UNCLASSIFIED - NO CUI

chore(findings): security-compass/sd-elements/trend-reporting

Summary

security-compass/sd-elements/trend-reporting has 80 new findings discovered during continuous monitoring.

Layer: redhat/ubi/ubi9:9.6 is EOL, please update if possible

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/trend-reporting&tag=2025.3.2-9.6-002&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2024-34459 Twistlock CVE Low libxml2-2.9.13-14.el9_7 0.00847 false
CVE-2024-34459 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00847 false
CVE-2024-41996 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00690 false
CVE-2024-41996 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00690 false
CVE-2024-41996 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00690 false
CVE-2025-14087 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00197 false
CVE-2025-14087 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00197 false
CVE-2025-27113 Twistlock CVE Low libxml2-2.9.13-14.el9_7 0.00184 false
CVE-2025-27113 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00184 false
CVE-2025-6069 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00163 false
CVE-2025-6069 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00163 false
CVE-2025-6069 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00163 false
CVE-2025-6069 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00163 false
CVE-2024-13176 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00123 false
CVE-2024-13176 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00123 false
CVE-2024-13176 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00123 false
CVE-2025-8291 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00113 false
CVE-2025-8291 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00113 false
CVE-2025-8291 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00113 false
CVE-2025-8291 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00113 false
CVE-2023-45322 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00076 false
CVE-2025-4207 Twistlock CVE Medium libpq-13.20-1.el9_5 0.00070 false
CVE-2025-4207 Anchore CVE Medium libpq-devel-13.20-1.el9_5 0.00070 false
CVE-2025-4207 Anchore CVE Medium libpq-13.20-1.el9_5 0.00070 false
CVE-2025-13836 Twistlock CVE Medium python3.9-3.9.23-2.el9 0.00066 false
CVE-2025-13836 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3-libs-3.9.23-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3-3.9.23-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00066 false
CVE-2025-13836 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00066 false
CVE-2025-12818 Twistlock CVE Medium libpq-13.20-1.el9_5 0.00052 false
CVE-2025-12818 Anchore CVE Medium libpq-devel-13.20-1.el9_5 0.00052 false
CVE-2025-12818 Anchore CVE Medium libpq-13.20-1.el9_5 0.00052 false
CVE-2023-24056 Twistlock CVE Low pkgconf-1.7.3-10.el9 0.00039 false
CVE-2023-24056 Anchore CVE Low libpkgconf-1.7.3-10.el9 0.00039 false
CVE-2023-24056 Anchore CVE Low pkgconf-1.7.3-10.el9 0.00039 false
CVE-2023-24056 Anchore CVE Low pkgconf-m4-1.7.3-10.el9 0.00039 false
CVE-2023-24056 Anchore CVE Low pkgconf-pkg-config-1.7.3-10.el9 0.00039 false
CVE-2025-14512 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00034 false
CVE-2025-14512 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00034 false
CVE-2025-9232 Twistlock CVE Low openssl-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-9232 Anchore CVE Low openssl-libs-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-9232 Anchore CVE Low openssl-1:3.5.1-4.el9_7 0.00027 false
CVE-2025-4516 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00023 false
CVE-2025-4516 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00023 false
CVE-2025-4516 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00023 false
CVE-2025-4516 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00023 false
CVE-2025-66471 Twistlock CVE High urllib3-1.26.5 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to stream compressed content from untrusted sources. 0.00018 false
CVE-2025-66471 Twistlock CVE High urllib3-2.5.0 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to stream compressed content from untrusted sources. 0.00018 false
CVE-2025-66418 Twistlock CVE High urllib3-2.5.0 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to make requests to untrusted sources. Use preloadcontentFalse and ensure that resp.headerscontentencoding contains a safe number of encodings before reading the response content. 0.00018 false
CVE-2025-66418 Twistlock CVE High urllib3-1.26.5 As of 20251212, we have received no reports of active exploitation in the wild. Users would need to make requests to untrusted sources. Use preloadcontentFalse and ensure that resp.headerscontentencoding contains a safe number of encodings before reading the response content. 0.00018 false
CVE-2025-13837 Twistlock CVE Medium python3.9-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Twistlock CVE Medium python3.12-3.12.11-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3-libs-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3.12-devel-3.12.11-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3.12-3.12.11-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3-3.9.23-2.el9 0.00018 false
CVE-2025-13837 Anchore CVE Medium python3.12-libs-3.12.11-2.el9 0.00018 false
CVE-2025-66382 Twistlock CVE Low expat-2.5.0-5.el9_7.1 0.00017 false
CVE-2025-66382 Anchore CVE Low expat-2.5.0-5.el9_7.1 0.00017 false
CVE-2025-6170 Twistlock CVE Low libxml2-2.9.13-14.el9_7 0.00017 false
CVE-2025-6170 Anchore CVE Low libxml2-2.9.13-14.el9_7 0.00017 false
CVE-2025-6075 Twistlock CVE Low python3.12-3.12.11-2.el9 0.00017 false
CVE-2025-6075 Anchore CVE Low python3.12-devel-3.12.11-2.el9 0.00017 false
CVE-2025-6075 Anchore CVE Low python3.12-libs-3.12.11-2.el9 0.00017 false
CVE-2025-6075 Anchore CVE Low python3.12-3.12.11-2.el9 0.00017 false
CVE-2025-13601 Twistlock CVE Medium glib2-2.68.4-18.el9_7 0.00015 false
CVE-2025-13601 Anchore CVE Medium glib2-2.68.4-18.el9_7 0.00015 false
CVE-2025-14104 Twistlock CVE Medium util-linux-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-core-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libuuid-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libfdisk-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libsmartcols-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libmount-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium util-linux-2.37.4-21.el9 0.00014 false
CVE-2025-14104 Anchore CVE Medium libblkid-2.37.4-21.el9 0.00014 false
PRISMA-2022-0168 Twistlock CVE High pip-25.3 N/A N/A
GHSA-gm62-xv2j-4w53 Anchore CVE High urllib3-2.5.0 N/A N/A
GHSA-2xpw-w6gg-jr37 Anchore CVE High urllib3-2.5.0 N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=security-compass/sd-elements/trend-reporting&tag=2025.3.2-9.6-002&branch=master

Tasks

Contributor:

  • Apply the StatusReview label to this issue for a merge request review and wait for feedback

OR

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI