chore(findings): rapidfort/iso-master-exe (#30) · Issues · Iron Bank Containers / RapidFort / Iso-Master

chore(findings): rapidfort/iso-master-exe

## Summary rapidfort/iso-master-exe has 46 new findings discovered during continuous monitoring. More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=rapidfort/iso-master-exe&tag=1.1.770-rfhardened&branch=master EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild. KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA. id | source | severity | package | impact | workaround | epss_score | kev -- | ------ | -------- | ------- | ------ | ---------- | ---------- | --- CVE-2022-4899 | Anchore CVE | Low | libzstd-1.5.5+dfsg2-2build1.1 | | | 0.01588 | false CVE-2026-7210 | Anchore CVE | High | python-3.13.13 | | | 0.00790 | false CVE-2026-3805 | Anchore CVE | High | curl-8.18.0 | | | 0.00715 | false CVE-2026-7774 | Anchore CVE | Medium | python-3.13.13 | | | 0.00606 | false CVE-2026-6100 | Anchore CVE | Critical | python-3.13.13 | | | 0.00517 | false CVE-2026-6253 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00516 | false CVE-2026-3276 | Anchore CVE | Medium | python-3.13.13 | | | 0.00475 | false CVE-2026-1502 | Anchore CVE | Medium | python-3.13.13 | | | 0.00474 | false CVE-2026-5773 | Anchore CVE | High | curl-8.18.0 | | | 0.00443 | false CVE-2026-8328 | Anchore CVE | Medium | python-3.13.13 | | | 0.00401 | false CVE-2026-7168 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00394 | false CVE-2026-9669 | Anchore CVE | High | python-3.13.13 | | | 0.00375 | false CVE-2026-3298 | Anchore CVE | High | python-3.13.13 | | | 0.00374 | false CVE-2026-6429 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00372 | false CVE-2026-44432 | Twistlock CVE | High | urllib3-2.6.3 | | | 0.00367 | false CVE-2026-5545 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00363 | false CVE-2026-3783 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00333 | false CVE-2025-26519 | Anchore CVE | Medium | musl-1.2.4-2 | | | 0.00327 | false CVE-2025-15367 | Anchore CVE | Medium | python-3.13.13 | | | 0.00315 | false CVE-2025-15366 | Anchore CVE | Medium | python-3.13.13 | | | 0.00315 | false CVE-2026-3784 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00291 | false CVE-2026-7009 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00267 | false CVE-2026-6276 | Anchore CVE | High | curl-8.18.0 | | | 0.00264 | false CVE-2026-4873 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00263 | false CVE-2026-44431 | Twistlock CVE | Medium | urllib3-2.6.3 | | | 0.00260 | false CVE-2026-1965 | Anchore CVE | Medium | curl-8.18.0 | | | 0.00259 | false CVE-2026-6019 | Anchore CVE | Medium | python-3.13.13 | | | 0.00229 | false CVE-2026-6042 | Anchore CVE | Medium | musl-1.2.4-2 | | | 0.00227 | false CVE-2026-4786 | Anchore CVE | High | python-3.13.13 | | | 0.00209 | false CVE-2026-12003 | Anchore CVE | Medium | python-3.13.13 | | | 0.00136 | false CVE-2026-40200 | Anchore CVE | Medium | musl-1.2.4-2 | | | 0.00128 | false CVE-2026-49855 | Twistlock CVE | High | tornado-6.5.5 | | | N/A | false CVE-2026-49854 | Twistlock CVE | Low | tornado-6.5.5 | | | N/A | false CVE-2026-49853 | Twistlock CVE | High | tornado-6.5.5 | | | N/A | false xccdf_org.ssgproject.content_rule_permissions_local_var_log | OSCAP Compliance | Medium | | | | N/A | N/A xccdf_org.ssgproject.content_rule_package_apparmor_installed | OSCAP Compliance | Medium | | | | N/A | N/A xccdf_org.ssgproject.content_rule_encrypt_partitions | OSCAP Compliance | High | | | | N/A | N/A xccdf_org.ssgproject.content_rule_clean_components_post_updating | OSCAP Compliance | Low | | | | N/A | N/A xccdf_org.ssgproject.content_rule_apparmor_configured | OSCAP Compliance | Medium | | | | N/A | N/A GHSA-qccp-gfcp-xxvc | Anchore CVE | High | urllib3-2.6.3 | | | N/A | N/A GHSA-pw6j-qg29-8w7f | Twistlock CVE | Medium | tornado-6.5.5 | | | N/A | N/A GHSA-pw6j-qg29-8w7f | Anchore CVE | Medium | tornado-6.5.5 | | | N/A | N/A GHSA-mgf9-4vpg-hj56 | Anchore CVE | High | tornado-6.5.5 | | | N/A | N/A GHSA-mf9v-mfxr-j63j | Anchore CVE | High | urllib3-2.6.3 | | | N/A | N/A GHSA-cx3h-4qpv-8hc9 | Anchore CVE | Low | tornado-6.5.5 | | | N/A | N/A GHSA-3x9g-8vmp-wqvf | Anchore CVE | High | tornado-6.5.5 | | | N/A | N/A More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=rapidfort/iso-master-exe&tag=1.1.770-rfhardened&branch=master ## Tasks Contributor: - [ ] Apply the ~"Status::Review" label to this issue for a `merge request review` and wait for feedback OR - [ ] Provide justifications for findings in the [VAT](https://vat.dso.mil) ([docs](https://docs-ironbank.dso.mil/hardening/justifications/)) - [ ] Apply the ~"Status::Verification" label to this issue for a `VAT justifications review` and wait for feedback Iron Bank: - [ ] Review findings and justifications > Note: If the above process is rejected for any reason, the `Review` or `Verification` label will be removed and the issue will be sent back to `To-Do`. Any comments will be listed in this issue for you to address. Once they have been addressed, you **must** re-add the `Review` or `Verification` label. ## Questions? Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add `/cc @ironbank-notifications/onboarding`. Additionally, Iron Bank hosts an [AMA](https://www.zoomgov.com/meeting/register/vJIsdemoqTMpGpm-2c6xjdAm0MLD6vuvu5I) working session every Wednesday from 1630-1730EST to answer questions.

issue