chore(findings): radiantone/fid

Summary

radiantone/fid has 141 new findings discovered during continuous monitoring.

id	source	severity	package
e07d84b039b0e6fcea42fbda1d378647	Anchore Compliance	Critical
addbb93c22e9b0988b8b40392a4538cb	Anchore Compliance	Low
b18c88ddeab24abfb92ae2ccddb0b022	Anchore Compliance	Critical
CVE-2021-3997	Anchore CVE	Medium	systemd-pam-252-32.el9_4
CVE-2022-0391	Anchore CVE	Medium	python3-libs-3.9.18-3.el9
CVE-2024-2961	Anchore CVE	High	glibc-minimal-langpack-2.34-100.el9
CVE-2024-33600	Anchore CVE	Medium	glibc-langpack-en-2.34-100.el9
CVE-2024-33600	Anchore CVE	Medium	glibc-2.34-100.el9
CVE-2024-33602	Anchore CVE	Low	glibc-common-2.34-100.el9
CVE-2021-3997	Anchore CVE	Medium	systemd-rpm-macros-252-32.el9_4
CVE-2024-33601	Anchore CVE	Low	glibc-common-2.34-100.el9
CVE-2024-33602	Anchore CVE	Low	glibc-minimal-langpack-2.34-100.el9
CVE-2021-23336	Anchore CVE	Medium	python3-libs-3.9.18-3.el9
CVE-2022-47011	Anchore CVE	Low	gdb-gdbserver-10.2-13.el9
CVE-2021-3997	Anchore CVE	Medium	systemd-252-32.el9_4
CVE-2022-0391	Anchore CVE	Medium	python3-3.9.18-3.el9
CVE-2023-6597	Anchore CVE	High	python3-3.9.18-3.el9
CVE-2024-33601	Anchore CVE	Low	glibc-langpack-en-2.34-100.el9
CVE-2024-33600	Anchore CVE	Medium	glibc-common-2.34-100.el9
CVE-2024-2398	Anchore CVE	Medium	libcurl-minimal-7.76.1-29.el9_4
CVE-2022-47010	Anchore CVE	Low	gdb-gdbserver-10.2-13.el9
CVE-2024-0450	Anchore CVE	Medium	python3-3.9.18-3.el9
CVE-2024-33600	Anchore CVE	Medium	glibc-minimal-langpack-2.34-100.el9
CVE-2023-2953	Anchore CVE	Low	openldap-2.6.6-3.el9
CVE-2024-2511	Anchore CVE	Low	openssl-1:3.0.7-27.el9
CVE-2024-0450	Anchore CVE	Medium	python3-libs-3.9.18-3.el9
CVE-2021-23336	Anchore CVE	Medium	python3-3.9.18-3.el9
CVE-2024-33599	Anchore CVE	High	glibc-langpack-en-2.34-100.el9
CVE-2024-33601	Anchore CVE	Low	glibc-2.34-100.el9
CVE-2024-2961	Anchore CVE	High	glibc-langpack-en-2.34-100.el9
CVE-2024-33602	Anchore CVE	Low	glibc-2.34-100.el9
CVE-2024-33601	Anchore CVE	Low	glibc-minimal-langpack-2.34-100.el9
CVE-2023-2222	Anchore CVE	Low	gdb-gdbserver-10.2-13.el9
CVE-2024-2961	Anchore CVE	High	glibc-common-2.34-100.el9
CVE-2023-6597	Anchore CVE	High	python3-libs-3.9.18-3.el9
CVE-2021-3572	Anchore CVE	Low	python3-pip-wheel-21.2.3-8.el9
CVE-2021-3997	Anchore CVE	Medium	systemd-libs-252-32.el9_4
CVE-2024-33599	Anchore CVE	High	glibc-2.34-100.el9
CVE-2022-47007	Anchore CVE	Low	gdb-gdbserver-10.2-13.el9
CVE-2024-33599	Anchore CVE	High	glibc-minimal-langpack-2.34-100.el9
CVE-2024-33602	Anchore CVE	Low	glibc-langpack-en-2.34-100.el9
CVE-2024-2398	Anchore CVE	Medium	curl-minimal-7.76.1-29.el9_4
CVE-2024-33599	Anchore CVE	High	glibc-common-2.34-100.el9
CVE-2024-2511	Anchore CVE	Low	openssl-libs-1:3.0.7-27.el9
CVE-2024-2961	Anchore CVE	High	glibc-2.34-100.el9
CVE-2021-45941	Anchore CVE	Medium	libbpf-2:1.3.0-2.el9
CVE-2024-25062	Anchore CVE	Medium	libxml2-2.9.13-6.el9_4
CVE-2023-50495	Anchore CVE	Low	ncurses-libs-6.2-10.20210508.el9
CVE-2020-12413	Anchore CVE	Low	nss-util-3.90.0-7.el9_4
CVE-2023-36191	Anchore CVE	Low	sqlite-libs-3.34.1-7.el9_3
CVE-2022-41409	Anchore CVE	Low	pcre2-syntax-10.40-5.el9
CVE-2022-33070	Anchore CVE	Low	protobuf-c-1.3.3-13.el9
CVE-2020-12413	Anchore CVE	Low	nss-sysinit-3.90.0-7.el9_4
CVE-2023-36632	Anchore CVE	Medium	python3-libs-3.9.18-3.el9
CVE-2022-27943	Anchore CVE	Low	libgcc-11.4.1-3.el9
CVE-2022-29458	Anchore CVE	Low	ncurses-libs-6.2-10.20210508.el9
CVE-2020-12413	Anchore CVE	Low	nss-3.90.0-7.el9_4
CVE-2020-12413	Anchore CVE	Low	nspr-4.35.0-7.el9_4
CVE-2023-50495	Anchore CVE	Low	ncurses-base-6.2-10.20210508.el9
CVE-2024-25260	Anchore CVE	Low	elfutils-libs-0.190-2.el9
CVE-2023-36632	Anchore CVE	Medium	python3-3.9.18-3.el9
CVE-2022-41409	Anchore CVE	Low	pcre2-10.40-5.el9
CVE-2024-25260	Anchore CVE	Low	elfutils-default-yama-scope-0.190-2.el9
CVE-2022-27943	Anchore CVE	Low	libgomp-11.4.1-3.el9
CVE-2024-25260	Anchore CVE	Low	elfutils-libelf-0.190-2.el9
CVE-2023-39804	Anchore CVE	Low	tar-2:1.34-6.el9_1
CVE-2022-27943	Anchore CVE	Low	libstdc++-11.4.1-3.el9
CVE-2023-4156	Anchore CVE	Low	gawk-5.1.0-6.el9
CVE-2022-3219	Anchore CVE	Low	gnupg2-2.3.3-4.el9
CVE-2022-3606	Anchore CVE	Low	libbpf-2:1.3.0-2.el9
CVE-2020-12413	Anchore CVE	Low	nss-softokn-3.90.0-7.el9_4
CVE-2024-0232	Anchore CVE	Low	sqlite-libs-3.34.1-7.el9_3
CVE-2023-45803	Anchore CVE	Medium	python3-pip-wheel-21.2.3-8.el9
CVE-2023-45322	Anchore CVE	Low	libxml2-2.9.13-6.el9_4
CVE-2023-30571	Anchore CVE	Medium	libarchive-3.5.3-4.el9
CVE-2022-4899	Anchore CVE	Low	libzstd-1.5.1-2.el9
CVE-2020-12413	Anchore CVE	Low	nss-softokn-freebl-3.90.0-7.el9_4
CVE-2022-29458	Anchore CVE	Low	ncurses-base-6.2-10.20210508.el9
CVE-2005-2541	Anchore CVE	Medium	tar-2:1.34-6.el9_1
CVE-2021-45940	Anchore CVE	Low	libbpf-2:1.3.0-2.el9
CVE-2024-2961	Twistlock CVE	Critical	glibc-langpack-en-2.34-100.el9
CVE-2024-2961	Twistlock CVE	Critical	glibc-common-2.34-100.el9
CVE-2024-2961	Twistlock CVE	Critical	glibc-minimal-langpack-2.34-100.el9
CVE-2024-2961	Twistlock CVE	Critical	glibc-2.34-100.el9
CVE-2023-6597	Twistlock CVE	Critical	python3-libs-3.9.18-3.el9
CVE-2023-6597	Twistlock CVE	Critical	python3-3.9.18-3.el9
CVE-2024-33599	Twistlock CVE	Critical	glibc-2.34-100.el9
CVE-2024-33599	Twistlock CVE	Critical	glibc-common-2.34-100.el9
CVE-2024-33599	Twistlock CVE	Critical	glibc-minimal-langpack-2.34-100.el9
CVE-2024-33599	Twistlock CVE	Critical	glibc-langpack-en-2.34-100.el9
CVE-2024-2398	Twistlock CVE	Medium	libcurl-minimal-7.76.1-29.el9_4
CVE-2024-2398	Twistlock CVE	Medium	curl-minimal-7.76.1-29.el9_4
CVE-2024-0450	Twistlock CVE	Medium	python3-libs-3.9.18-3.el9
CVE-2024-0450	Twistlock CVE	Medium	python3-3.9.18-3.el9
CVE-2021-23336	Twistlock CVE	Medium	python3-3.9.18-3.el9
CVE-2021-23336	Twistlock CVE	Medium	python3-libs-3.9.18-3.el9
CVE-2021-3997	Twistlock CVE	Medium	systemd-252-32.el9_4
CVE-2021-3997	Twistlock CVE	Medium	systemd-rpm-macros-252-32.el9_4
CVE-2021-3997	Twistlock CVE	Medium	systemd-pam-252-32.el9_4
CVE-2021-3997	Twistlock CVE	Medium	systemd-libs-252-32.el9_4
CVE-2024-33600	Twistlock CVE	Medium	glibc-common-2.34-100.el9
CVE-2024-33600	Twistlock CVE	Medium	glibc-2.34-100.el9
CVE-2024-33600	Twistlock CVE	Medium	glibc-minimal-langpack-2.34-100.el9
CVE-2024-33600	Twistlock CVE	Medium	glibc-langpack-en-2.34-100.el9
CVE-2022-0391	Twistlock CVE	Medium	python3-3.9.18-3.el9
CVE-2022-0391	Twistlock CVE	Medium	python3-libs-3.9.18-3.el9
CVE-2021-45941	Twistlock CVE	Medium	libbpf-1.3.0-2.el9
CVE-2021-45940	Twistlock CVE	Medium	libbpf-1.3.0-2.el9
CVE-2023-45803	Twistlock CVE	Medium	python3-pip-wheel-21.2.3-8.el9
CVE-2024-29040	Twistlock CVE	Medium	tpm2-tss-3.2.2-2.el9
CVE-2023-2953	Twistlock CVE	Low	openldap-2.6.6-3.el9
CVE-2020-12413	Twistlock CVE	Low	nspr-4.35.0-7.el9_4
CVE-2020-12413	Twistlock CVE	Low	nss-softokn-freebl-3.90.0-7.el9_4
CVE-2020-12413	Twistlock CVE	Low	nss-3.90.0-7.el9_4
CVE-2020-12413	Twistlock CVE	Low	nss-util-3.90.0-7.el9_4
CVE-2020-12413	Twistlock CVE	Low	nss-sysinit-3.90.0-7.el9_4
CVE-2020-12413	Twistlock CVE	Low	nss-softokn-3.90.0-7.el9_4
CVE-2022-47011	Twistlock CVE	Low	gdb-gdbserver-10.2-13.el9
CVE-2022-47010	Twistlock CVE	Low	gdb-gdbserver-10.2-13.el9
CVE-2022-47007	Twistlock CVE	Low	gdb-gdbserver-10.2-13.el9
CVE-2022-27943	Twistlock CVE	Low	libgomp-11.4.1-3.el9
CVE-2022-27943	Twistlock CVE	Low	libgcc-11.4.1-3.el9
CVE-2022-27943	Twistlock CVE	Low	libstdc++-11.4.1-3.el9
CVE-2022-41409	Twistlock CVE	Low	pcre2-syntax-10.40-5.el9
CVE-2022-41409	Twistlock CVE	Low	pcre2-10.40-5.el9
CVE-2021-3572	Twistlock CVE	Low	python3-pip-wheel-21.2.3-8.el9
CVE-2022-3606	Twistlock CVE	Low	libbpf-1.3.0-2.el9
CVE-2024-33602	Twistlock CVE	Low	glibc-2.34-100.el9
CVE-2024-33602	Twistlock CVE	Low	glibc-common-2.34-100.el9
CVE-2024-33602	Twistlock CVE	Low	glibc-minimal-langpack-2.34-100.el9
CVE-2024-33602	Twistlock CVE	Low	glibc-langpack-en-2.34-100.el9
CVE-2024-33601	Twistlock CVE	Low	glibc-2.34-100.el9
CVE-2024-33601	Twistlock CVE	Low	glibc-minimal-langpack-2.34-100.el9
CVE-2024-33601	Twistlock CVE	Low	glibc-langpack-en-2.34-100.el9
CVE-2024-33601	Twistlock CVE	Low	glibc-common-2.34-100.el9
CVE-2024-25260	Twistlock CVE	Low	elfutils-libelf-0.190-2.el9
CVE-2024-25260	Twistlock CVE	Low	elfutils-default-yama-scope-0.190-2.el9
CVE-2024-25260	Twistlock CVE	Low	elfutils-libs-0.190-2.el9
CVE-2024-2511	Twistlock CVE	Low	openssl-3.0.7-27.el9
CVE-2024-2511	Twistlock CVE	Low	openssl-libs-3.0.7-27.el9
CVE-2024-25062	Twistlock CVE	Medium	libxml2-2.9.13-6.el9_4

VAT: https://vat.dso.mil/vat/image?imageName=radiantone/fid&tag=7.4.9&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=radiantone/fid&tag=7.4.9&branch=master

Tasks

Contributor:

Provide justifications for findings in the VAT (docs)
Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited May 07, 2024 by Anil K Sharma

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information