UNCLASSIFIED - NO CUI

Skip to content

chore(findings): via-science/base-image/conda_build_env

Summary

via-science/base-image/conda_build_env has 110 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-26184 Twistlock CVE Critical poetry-1.1.7
CVE-2022-36069 Twistlock CVE High poetry-1.1.7
CVE-2022-36070 Twistlock CVE High poetry-1.1.7
GHSA-j4j9-7hg9-97g6 Anchore CVE High poetry-1.1.7
GHSA-xr2c-5w89-63pv Anchore CVE Critical poetry-1.1.7
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
GHSA-9xgj-fcgf-x6mw Anchore CVE High poetry-1.1.7
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CCE-85888-6 OSCAP Compliance Medium
CVE-2022-42966 Twistlock CVE Medium cleo-0.8.1
CVE-2022-45061 Twistlock CVE Medium python3-libs-3.6.8-48.el8_7
CVE-2022-45061 Twistlock CVE Medium platform-python-3.6.8-48.el8_7
CVE-2022-36227 Twistlock CVE Low libarchive-3.3.3-4.el8
CVE-2022-45061 Anchore CVE High python-3.9.5
GHSA-2p9h-ccw7-33gf Anchore CVE Medium cleo-0.8.1
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2022-45061 Anchore CVE Medium platform-python-3.6.8-48.el8_7
CVE-2007-4559 Anchore CVE Medium python3-libs-3.6.8-48.el8_7
CVE-2022-36227 Anchore CVE Low libarchive-3.3.3-4.el8
CVE-2007-4559 Anchore CVE Medium platform-python-3.6.8-48.el8_7
CVE-2022-45061 Anchore CVE Medium python3-libs-3.6.8-48.el8_7
CVE-2020-17049 Twistlock CVE Medium krb5-libs-1.18.2-22.el8_7
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2022-4285 Twistlock CVE Medium gdb-gdbserver-8.2-19.el8
CCE-86099-9 OSCAP Compliance Medium
GHSA-43fp-rhv2-5gv8 Anchore CVE Medium certifi-2021.5.30
GHSA-43fp-rhv2-5gv8 Anchore CVE Medium certifi-2021.5.30
GHSA-43fp-rhv2-5gv8 Anchore CVE Medium certifi-2021.10.8
CVE-2022-4285 Anchore CVE Medium gdb-gdbserver-8.2-19.el8
CVE-2021-44568 Twistlock CVE Low libsolv-0.7.20-4.el8_7
CVE-2021-44568 Anchore CVE Low libsolv-0.7.20-4.el8_7
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-52.0.0.post20210125
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-57.1.0
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-57.1.0
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-52.0.0.post20210125
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
CVE-2022-40897 Twistlock CVE Medium platform-python-setuptools-39.2.0-6.el8
CVE-2022-40897 Twistlock CVE Medium python3-setuptools-wheel-39.2.0-6.el8
CVE-2022-40897 Anchore CVE Medium platform-python-setuptools-39.2.0-6.el8
CVE-2022-40897 Anchore CVE Medium python3-setuptools-wheel-39.2.0-6.el8
CVE-2022-46908 Twistlock CVE Medium sqlite-libs-3.26.0-17.el8_7
CVE-2018-20839 Twistlock CVE Medium systemd-239-68.el8_7.2
CVE-2018-20839 Twistlock CVE Medium systemd-libs-239-68.el8_7.2
CVE-2018-20839 Twistlock CVE Medium systemd-pam-239-68.el8_7.2
CVE-2022-4415 Twistlock CVE Medium systemd-239-68.el8_7.2
CVE-2022-4415 Twistlock CVE Medium systemd-libs-239-68.el8_7.2
CVE-2022-4415 Twistlock CVE Medium systemd-pam-239-68.el8_7.2
CVE-2021-3826 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2021-3826 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2019-19244 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2020-35512 Twistlock CVE Low dbus-common-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-libs-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-daemon-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-tools-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-1.12.8-23.el8_7.1
CVE-2022-43552 Twistlock CVE Low curl-7.61.1-25.el8_7.1
CVE-2022-43552 Twistlock CVE Low libcurl-7.61.1-25.el8_7.1
CVE-2022-27943 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2022-27943 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2021-3997 Twistlock CVE Low systemd-pam-239-68.el8_7.2
CVE-2021-3997 Twistlock CVE Low systemd-libs-239-68.el8_7.2
CVE-2021-3997 Twistlock CVE Low systemd-239-68.el8_7.2
CVE-2018-1000654 Twistlock CVE Low libtasn1-4.13-4.el8_7
CVE-2021-46195 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2021-46195 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2019-9937 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-9936 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-14250 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2019-14250 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2022-35252 Twistlock CVE Low curl-7.61.1-25.el8_7.1
CVE-2022-35252 Twistlock CVE Low libcurl-7.61.1-25.el8_7.1
CVE-2022-35252 Anchore CVE Low curl-7.61.1-25.el8_7.1
CVE-2022-4415 Anchore CVE Medium systemd-239-68.el8_7.2
CVE-2022-35252 Anchore CVE Low libcurl-7.61.1-25.el8_7.1
CVE-2022-4415 Anchore CVE Medium systemd-libs-239-68.el8_7.2
CVE-2022-43552 Anchore CVE Low libcurl-7.61.1-25.el8_7.1
CVE-2022-4415 Anchore CVE Medium systemd-pam-239-68.el8_7.2
CVE-2022-43552 Anchore CVE Low curl-7.61.1-25.el8_7.1
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
CVE-2022-47629 Twistlock CVE Critical libksba-1.3.5-8.el8_6
CVE-2017-15412 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2016-5131 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-0663 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9047 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9050 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9049 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-7375 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2016-4658 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9048 Twistlock CVE Low python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-18258 Twistlock CVE Low python3-libxml2-2.9.7-15.el8_7.1
CVE-2022-47629 Anchore CVE High libksba-1.3.5-8.el8_6
CVE-2022-45873 Twistlock CVE Medium systemd-libs-239-68.el8_7.2
CVE-2022-45873 Twistlock CVE Medium systemd-pam-239-68.el8_7.2
CVE-2022-45873 Twistlock CVE Medium systemd-239-68.el8_7.2
CVE-2023-22745 Twistlock CVE Low tpm2-tss-2.3.2-4.el8
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2023-22745 Anchore CVE Low tpm2-tss-2.3.2-4.el8
CVE-2022-23990 Twistlock CVE Medium expat-2.2.5-10.el8_7.1

VAT: https://vat.dso.mil/vat/image?imageName=via-science/base-image/conda_build_env&tag=v4.1.1&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/via/base-image/conda-build-env/-/jobs/15241250

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI