 Anchore CVE Low libcurl-minimal-7.76.1-23.el9_2.2
CVE-2021-3997 Anchore CVE Medium systemd-libs-252-14.el9_2.3
CVE-2021-32256 Anchore CVE Medium gdb-gdbserver-10.2-10.el9
CVE-2023-0687 Anchore CVE Medium glibc-common-2.34-60.el9
CVE-2023-3446 Anchore CVE Low openssl-libs-1:3.0.7-17.el9_2
CVE-2023-2975 Anchore CVE Low openssl-1:3.0.7-17.el9_2
CVE-2023-39130 Anchore CVE Medium gdb-gdbserver-10.2-10.el9
CVE-2021-23840 Anchore CVE Medium openssl-1:3.0.7-17.el9_2
CVE-2021-22925 Anchore CVE Low libcurl-minimal-7.76.1-23.el9_2.2
CVE-2023-0687 Anchore CVE Medium glibc-langpack-en-2.34-60.el9
CVE-2021-23840 Anchore CVE Medium openssl-libs-1:3.0.7-17.el9_2
CVE-2023-3446 Anchore CVE Low openssl-1:3.0.7-17.el9_2
CVE-2021-22925 Anchore CVE Low curl-minimal-7.76.1-23.el9_2.2
CVE-2023-39129 Anchore CVE Medium gdb-gdbserver-10.2-10.el9
CVE-2023-3817 Anchore CVE Low openssl-libs-1:3.0.7-17.el9_2
CVE-2021-44568 Anchore CVE Low libsolv-0.7.22-4.el9
CVE-2023-4156 Anchore CVE Low gawk-5.1.0-6.el9
CVE-2023-0687 Anchore CVE Medium glibc-2.34-60.el9
CVE-2023-28320 Anchore CVE Low curl-minimal-7.76.1-23.el9_2.2
CVE-2023-0687 Anchore CVE Medium glibc-minimal-langpack-2.34-60.el9
CVE-2023-2975 Anchore CVE Low openssl-libs-1:3.0.7-17.el9_2
CVE-2023-39128 Anchore CVE Medium gdb-gdbserver-10.2-10.el9
CVE-2023-28320 Anchore CVE Low libcurl-minimal-7.76.1-23.el9_2.2
CVE-2023-3817 Anchore CVE Low openssl-1:3.0.7-17.el9_2
CVE-2023-39975 Anchore CVE Medium krb5-libs-1.20.1-9.el9_2
CVE-2023-36054 Anchore CVE Medium krb5-libs-1.20.1-9.el9_2
CVE-2022-35205 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-47673 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-45703 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2020-19724 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-47695 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-44840 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-47010 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2021-46174 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-47007 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-47696 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-47008 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-48064 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2020-19726 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2020-35342 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-35206 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-48065 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-47011 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2022-48063 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2020-21490 Anchore CVE Low gdb-gdbserver-10.2-10.el9
CVE-2020-19190 Anchore CVE Medium ncurses-base-6.2-8.20210508.el9
CVE-2020-19186 Anchore CVE Medium ncurses-libs-6.2-8.20210508.el9
CVE-2020-19186 Anchore CVE Medium ncurses-base-6.2-8.20210508.el9
CVE-2020-19189 Anchore CVE Medium ncurses-libs-6.2-8.20210508.el9
CVE-2020-19185 Anchore CVE Medium ncurses-base-6.2-8.20210508.el9
CVE-2020-19188 Anchore CVE Medium ncurses-base-6.2-8.20210508.el9
CVE-2020-19185 Anchore CVE Medium ncurses-libs-6.2-8.20210508.el9
CVE-2020-19188 Anchore CVE Medium ncurses-libs-6.2-8.20210508.el9
CVE-2020-19187 Anchore CVE Medium ncurses-libs-6.2-8.20210508.el9
CVE-2020-19190 Anchore CVE Medium ncurses-libs-6.2-8.20210508.el9
CVE-2020-19189 Anchore CVE Medium ncurses-base-6.2-8.20210508.el9
CVE-2020-22916 Anchore CVE Low xz-libs-5.2.5-8.el9_0
CVE-2020-19187 Anchore CVE Medium ncurses-base-6.2-8.20210508.el9
CVE-2022-48564 Twistlock CVE Medium python-3.9.16

VAT: https://vat.dso.mil/vat/image?imageName=radiantone/fid&tag=7.4.6&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/radiantone/fid/fid-7.4/-/jobs/22524467

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Verification" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI