UNCLASSIFIED - NO CUI

chore(findings): rancher-federal/rke2/hardened-kubernetes

Summary

rancher-federal/rke2/hardened-kubernetes has 34 new findings discovered during continuous monitoring.

id source package
CVE-2021-22876 anchore_cve curl-7.61.1-18.el8
CVE-2021-27218 anchore_cve glib2-2.56.4-9.el8
CVE-2021-27219 anchore_cve glib2-2.56.4-9.el8
CVE-2021-28153 anchore_cve glib2-2.56.4-9.el8
CVE-2021-27645 anchore_cve glibc-2.28-151.el8
CVE-2021-27645 anchore_cve glibc-common-2.28-151.el8
CVE-2021-27645 anchore_cve glibc-langpack-en-2.28-151.el8
CVE-2021-27645 anchore_cve glibc-minimal-langpack-2.28-151.el8
CVE-2021-22876 anchore_cve libcurl-7.61.1-18.el8
CVE-2021-3445 anchore_cve libdnf-0.55.0-7.el8
CVE-2021-3516 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3517 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3518 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3537 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3541 anchore_cve libxml2-2.9.7-9.el8
CVE-2021-3426 anchore_cve platform-python-3.6.8-37.el8
CVE-2021-3426 anchore_cve python3-libs-3.6.8-37.el8
CVE-2021-20266 anchore_cve rpm-4.14.3-13.el8
CVE-2021-20271 anchore_cve rpm-4.14.3-13.el8
CVE-2021-3421 anchore_cve rpm-4.14.3-13.el8
CVE-2021-20266 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-20271 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2021-3421 anchore_cve rpm-libs-4.14.3-13.el8
CVE-2020-13435 anchore_cve sqlite-libs-3.26.0-13.el8
CVE-2021-22876 twistlock_cve curl-7.61.1-18.el8
CVE-2021-27218 twistlock_cve glib2-2.56.4-9.el8
CVE-2021-27219 twistlock_cve glib2-2.56.4-9.el8
CVE-2021-28153 twistlock_cve glib2-2.56.4-9.el8
CVE-2021-3445 twistlock_cve libdnf-0.55.0-7.el8
CVE-2021-3517 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-3518 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-3537 twistlock_cve libxml2-2.9.7-9.el8
CVE-2021-20266 twistlock_cve rpm-4.14.3-13.el8
CVE-2021-3421 twistlock_cve rpm-4.14.3-13.el8

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/rancher-federal/rke2/hardened-kubernetes/-/jobs/3485471

Definition of Done

Justifications:

  • All findings have been justified
  • Justifications have been provided to the container hardening team

Approval Process:

  • Findings Approver has reviewed and approved all justifications
  • Approval request has been sent to Authorizing Official
  • Approval request has been processed by Authorizing Official

UNCLASSIFIED - NO CUI