UNCLASSIFIED - NO CUI

Skip to content

chore(findings): raven-solutions/experience-manager-website

Summary

raven-solutions/experience-manager-website has 113 new findings discovered during continuous monitoring.

id source severity package
CVE-2021-27293 Anchore CVE High RestSharp-106.11.7
CVE-2021-32840 Anchore CVE Critical SharpZipLib-1.3.1
CVE-2021-32841 Anchore CVE Medium SharpZipLib-1.3.1
CVE-2021-32842 Anchore CVE Medium SharpZipLib-1.3.1
CVE-2022-36227 Twistlock CVE Low libarchive-3.3.3-4.el8
CVE-2022-36227 Anchore CVE Low libarchive-3.3.3-4.el8
CVE-2020-17049 Twistlock CVE Medium krb5-libs-1.18.2-22.el8_7
CCE-86099-9 OSCAP Compliance Medium
CVE-2019-19244 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2020-35512 Twistlock CVE Low dbus-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-libs-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-common-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-tools-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-daemon-1.12.8-23.el8_7.1
CVE-2022-27943 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2022-27943 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2018-1000654 Twistlock CVE Low libtasn1-4.13-4.el8_7
CVE-2019-9937 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-9936 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-14250 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2019-14250 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
CVE-2023-22745 Twistlock CVE Low tpm2-tss-2.3.2-4.el8
CVE-2023-22745 Anchore CVE Low tpm2-tss-2.3.2-4.el8
CCE-83478-8 OSCAP Compliance Medium
CCE-83480-4 OSCAP Compliance Medium
CCE-86067-6 OSCAP Compliance Medium
CVE-2018-20839 Twistlock CVE Medium systemd-239-68.el8_7.4
CVE-2018-20839 Twistlock CVE Medium systemd-pam-239-68.el8_7.4
CVE-2018-20839 Twistlock CVE Medium systemd-libs-239-68.el8_7.4
CVE-2019-9674 Twistlock CVE Low python3-libs-3.6.8-48.el8_7.1
CVE-2019-9674 Twistlock CVE Low platform-python-3.6.8-48.el8_7.1
CVE-2021-3997 Twistlock CVE Low systemd-pam-239-68.el8_7.4
CVE-2021-3997 Twistlock CVE Low systemd-libs-239-68.el8_7.4
CVE-2021-3997 Twistlock CVE Low systemd-239-68.el8_7.4
CVE-2021-20193 Twistlock CVE Low tar-1.30-6.el8_7.1
CVE-2019-9923 Twistlock CVE Low tar-1.30-6.el8_7.1
CVE-2007-4559 Anchore CVE Medium platform-python-3.6.8-48.el8_7.1
CVE-2007-4559 Anchore CVE Medium python3-libs-3.6.8-48.el8_7.1
CVE-2023-24329 Twistlock CVE Critical platform-python-3.6.8-48.el8_7.1
CVE-2023-24329 Twistlock CVE Critical python3-libs-3.6.8-48.el8_7.1
CVE-2023-24329 Anchore CVE High python3-libs-3.6.8-48.el8_7.1
CVE-2023-24329 Anchore CVE High platform-python-3.6.8-48.el8_7.1
CVE-2023-26604 Anchore CVE Medium systemd-libs-239-68.el8_7.4
CVE-2023-26604 Anchore CVE Medium systemd-pam-239-68.el8_7.4
CVE-2023-26604 Anchore CVE Medium systemd-239-68.el8_7.4
CVE-2022-43552 Twistlock CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-43552 Twistlock CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-35252 Twistlock CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-35252 Twistlock CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-35252 Anchore CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-35252 Anchore CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-43552 Anchore CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-43552 Anchore CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2022-25881 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-0613 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-0235 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-0536 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2022-24723 Twistlock CVE Medium dotnet-host-7.0.4-1.el8_7
CVE-2020-12413 Twistlock CVE Low nss-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-softokn-freebl-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-util-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-softokn-3.79.0-11.el8_7
CVE-2020-12413 Twistlock CVE Low nss-sysinit-3.79.0-11.el8_7
CVE-2021-4231 Twistlock CVE Low dotnet-host-7.0.4-1.el8_7
CVE-2023-26604 Twistlock CVE Medium systemd-pam-239-68.el8_7.4
CVE-2023-26604 Twistlock CVE Medium systemd-239-68.el8_7.4
CVE-2023-26604 Twistlock CVE Medium systemd-libs-239-68.el8_7.4
CVE-2022-23990 Twistlock CVE Medium expat-2.2.5-10.el8_7.1
CVE-2023-27535 Twistlock CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27535 Twistlock CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2022-4899 Twistlock CVE Low libzstd-1.4.4-1.el8
CVE-2023-27536 Twistlock CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2023-27536 Twistlock CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27534 Twistlock CVE Low libcurl-7.61.1-25.el8_7.3
CVE-2023-27534 Twistlock CVE Low curl-7.61.1-25.el8_7.3
CVE-2022-4899 Anchore CVE Low libzstd-1.4.4-1.el8
CVE-2023-27536 Anchore CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27535 Anchore CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2023-27535 Anchore CVE Medium curl-7.61.1-25.el8_7.3
CVE-2023-27536 Anchore CVE Medium libcurl-7.61.1-25.el8_7.3
CVE-2023-1579 Twistlock CVE Medium gdb-gdbserver-8.2-19.el8
CVE-2023-25180 Twistlock CVE Low glib2-2.56.4-159.el8
CVE-2023-24593 Twistlock CVE Low glib2-2.56.4-159.el8
CVE-2023-0464 Twistlock CVE Low openssl-libs-1.1.1k-9.el8_7
CVE-2023-0464 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-0464 Anchore CVE Low openssl-libs-1:1.1.1k-9.el8_7
CVE-2023-0464 Anchore CVE Low openssl-1:1.1.1k-9.el8_7
CVE-2023-1579 Anchore CVE Medium gdb-gdbserver-8.2-19.el8
CVE-2023-0466 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-0466 Twistlock CVE Low openssl-libs-1.1.1k-9.el8_7
CVE-2023-0465 Twistlock CVE Low openssl-1.1.1k-9.el8_7
CVE-2023-0465 Twistlock CVE Low openssl-libs-1.1.1k-9.el8_7
CVE-2023-0466 Anchore CVE Low openssl-libs-1:1.1.1k-9.el8_7
CVE-2023-0465 Anchore CVE Low openssl-1:1.1.1k-9.el8_7
CVE-2023-0465 Anchore CVE Low openssl-libs-1:1.1.1k-9.el8_7
CVE-2023-0466 Anchore CVE Low openssl-1:1.1.1k-9.el8_7
CVE-2021-4209 Twistlock CVE Low gnutls-3.6.16-6.el8_7
CVE-2021-45985 Twistlock CVE Medium lua-libs-5.3.4-12.el8
PRISMA-2022-0168 Twistlock CVE High pip-9.0.3
CVE-2021-33503 Twistlock CVE High urllib3-1.24.2
CVE-2019-20916 Twistlock CVE High pip-9.0.3
CVE-2020-26137 Twistlock CVE Medium urllib3-1.24.2
CVE-2019-11236 Twistlock CVE Medium urllib3-1.24.2
CVE-2023-29469 Twistlock CVE Medium libxml2-2.9.7-15.el8_7.1
CVE-2023-29469 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2023-28484 Twistlock CVE Medium libxml2-2.9.7-15.el8_7.1
CVE-2023-28484 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2022-40897 Twistlock CVE Medium setuptools-39.2.0
CVE-2021-3572 Twistlock CVE Medium pip-9.0.3
CVE-2023-28260 Anchore CVE High dotnet-host-7.0.4-1.el8_7

VAT: https://vat.dso.mil/vat/image?imageName=raven-solutions/experience-manager-website&tag=1.0.0&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/raven-solutions/experience-manager-website/-/jobs/14743840

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI