chore(findings): solutions-delivery-platform/jenkins-agent/jenkins-agent
Summary
solutions-delivery-platform/jenkins-agent/jenkins-agent has 81 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2018-10892 | anchore_cve | Medium | docker-5.0.0 |
CVE-2019-13139 | anchore_cve | High | docker-5.0.0 |
CVE-2021-21284 | anchore_cve | Medium | docker-5.0.0 |
CVE-2019-16884 | anchore_cve | High | docker-5.0.0 |
CVE-2019-5736 | anchore_cve | High | docker-5.0.0 |
CVE-2020-27534 | anchore_cve | Medium | docker-5.0.0 |
CVE-2019-13509 | anchore_cve | High | docker-5.0.0 |
CVE-2021-21285 | anchore_cve | Medium | docker-5.0.0 |
GHSA-5xp3-jfq3-5q8x | anchore_cve | Medium | pip-21.0.1 |
CVE-2022-24302 | twistlock_cve | Medium | paramiko-2.7.2 |
CVE-2022-29187 | anchore_cve | Medium | git-2.31.1-2.el8 |
CVE-2022-29187 | anchore_cve | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-29187 | anchore_cve | Medium | git-core-2.31.1-2.el8 |
CVE-2022-29187 | anchore_cve | Medium | git-core-doc-2.31.1-2.el8 |
CVE-2022-29187 | twistlock_cve | Medium | git-2.31.1-2.el8 |
CVE-2022-29187 | twistlock_cve | Medium | git-core-2.31.1-2.el8 |
CVE-2022-29187 | twistlock_cve | Medium | perl-Git-2.31.1-2.el8 |
CVE-2020-16156 | twistlock_cve | Medium | perl-IO-1.38-421.el8 |
CVE-2020-16156 | twistlock_cve | Medium | perl-interpreter-5.26.3-421.el8 |
CVE-2020-16156 | twistlock_cve | Medium | perl-macros-5.26.3-421.el8 |
CVE-2020-16156 | twistlock_cve | Medium | perl-libs-5.26.3-421.el8 |
CVE-2020-16156 | twistlock_cve | Medium | perl-Errno-1.28-421.el8 |
CVE-2021-40330 | twistlock_cve | Medium | git-core-2.31.1-2.el8 |
CVE-2021-40330 | twistlock_cve | Medium | git-2.31.1-2.el8 |
CVE-2021-40330 | twistlock_cve | Medium | perl-Git-2.31.1-2.el8 |
CVE-2021-21300 | twistlock_cve | Medium | git-2.31.1-2.el8 |
CVE-2021-21300 | twistlock_cve | Medium | git-core-2.31.1-2.el8 |
CVE-2021-21300 | twistlock_cve | Medium | perl-Git-2.31.1-2.el8 |
CVE-2015-20107 | twistlock_cve | Medium | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2015-20107 | twistlock_cve | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-24765 | twistlock_cve | Medium | git-core-2.31.1-2.el8 |
CVE-2022-24765 | twistlock_cve | Medium | perl-Git-2.31.1-2.el8 |
CVE-2022-24765 | twistlock_cve | Medium | git-2.31.1-2.el8 |
CVE-2021-3733 | twistlock_cve | Medium | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-3733 | twistlock_cve | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-39537 | twistlock_cve | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2022-0391 | twistlock_cve | Medium | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-0391 | twistlock_cve | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2018-1000021 | twistlock_cve | Medium | perl-Git-2.31.1-2.el8 |
CVE-2018-1000021 | twistlock_cve | Medium | git-2.31.1-2.el8 |
CVE-2018-1000021 | twistlock_cve | Medium | git-core-2.31.1-2.el8 |
CVE-2019-9674 | twistlock_cve | Low | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2019-9674 | twistlock_cve | Low | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-3737 | twistlock_cve | Low | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-3737 | twistlock_cve | Low | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2018-20406 | twistlock_cve | Low | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2018-20406 | twistlock_cve | Low | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2018-15919 | twistlock_cve | Low | openssh-clients-8.0p1-13.el8 |
CVE-2018-15919 | twistlock_cve | Low | openssh-8.0p1-13.el8 |
CVE-2018-19211 | twistlock_cve | Low | ncurses-6.1-9.20180224.el8 |
CVE-2018-1121 | twistlock_cve | Low | procps-ng-3.3.15-6.el8 |
CVE-2019-6110 | twistlock_cve | Low | openssh-clients-8.0p1-13.el8 |
CVE-2019-6110 | twistlock_cve | Low | openssh-8.0p1-13.el8 |
CVE-2021-28861 | anchore_cve | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2021-28861 | anchore_cve | Medium | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-25857 | twistlock_cve | High | org.yaml_snakeyaml-1.28 |
CVE-2022-39046 | twistlock_cve | Medium | glibc-all-langpacks-2.28-189.5.el8_6 |
CVE-2020-10735 | twistlock_cve | Medium | python36-devel-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2020-10735 | twistlock_cve | Medium | python36-3.6.8-38.module+el8.5.0+12207+5c5719bc |
CVE-2022-38751 | twistlock_cve | Medium | org.yaml_snakeyaml-1.28 |
CVE-2022-38749 | twistlock_cve | Medium | org.yaml_snakeyaml-1.28 |
CVE-2022-38750 | twistlock_cve | Medium | org.yaml_snakeyaml-1.28 |
GHSA-3mc7-4q67-w48m | anchore_cve | High | snakeyaml-1.28 |
GHSA-3mc7-4q67-w48m | anchore_cve | High | snakeyaml-1.28 |
CVE-2022-38752 | twistlock_cve | Medium | org.yaml_snakeyaml-1.28 |
GHSA-9w3m-gqgf-c4p9 | anchore_cve | Medium | snakeyaml-1.28 |
GHSA-9w3m-gqgf-c4p9 | anchore_cve | Medium | snakeyaml-1.28 |
CVE-2020-10735 | twistlock_cve | Medium | platform-python-devel-3.6.8-47.el8_6 |
CVE-2019-9674 | twistlock_cve | Low | platform-python-devel-3.6.8-47.el8_6 |
CVE-2018-20406 | twistlock_cve | Low | platform-python-devel-3.6.8-47.el8_6 |
CVE-2022-24302 | anchore_cve | Medium | paramiko-2.7.2 |
CVE-2020-10735 | anchore_cve | Medium | platform-python-devel-3.6.8-47.el8_6 |
CVE-2021-28861 | anchore_cve | Medium | platform-python-devel-3.6.8-47.el8_6 |
CVE-2015-20107 | anchore_cve | Medium | platform-python-devel-3.6.8-47.el8_6 |
CVE-2022-0391 | anchore_cve | Medium | platform-python-devel-3.6.8-47.el8_6 |
GHSA-c4r9-r8fh-9vj2 | anchore_cve | Medium | snakeyaml-1.28 |
GHSA-c4r9-r8fh-9vj2 | anchore_cve | Medium | snakeyaml-1.28 |
GHSA-98wm-3w3q-mw94 | anchore_cve | Medium | snakeyaml-1.28 |
GHSA-hhhw-99gj-p3c3 | anchore_cve | Medium | snakeyaml-1.28 |
GHSA-98wm-3w3q-mw94 | anchore_cve | Medium | snakeyaml-1.28 |
GHSA-hhhw-99gj-p3c3 | anchore_cve | Medium | snakeyaml-1.28 |
VAT: https://vat.dso.mil/vat/container/15562?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/solutions-delivery-platform/jenkins-agent/jenkins-agent/-/jobs/6064924
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Ghost User