UNCLASSIFIED - NO CUI

chore(findings): raven-solutions/experience-manager-processor

Summary

raven-solutions/experience-manager-processor has 100 new findings discovered during continuous monitoring.

id source severity package
CVE-2021-27293 Anchore CVE High RestSharp-106.11.7
CVE-2021-32840 Anchore CVE Critical SharpZipLib-1.3.1
CVE-2021-32841 Anchore CVE Medium SharpZipLib-1.3.1
CVE-2021-32842 Anchore CVE Medium SharpZipLib-1.3.1
CVE-2022-36227 Twistlock CVE Low libarchive-3.3.3-4.el8
CVE-2022-36227 Anchore CVE Low libarchive-3.3.3-4.el8
CVE-2020-17049 Twistlock CVE Medium krb5-libs-1.18.2-22.el8_7
CCE-86099-9 OSCAP Compliance Medium
CVE-2019-19244 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2020-35512 Twistlock CVE Low dbus-libs-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-daemon-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-tools-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-common-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-1.12.8-23.el8_7.1
CVE-2022-27943 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2022-27943 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2018-1000654 Twistlock CVE Low libtasn1-4.13-4.el8_7
CVE-2019-9937 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-9936 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-14250 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2019-14250 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libgcc-8.5.0-16.el8_7
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
CVE-2023-22745 Twistlock CVE Low tpm2-tss-2.3.2-4.el8
CVE-2023-22745 Anchore CVE Low tpm2-tss-2.3.2-4.el8
CCE-83478-8 OSCAP Compliance Medium
CCE-83480-4 OSCAP Compliance Medium
CCE-86067-6 OSCAP Compliance Medium
CVE-2018-20839 Twistlock CVE Medium systemd-239-68.el8_7.4
CVE-2018-20839 Twistlock CVE Medium systemd-pam-239-68.el8_7.4
CVE-2018-20839 Twistlock CVE Medium systemd-libs-239-68.el8_7.4
CVE-2019-9674 Twistlock CVE Low python3-libs-3.6.8-48.el8_7.1
CVE-2019-9674 Twistlock CVE Low platform-python-3.6.8-48.el8_7.1
CVE-2021-3997 Twistlock CVE Low systemd-239-68.el8_7.4
CVE-2021-3997 Twistlock CVE Low systemd-libs-239-68.el8_7.4
CVE-2021-3997 Twistlock CVE Low systemd-pam-239-68.el8_7.4
CVE-2021-20193 Twistlock CVE Low tar-1.30-6.el8_7.1
CVE-2019-9923 Twistlock CVE Low tar-1.30-6.el8_7.1
CVE-2007-4559 Anchore CVE Medium platform-python-3.6.8-48.el8_7.1
CVE-2007-4559 Anchore CVE Medium python3-libs-3.6.8-48.el8_7.1
CVE-2023-24329 Twistlock CVE Critical python3-libs-3.6.8-48.el8_7.1
CVE-2023-24329 Twistlock CVE Critical platform-python-3.6.8-48.el8_7.1
CVE-2023-24329 Anchore CVE High python3-libs-3.6.8-48.el8_7.1
CVE-2023-24329 Anchore CVE High platform-python-3.6.8-48.el8_7.1
CVE-2023-26604 Anchore CVE Medium systemd-libs-239-68.el8_7.4
CVE-2023-26604 Anchore CVE Medium systemd-239-68.el8_7.4
CVE-2023-26604 Anchore CVE Medium systemd-pam-239-68.el8_7.4
CVE-2022-43552 Twistlock CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-43552 Twistlock CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-35252 Twistlock CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-35252 Twistlock CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-43552 Anchore CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-35252 Anchore CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-43552 Anchore CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-35252 Anchore CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-25881 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-0613 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-0235 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-0536 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-24723 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2020-12413 Twistlock CVE Low nss-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-util-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-sysinit-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-softokn-freebl-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-softokn-3.79.0-11.el8_7
CVE-2021-4231 Twistlock CVE Low dotnet-host-7.0.4-1.el8_7
CVE-2023-26604 Twistlock CVE Medium systemd-pam-239-68.el8_7.4
CVE-2023-26604 Twistlock CVE Medium systemd-libs-239-68.el8_7.4
CVE-2023-26604 Twistlock CVE Medium systemd-239-68.el8_7.4
CVE-2022-23990 Twistlock CVE Medium expat-2.2.5-10.el8_7.1
CVE-2022-4899 Twistlock CVE Low libzstd-1.4.4-1.el8
CVE-2022-4899 Anchore CVE Low libzstd-1.4.4-1.el8
CVE-2023-27535 Twistlock CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27535 Twistlock CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2023-27536 Twistlock CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27536 Twistlock CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2023-27534 Twistlock CVE Low curl-7.61.1-25.el8_7.3
CVE-2023-27534 Twistlock CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2023-27536 Anchore CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27535 Anchore CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2023-27535 Anchore CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27536 Anchore CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2023-1579 Twistlock CVE Medium gdb-gdbserver-8.2-19.el8
CVE-2023-25180 Twistlock CVE Low glib2-2.56.4-159.el8
CVE-2023-24593 Twistlock CVE Low glib2-2.56.4-159.el8
CVE-2023-0464 Twistlock CVE Low openssl-libs-1.1.1k-9.el8_7
CVE-2023-0464 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-0464 Anchore CVE Low openssl-1:1.1.1k-9.el8_7
CVE-2023-0464 Anchore CVE Low openssl-libs-1:1.1.1k-9.el8_7
CVE-2023-1579 Anchore CVE Medium gdb-gdbserver-8.2-19.el8
CVE-2023-0466 Twistlock CVE Low openssl-libs-1.1.1k-9.el8_7
CVE-2023-0466 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-0465 Twistlock CVE Low openssl-libs-1.1.1k-9.el8_7
CVE-2023-0465 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-0465 Anchore CVE Low openssl-libs-1:1.1.1k-9.el8_7
CVE-2023-0466 Anchore CVE Low openssl-1:1.1.1k-9.el8_7
CVE-2023-0465 Anchore CVE Low openssl-1:1.1.1k-9.el8_7
CVE-2023-0466 Anchore CVE Low openssl-libs-1:1.1.1k-9.el8_7
CVE-2021-4209 Twistlock CVE Low gnutls-3.6.16-6.el8_7

VAT: https://vat.dso.mil/vat/image?imageName=raven-solutions/experience-manager-processor&tag=1.0.0&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/raven-solutions/experience-manager-processor/-/jobs/14724028

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User

UNCLASSIFIED - NO CUI