chore(findings): rancher-federal/rke2/klipper-helm-1.20.8
Summary
rancher-federal/rke2/klipper-helm-1.20.8 has 206 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
639f6f1177735759703e928c14714a59 | Anchore Compliance | Low | |
c2e44319ae5b3b040044d8ae116d1c2f | Anchore Compliance | Low | |
698044205a9c4a6d48b7937e66a6bf4f | Anchore Compliance | Low | |
463a9a24225c26f7a5bf3f38908e5cb3 | Anchore Compliance | Low | |
320a97c6816565eedf3545833df99dd0 | Anchore Compliance | Low | |
e7573262736ef52353cde3bae2617782 | Anchore Compliance | Low | |
addbb93c22e9b0988b8b40392a4538cb | Anchore Compliance | Low | |
dd33f9ae335b0724372e0508851608ba | Anchore Compliance | Critical | |
3e5fad1c039f3ecfd1dcdc94d2f1f9a0 | Anchore Compliance | Low | |
abb121e9621abdd452f65844954cf1c1 | Anchore Compliance | Low | |
34de21e516c0ca50a96e5386f163f8bf | Anchore Compliance | Low | |
4275b86cdd807f8a0b67a41e50297545 | Anchore Compliance | Low | |
93c60e5171cba2c7c2390969d7d66a4a | Anchore Compliance | Low | |
2a04758a22812002f2f2705efc80b7d3 | Anchore Compliance | Low | |
026018dbbafe4882d50af4cd53c32fad | Anchore Compliance | Low | |
930ca153741e4689164b3b5c5fc23988 | Anchore Compliance | Low | |
GHSA-v95c-p5hm-xq8f | Anchore CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-5ffw-gxpp-mxpf | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
GHSA-gp4j-w3vj-7299 | Anchore CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-g2j6-57v7-gm8c | Anchore CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-qq97-vm5h-rrhg | Anchore CVE | Low | github.com/docker/distribution-v0.0.0-20191216044856-a8371794149d |
GHSA-rc4r-wh2q-q6c4 | Anchore CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
GHSA-fh74-hm69-rqjw | Anchore CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-4374-p667-p6c8 | Anchore CVE | High | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
GHSA-m8cg-xc2p-r3fc | Anchore CVE | Low | github.com/opencontainers/runc-v0.1.1 |
GHSA-c72p-9xmj-rx3w | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
GHSA-8c26-wmh5-6g9v | Anchore CVE | High | golang.org/x/crypto-v0.0.0-20201221181555-eec23a3978ad |
GHSA-6635-c626-vj4r | Anchore CVE | Critical | github.com/Masterminds/vcs-v1.13.1 |
GHSA-crp2-qrr5-8pq7 | Anchore CVE | High | github.com/containerd/containerd-v1.4.3 |
GHSA-259w-8hf6-59c2 | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
GHSA-ppp9-7jff-5vj2 | Anchore CVE | High | golang.org/x/text-v0.3.4 |
GHSA-2wrh-6pvc-2jm9 | Anchore CVE | Medium | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
GHSA-gwc9-m7rh-j2ww | Anchore CVE | High | golang.org/x/crypto-v0.0.0-20201221181555-eec23a3978ad |
GHSA-77vh-xpmg-72qh | Anchore CVE | Low | github.com/opencontainers/image-spec-v1.0.1 |
GHSA-vp35-85q5-9f25 | Anchore CVE | Low | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
GHSA-69ch-w2m2-3vjp | Anchore CVE | High | golang.org/x/text-v0.3.4 |
GHSA-c2h3-6mxw-7mvq | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
GHSA-p782-xgp4-8hr8 | Anchore CVE | Medium | golang.org/x/sys-v0.0.0-20210124154548-22da62e12c0c |
GHSA-g54h-m393-cpwq | Anchore CVE | Low | github.com/opencontainers/runc-v0.1.1 |
GHSA-6xv5-86q9-7xr8 | Anchore CVE | Medium | github.com/cyphar/filepath-securejoin-v0.2.2 |
GHSA-h86h-8ppg-mxmh | Anchore CVE | Medium | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
GHSA-69cg-p879-7622 | Anchore CVE | High | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
GHSA-c3xm-pvg7-gh7r | Anchore CVE | High | github.com/opencontainers/runc-v0.1.1 |
GHSA-hqxw-f8mx-cpmw | Anchore CVE | High | github.com/docker/distribution-v0.0.0-20191216044856-a8371794149d |
GHSA-vvpx-j8f3-3w6h | Anchore CVE | High | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
GHSA-2qjp-425j-52j9 | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
GHSA-83g2-8m93-v3w7 | Anchore CVE | High | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
GHSA-qppj-fm5r-hxr3 | Anchore CVE | Medium | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
GHSA-5j5w-g665-5m35 | Anchore CVE | Low | github.com/containerd/containerd-v1.4.3 |
GHSA-fgv8-vj5c-2ppq | Anchore CVE | High | github.com/opencontainers/runc-v0.1.1 |
GHSA-hmfx-3pcx-653p | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
GHSA-r48q-9g5r-8q2h | Anchore CVE | Critical | github.com/emicklei/go-restful-v2.9.5+incompatible |
GHSA-cg3q-j54f-5p7p | Anchore CVE | High | github.com/prometheus/client_golang-v1.7.1 |
GHSA-h62f-wm92-2cmw | Anchore CVE | High | github.com/docker/distribution-v0.0.0-20191216044856-a8371794149d |
GHSA-c3h9-896r-86jm | Anchore CVE | High | github.com/gogo/protobuf-v1.3.1 |
GHSA-f3fp-gc8g-vw66 | Anchore CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
GHSA-m425-mq94-257g | Anchore CVE | High | google.golang.org/grpc-v1.27.1 |
GHSA-qppj-fm5r-hxr3 | Anchore CVE | Medium | google.golang.org/grpc-v1.27.1 |
CVE-2022-48338 | Anchore CVE | Medium | emacs-filesystem-1:26.1-11.el8 |
GHSA-45x7-px36-x8w8 | Anchore CVE | Medium | golang.org/x/crypto-v0.0.0-20201221181555-eec23a3978ad |
GHSA-7ww5-4wqc-m92c | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
CVE-2024-22365 | Anchore CVE | Medium | pam-1.3.1-27.el8 |
CVE-2020-15778 | Anchore CVE | Medium | openssh-8.0p1-19.el8_9.2 |
CVE-2020-15778 | Anchore CVE | Medium | openssh-clients-8.0p1-19.el8_9.2 |
GHSA-6g2q-w5j3-fwh4 | Anchore CVE | Medium | github.com/containerd/containerd-v1.4.3 |
GHSA-3fwx-pjgw-3558 | Anchore CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
GHSA-6hwg-w5jg-9c6x | Anchore CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
GHSA-6fj5-m822-rqx8 | Anchore CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
GHSA-7452-xqpj-6rpc | Anchore CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
CVE-2019-19246 | Anchore CVE | Low | oniguruma-6.8.2-2.1.el8_9 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.25.0 |
CVE-2023-31486 | Anchore CVE | Medium | perl-HTTP-Tiny-0.074-2.el8_9.1 |
CVE-2024-2511 | Anchore CVE | Low | openssl-1:1.1.1k-12.el8_9 |
CVE-2024-32487 | Anchore CVE | High | less-530-2.el8_9 |
CVE-2024-2961 | Anchore CVE | High | glibc-minimal-langpack-2.28-236.el8_9.12 |
GHSA-4v7x-pqxf-cx7m | Anchore CVE | Medium | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
CVE-2024-2961 | Anchore CVE | High | glibc-2.28-236.el8_9.12 |
CVE-2024-2961 | Anchore CVE | High | glibc-common-2.28-236.el8_9.12 |
GHSA-2mm7-x5h6-5pvq | Anchore CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118+incompatible |
CVE-2024-33600 | Anchore CVE | Medium | glibc-minimal-langpack-2.28-236.el8_9.12 |
CVE-2024-33600 | Anchore CVE | Medium | glibc-common-2.28-236.el8_9.12 |
CVE-2024-33602 | Anchore CVE | Low | glibc-common-2.28-236.el8_9.12 |
CVE-2024-33600 | Anchore CVE | Medium | glibc-2.28-236.el8_9.12 |
GHSA-c5pj-mqfh-rvc3 | Anchore CVE | High | github.com/opencontainers/runc-v0.1.1 |
CVE-2024-33599 | Anchore CVE | High | glibc-2.28-236.el8_9.12 |
CVE-2023-2953 | Anchore CVE | Low | openldap-2.4.46-18.el8 |
CVE-2024-33599 | Anchore CVE | High | glibc-minimal-langpack-2.28-236.el8_9.12 |
CVE-2024-33601 | Anchore CVE | Low | glibc-common-2.28-236.el8_9.12 |
CVE-2024-33601 | Anchore CVE | Low | glibc-minimal-langpack-2.28-236.el8_9.12 |
CVE-2024-33601 | Anchore CVE | Low | glibc-2.28-236.el8_9.12 |
CVE-2024-33602 | Anchore CVE | Low | glibc-minimal-langpack-2.28-236.el8_9.12 |
CVE-2024-33602 | Anchore CVE | Low | glibc-2.28-236.el8_9.12 |
CVE-2024-33599 | Anchore CVE | High | glibc-common-2.28-236.el8_9.12 |
CCE-80954-1 | OSCAP Compliance | Medium | |
CCE-85987-6 | OSCAP Compliance | Medium | |
CCE-84037-1 | OSCAP Compliance | Medium | |
CCE-80647-1 | OSCAP Compliance | Medium | |
CCE-80648-9 | OSCAP Compliance | Medium | |
CCE-80653-9 | OSCAP Compliance | Medium | |
CCE-86233-4 | OSCAP Compliance | Medium | |
CCE-80654-7 | OSCAP Compliance | Medium | |
CCE-80655-4 | OSCAP Compliance | Medium | |
CCE-81034-1 | OSCAP Compliance | Medium | |
CCE-82066-2 | OSCAP Compliance | Medium | |
CCE-82046-4 | OSCAP Compliance | Medium | |
CCE-80656-2 | OSCAP Compliance | Medium | |
CCE-80663-8 | OSCAP Compliance | Medium | |
CCE-83478-8 | OSCAP Compliance | Medium | |
CCE-83480-4 | OSCAP Compliance | Medium | |
CCE-80665-3 | OSCAP Compliance | Medium | |
CCE-80667-9 | OSCAP Compliance | Medium | |
CCE-80668-7 | OSCAP Compliance | Medium | |
CCE-86067-6 | OSCAP Compliance | Medium | |
CCE-80669-5 | OSCAP Compliance | Medium | |
CCE-87096-4 | OSCAP Compliance | Medium | |
CCE-80670-3 | OSCAP Compliance | Medium | |
CCE-82888-9 | OSCAP Compliance | Medium | |
CCE-86519-6 | OSCAP Compliance | Medium | |
CCE-80806-3 | OSCAP Compliance | Medium | |
CCE-80652-1 | OSCAP Compliance | Medium | |
CCE-80841-0 | OSCAP Compliance | High | |
CVE-2022-21235 | Twistlock CVE | Critical | github.com/Masterminds/vcs-v1.13.1 |
CVE-2022-1996 | Twistlock CVE | Critical | github.com/emicklei/go-restful-v2.9.5 |
CVE-2021-30465 | Twistlock CVE | High | github.com/opencontainers/runc-v0.1.1 |
CVE-2022-41716 | Twistlock CVE | High | go-1.14.10 |
CVE-2022-41716 | Twistlock CVE | High | go-1.14.10 |
CVE-2022-41716 | Twistlock CVE | High | go-1.15.11 |
CVE-2022-23806 | Twistlock CVE | High | go-1.14.10 |
CVE-2022-23806 | Twistlock CVE | High | go-1.14.10 |
CVE-2022-23806 | Twistlock CVE | High | go-1.15.11 |
CVE-2022-23648 | Twistlock CVE | High | github.com/containerd/containerd-v1.4.3 |
CVE-2022-21698 | Twistlock CVE | High | github.com/prometheus/client_golang/prometheus/promhttp-v1.7.1 |
CVE-2023-44487 | Twistlock CVE | High | google.golang.org/grpc-v1.27.1 |
CVE-2020-15778 | Twistlock CVE | Medium | openssh-clients-8.0p1-19.el8_9.2 |
CVE-2020-15778 | Twistlock CVE | Medium | openssh-8.0p1-19.el8_9.2 |
CVE-2021-40330 | Twistlock CVE | Medium | perl-Git-2.39.3-1.el8_8 |
CVE-2021-40330 | Twistlock CVE | Medium | git-core-2.39.3-1.el8_8 |
CVE-2021-40330 | Twistlock CVE | Medium | git-2.39.3-1.el8_8 |
CVE-2022-48338 | Twistlock CVE | Medium | emacs-filesystem-26.1-11.el8 |
CVE-2023-51767 | Twistlock CVE | Medium | openssh-clients-8.0p1-19.el8_9.2 |
CVE-2023-51767 | Twistlock CVE | Medium | openssh-8.0p1-19.el8_9.2 |
CVE-2021-21284 | Twistlock CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118 |
CVE-2021-21285 | Twistlock CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118 |
CVE-2016-9962 | Twistlock CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
CVE-2021-21334 | Twistlock CVE | Medium | github.com/containerd/containerd-v1.4.3 |
PRISMA-2023-0056 | Twistlock CVE | Medium | github.com/sirupsen/logrus-v1.7.0 |
CVE-2023-28642 | Twistlock CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
CVE-2022-29162 | Twistlock CVE | Medium | github.com/opencontainers/runc-v0.1.1 |
CVE-2021-41103 | Twistlock CVE | Medium | github.com/containerd/containerd-v1.4.3 |
CVE-2021-41091 | Twistlock CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118 |
CVE-2022-23471 | Twistlock CVE | Medium | github.com/containerd/containerd-v1.4.3 |
CVE-2024-22365 | Twistlock CVE | Medium | pam-1.3.1-27.el8 |
CVE-2022-31030 | Twistlock CVE | Medium | github.com/containerd/containerd-v1.4.3 |
CVE-2021-41092 | Twistlock CVE | Medium | github.com/docker/cli-v20.10.3 |
CVE-2021-32760 | Twistlock CVE | Medium | github.com/containerd/containerd-v1.4.3 |
CVE-2018-1000021 | Twistlock CVE | Medium | perl-Git-2.39.3-1.el8_8 |
CVE-2018-1000021 | Twistlock CVE | Medium | git-core-2.39.3-1.el8_8 |
CVE-2018-1000021 | Twistlock CVE | Medium | git-2.39.3-1.el8_8 |
PRISMA-2022-0090 | Twistlock CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118 |
PRISMA-2022-0089 | Twistlock CVE | Medium | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118 |
GO-2023-2048 | Twistlock CVE | Medium | github.com/cyphar/filepath-securejoin-v0.2.2 |
CVE-2023-50495 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2023-2650 | Twistlock CVE | Low | openssl-1.1.1k-12.el8_9 |
CVE-2020-19190 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2020-19189 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2020-19188 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2020-19187 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2020-19186 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2020-19185 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2023-0464 | Twistlock CVE | Low | openssl-1.1.1k-12.el8_9 |
CVE-2016-20012 | Twistlock CVE | Low | openssh-8.0p1-19.el8_9.2 |
CVE-2016-20012 | Twistlock CVE | Low | openssh-clients-8.0p1-19.el8_9.2 |
CVE-2024-0727 | Twistlock CVE | Low | openssl-1.1.1k-12.el8_9 |
CVE-2021-39537 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2023-0466 | Twistlock CVE | Low | openssl-1.1.1k-12.el8_9 |
CVE-2023-0465 | Twistlock CVE | Low | openssl-1.1.1k-12.el8_9 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-8.0p1-19.el8_9.2 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-clients-8.0p1-19.el8_9.2 |
CVE-2019-19246 | Twistlock CVE | Low | oniguruma-6.8.2-2.1.el8_9 |
CVE-2018-19217 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2018-19211 | Twistlock CVE | Low | ncurses-6.1-10.20180224.el8 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-clients-8.0p1-19.el8_9.2 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-8.0p1-19.el8_9.2 |
GHSA-77vh-xpmg-72qh | Twistlock CVE | Low | github.com/opencontainers/image-spec-v1.0.1 |
GHSA-5j5w-g665-5m35 | Twistlock CVE | Low | github.com/containerd/containerd-v1.4.3 |
CVE-2016-4074 | Twistlock CVE | Low | jq-1.6-7.el8 |
CVE-2023-25809 | Twistlock CVE | Low | github.com/opencontainers/runc-v0.1.1 |
GHSA-vp35-85q5-9f25 | Twistlock CVE | Low | github.com/moby/moby-v17.12.0-ce-rc1.0.20200618181300-9dc6525e6118 |
GHSA-g54h-m393-cpwq | Twistlock CVE | Low | github.com/opencontainers/runc-v0.1.1 |
CVE-2023-39325 | Twistlock CVE | High | golang.org/x/net/http2-v0.0.0-20201110031124-69a78807bb2b |
CVE-2022-41723 | Twistlock CVE | High | golang.org/x/net/http2-v0.0.0-20201110031124-69a78807bb2b |
CVE-2022-27664 | Twistlock CVE | High | golang.org/x/net/http2-v0.0.0-20201110031124-69a78807bb2b |
CVE-2021-44716 | Twistlock CVE | High | golang.org/x/net/http2-v0.0.0-20201110031124-69a78807bb2b |
CVE-2023-44487 | Twistlock CVE | High | golang.org/x/net-v0.0.0-20201110031124-69a78807bb2b |
CVE-2021-31525 | Twistlock CVE | Medium | golang.org/x/net/http/httpguts-v0.0.0-20201110031124-69a78807bb2b |
CVE-2022-41717 | Twistlock CVE | Medium | golang.org/x/net/http2-v0.0.0-20201110031124-69a78807bb2b |
CVE-2022-29526 | Twistlock CVE | Medium | golang.org/x/sys/unix-v0.0.0-20210124154548-22da62e12c0c |
GO-2022-0379 | Twistlock CVE | Low | github.com/docker/distribution-v0.0.0-20191216044856-a8371794149d |
CVE-2022-23990 | Twistlock CVE | Medium | expat-2.2.5-11.el8_9.1 |
CVE-2023-52426 | Twistlock CVE | Medium | expat-2.2.5-11.el8_9.1 |
CVE-2023-45288 | Twistlock CVE | Medium | golang.org/x/net/http2-v0.0.0-20201110031124-69a78807bb2b |
CVE-2024-2511 | Twistlock CVE | Low | openssl-1.1.1k-12.el8_9 |
CVE-2024-32487 | Twistlock CVE | Critical | less-530-2.el8_9 |
CVE-2024-2961 | Twistlock CVE | Critical | glibc-2.28-236.el8_9.12 |
CVE-2024-2961 | Twistlock CVE | Critical | glibc-minimal-langpack-2.28-236.el8_9.12 |
CVE-2024-2961 | Twistlock CVE | Critical | glibc-common-2.28-236.el8_9.12 |
VAT: https://vat.dso.mil/vat/image?imageName=rancher-federal/rke2/klipper-helm-1.20.8&tag=v0.5.0-build20210505&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=rancher-federal/rke2/klipper-helm-1.20.8&tag=v0.5.0-build20210505&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.