chore(findings): tetrate/istio/istioctl
Summary
tetrate/istio/istioctl has 16 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
GHSA-jw44-4f3j-q396 | Anchore CVE | Medium | helm.sh/helm/v3-v3.12.2 |
GHSA-v53g-5gjp-272r | Anchore CVE | Medium | helm.sh/helm/v3-v3.12.2 |
GHSA-c5q2-7r4c-mv6g | Anchore CVE | Medium | github.com/go-jose/go-jose/v3-v3.0.1 |
GHSA-pvcr-v8j8-j5q3 | Anchore CVE | Medium | github.com/lestrrat-go/jwx-v1.2.26 |
GHSA-8r3f-844c-mc37 | Anchore CVE | Medium | google.golang.org/protobuf-v1.31.0 |
GHSA-7f9x-gw85-8grf | Anchore CVE | Medium | github.com/lestrrat-go/jwx-v1.2.26 |
GHSA-hj3v-m684-v259 | Anchore CVE | Medium | github.com/lestrrat-go/jwx-v1.2.26 |
GHSA-r53h-jv2g-vpx6 | Anchore CVE | High | helm.sh/helm/v3-v3.12.2 |
GHSA-xw73-rw38-6vjc | Anchore CVE | Medium | github.com/docker/docker-v24.0.7+incompatible |
CVE-2024-26147 | Twistlock CVE | High | helm.sh/helm/v3-v3.12.2 |
CVE-2024-24557 | Twistlock CVE | Medium | github.com/docker/docker-v24.0.7 |
CVE-2024-28122 | Twistlock CVE | Medium | github.com/lestrrat-go/jwx-v1.2.26 |
GHSA-3m87-5598-2v4f | Twistlock CVE | Medium | github.com/prometheus/prometheus-v0.45.0 |
CVE-2024-28180 | Twistlock CVE | Medium | github.com/go-jose/go-jose/v3-v3.0.1 |
CVE-2024-25620 | Twistlock CVE | Medium | helm.sh/helm/v3/pkg/chartutil-v3.12.2 |
CVE-2024-25620 | Twistlock CVE | Medium | helm.sh/helm/v3/pkg/chart-v3.12.2 |
VAT: https://vat.dso.mil/vat/image?imageName=tetrate/istio/istioctl&tag=1.19.9-tetratefips-v0&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=tetrate/istio/istioctl&tag=1.19.3-tetratefips-v0&branch=master
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the StatusVerification label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications
Note: If the above process is rejected for any reason, the
Verification
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theVerification
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.