UNCLASSIFIED - NO CUI

Skip to content

chore(findings): rancher-federal/rke2/mirrored-sig-storage-snapshot-validation-webhook

Summary

rancher-federal/rke2/mirrored-sig-storage-snapshot-validation-webhook has 91 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=rancher-federal/rke2/mirrored-sig-storage-snapshot-validation-webhook&tag=v6.2.2&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2023-44487 Anchore CVE High stdlib-go1.19 0.94437 true
CVE-2023-45288 Anchore CVE High stdlib-go1.19 0.66635 false
CVE-2023-45288 Twistlock CVE Medium net/http-1.19 0.66635 false
CVE-2023-45288 Twistlock CVE Medium golang.org/x/net/http2-v0.8.0 0.66635 false
CVE-2024-24787 Anchore CVE Medium stdlib-go1.19 0.01583 false
CVE-2024-24784 Anchore CVE High stdlib-go1.19 0.01498 false
CVE-2023-24538 Anchore CVE Critical stdlib-go1.19 0.00646 false
CVE-2024-24791 Anchore CVE High stdlib-go1.19 0.00618 false
CVE-2024-24791 Twistlock CVE Low net/http-1.19 0.00618 false
CVE-2024-24783 Anchore CVE Medium stdlib-go1.19 0.00445 false
CVE-2024-24783 Twistlock CVE Low crypto/x509-1.19 0.00445 false
CVE-2022-41717 Anchore CVE Medium stdlib-go1.19 0.00413 false
CVE-2022-41717 Twistlock CVE Medium net/http-1.19 0.00413 false
CVE-2023-45289 Anchore CVE Medium stdlib-go1.19 0.00409 false
CVE-2023-45289 Twistlock CVE Low net/http-1.19 0.00409 false
CVE-2023-45290 Anchore CVE Medium stdlib-go1.19 0.00362 false
CVE-2023-45290 Twistlock CVE Low net/textproto-1.19 0.00362 false
CVE-2023-24531 Anchore CVE Critical stdlib-go1.19 0.00354 false
CVE-2023-29405 Anchore CVE Critical stdlib-go1.19 0.00326 false
CVE-2024-24785 Anchore CVE Medium stdlib-go1.19 0.00246 false
CVE-2023-24540 Anchore CVE Critical stdlib-go1.19 0.00243 false
CVE-2022-41723 Anchore CVE High stdlib-go1.19 0.00229 false
CVE-2022-41723 Twistlock CVE High net/http-1.19 0.00229 false
CVE-2024-45338 Anchore CVE Medium golang.org/x/net-v0.8.0 0.00189 false
CVE-2023-45287 Anchore CVE High stdlib-go1.19 0.00185 false
CVE-2023-45287 Twistlock CVE High crypto/tls-1.19 0.00185 false
CVE-2024-34156 Anchore CVE High stdlib-go1.19 0.00178 false
CVE-2023-29406 Anchore CVE Medium stdlib-go1.19 0.00155 false
CVE-2023-29406 Twistlock CVE Medium net/http-1.19 0.00155 false
CVE-2023-39325 Twistlock CVE High net/http-1.19 0.00150 false
CVE-2023-39325 Twistlock CVE High golang.org/x/net/http2-v0.8.0 0.00150 false
CVE-2022-32190 Anchore CVE High stdlib-go1.19 0.00143 false
CVE-2022-32190 Twistlock CVE High net/url-1.19 0.00143 false
CVE-2023-29402 Anchore CVE Critical stdlib-go1.19 0.00124 false
CVE-2024-34155 Anchore CVE Medium stdlib-go1.19 0.00115 false
CVE-2023-29409 Anchore CVE Medium stdlib-go1.19 0.00115 false
CVE-2023-29409 Twistlock CVE Medium crypto/tls-1.19 0.00115 false
CVE-2022-27664 Anchore CVE High stdlib-go1.19 0.00115 false
CVE-2022-27664 Twistlock CVE High net/http-1.19 0.00115 false
CVE-2024-24790 Anchore CVE Critical stdlib-go1.19 0.00090 false
CVE-2024-24790 Twistlock CVE Critical net/netip-1.19 0.00090 false
CVE-2023-29404 Anchore CVE Critical stdlib-go1.19 0.00083 false
CVE-2024-34158 Anchore CVE High stdlib-go1.19 0.00082 false
CVE-2023-24536 Anchore CVE High stdlib-go1.19 0.00066 false
CVE-2023-24536 Twistlock CVE High mime/multipart-1.19 0.00066 false
CVE-2023-24536 Twistlock CVE High net/textproto-1.19 0.00066 false
CVE-2023-24539 Anchore CVE High stdlib-go1.19 0.00065 false
CVE-2023-39319 Anchore CVE Medium stdlib-go1.19 0.00062 false
CVE-2023-39318 Anchore CVE Medium stdlib-go1.19 0.00062 false
CVE-2023-39323 Anchore CVE High stdlib-go1.19 0.00060 false
CVE-2023-45285 Anchore CVE High stdlib-go1.19 0.00055 false
CVE-2025-47907 Anchore CVE High stdlib-go1.19 0.00054 false
CVE-2022-41725 Anchore CVE High stdlib-go1.19 0.00051 false
CVE-2022-41725 Twistlock CVE High mime/multipart-1.19 0.00051 false
CVE-2023-39326 Anchore CVE Medium stdlib-go1.19 0.00049 false
CVE-2023-39326 Twistlock CVE Medium net/http/internal-1.19 0.00049 false
CVE-2023-29400 Anchore CVE High stdlib-go1.19 0.00048 false
CVE-2023-24534 Anchore CVE High stdlib-go1.19 0.00045 false
CVE-2023-24534 Twistlock CVE High net/textproto-1.19 0.00045 false
CVE-2024-45336 Anchore CVE Medium stdlib-go1.19 0.00041 false
CVE-2024-45336 Twistlock CVE Low net/http-1.19 0.00041 false
CVE-2024-45341 Anchore CVE Medium stdlib-go1.19 0.00032 false
CVE-2024-45341 Twistlock CVE Low crypto/x509-1.19 0.00032 false
CVE-2022-2880 Anchore CVE High stdlib-go1.19 0.00031 false
CVE-2023-24532 Anchore CVE Medium stdlib-go1.19 0.00024 false
CVE-2023-24532 Twistlock CVE Medium crypto/internal/nistec-1.19 0.00024 false
CVE-2023-24537 Anchore CVE High stdlib-go1.19 0.00020 false
CVE-2025-4673 Twistlock CVE Low net/http-1.19 0.00019 false
CVE-2025-4673 Anchore CVE Medium stdlib-go1.19 0.00019 false
CVE-2022-41724 Anchore CVE High stdlib-go1.19 0.00016 false
CVE-2022-41724 Twistlock CVE High crypto/tls-1.19 0.00016 false
CVE-2022-41715 Anchore CVE High stdlib-go1.19 0.00016 false
CVE-2022-41715 Twistlock CVE High regexp/syntax-1.19 0.00016 false
CVE-2022-2879 Anchore CVE High stdlib-go1.19 0.00016 false
CVE-2025-22871 Anchore CVE Critical stdlib-go1.19 0.00013 false
CVE-2025-22871 Twistlock CVE Low net/http/internal-1.19 0.00013 false
CVE-2025-22866 Anchore CVE Medium stdlib-go1.19 0.00012 false
CVE-2025-22866 Twistlock CVE Low crypto/internal/nistec-1.19 0.00012 false
CVE-2023-29403 Anchore CVE High stdlib-go1.19 0.00009 false
CVE-2023-29403 Twistlock CVE High runtime-1.19 0.00009 false
CVE-2025-4674 Anchore CVE High stdlib-go1.19 0.00006 false
CVE-2024-24789 Anchore CVE Medium stdlib-go1.19 0.00006 false
xccdf_org.ssgproject.content_rule_apt_sources_list_official OSCAP Compliance Low N/A N/A
GHSA-vvgc-356p-c3xw Anchore CVE Medium golang.org/x/net-v0.8.0 N/A N/A
GHSA-qxp5-gwg8-xv66 Anchore CVE Medium golang.org/x/net-v0.8.0 N/A N/A
GHSA-qppj-fm5r-hxr3 Anchore CVE Medium golang.org/x/net-v0.8.0 N/A N/A
GHSA-8r3f-844c-mc37 Anchore CVE Medium google.golang.org/protobuf-v1.28.1 N/A N/A
GHSA-6v2p-p543-phr9 Anchore CVE High golang.org/x/oauth2-v0.1.0 N/A N/A
GHSA-4v7x-pqxf-cx7m Anchore CVE Medium golang.org/x/net-v0.8.0 N/A N/A
GHSA-4374-p667-p6c8 Anchore CVE High golang.org/x/net-v0.8.0 N/A N/A
GHSA-2wrh-6pvc-2jm9 Anchore CVE Medium golang.org/x/net-v0.8.0 N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=rancher-federal/rke2/mirrored-sig-storage-snapshot-validation-webhook&tag=v6.2.2&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI