UNCLASSIFIED - NO CUI

Skip to content

chore(findings): via-science/base-image/conda_build_env

Summary

via-science/base-image/conda_build_env has 235 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-26184 Twistlock CVE Critical poetry-1.1.7
CVE-2022-36069 Twistlock CVE High poetry-1.1.7
CVE-2022-36070 Twistlock CVE High poetry-1.1.7
GHSA-j4j9-7hg9-97g6 Anchore CVE High poetry-1.1.7
GHSA-xr2c-5w89-63pv Anchore CVE Critical poetry-1.1.7
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
GHSA-9xgj-fcgf-x6mw Anchore CVE High poetry-1.1.7
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CCE-85987-6 OSCAP Compliance Medium
CCE-85888-6 OSCAP Compliance Medium
CVE-2022-42966 Twistlock CVE Medium cleo-0.8.1
CVE-2022-36227 Twistlock CVE Low libarchive-3.3.3-4.el8
CVE-2022-45061 Anchore CVE High python-3.9.5
GHSA-2p9h-ccw7-33gf Anchore CVE Medium cleo-0.8.1
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2022-36227 Anchore CVE Low libarchive-3.3.3-4.el8
CVE-2020-17049 Twistlock CVE Medium krb5-libs-1.18.2-22.el8_7
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CCE-86099-9 OSCAP Compliance Medium
GHSA-43fp-rhv2-5gv8 Anchore CVE Medium certifi-2021.5.30
GHSA-43fp-rhv2-5gv8 Anchore CVE Medium certifi-2021.5.30
GHSA-43fp-rhv2-5gv8 Anchore CVE Medium certifi-2021.10.8
CVE-2021-44568 Twistlock CVE Low libsolv-0.7.20-4.el8_7
CVE-2021-44568 Anchore CVE Low libsolv-0.7.20-4.el8_7
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-52.0.0.post20210125
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-57.1.0
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-57.1.0
GHSA-r9hx-vwmv-q579 Anchore CVE High setuptools-52.0.0.post20210125
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
GHSA-qwmp-2cf2-g9g6 Anchore CVE High wheel-0.36.2
CVE-2021-3826 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2021-3826 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2019-19244 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2020-35512 Twistlock CVE Low dbus-common-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-libs-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-daemon-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-tools-1.12.8-23.el8_7.1
CVE-2020-35512 Twistlock CVE Low dbus-1.12.8-23.el8_7.1
CVE-2022-27943 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2022-27943 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2018-1000654 Twistlock CVE Low libtasn1-4.13-4.el8_7
CVE-2021-46195 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2021-46195 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2019-9937 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-9936 Twistlock CVE Low sqlite-libs-3.26.0-17.el8_7
CVE-2019-14250 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2019-14250 Twistlock CVE Low libgcc-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libstdc++-8.5.0-16.el8_7
CVE-2018-20657 Twistlock CVE Low libgcc-8.5.0-16.el8_7
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
CVE-2017-15412 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2016-5131 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-0663 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9047 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9050 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9049 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-7375 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2016-4658 Twistlock CVE Medium python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-9048 Twistlock CVE Low python3-libxml2-2.9.7-15.el8_7.1
CVE-2017-18258 Twistlock CVE Low python3-libxml2-2.9.7-15.el8_7.1
CVE-2023-22745 Twistlock CVE Low tpm2-tss-2.3.2-4.el8
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2023-22745 Anchore CVE Low tpm2-tss-2.3.2-4.el8
CCE-83478-8 OSCAP Compliance Medium
CCE-83480-4 OSCAP Compliance Medium
CCE-86067-6 OSCAP Compliance Medium
CVE-2023-0286 Twistlock CVE Medium openssl-libs-1.1.1k-7.el8_6
CVE-2023-25587 Twistlock CVE Medium gdb-gdbserver-8.2-19.el8
CVE-2023-0215 Twistlock CVE Medium openssl-libs-1.1.1k-7.el8_6
CVE-2022-4450 Twistlock CVE Medium openssl-libs-1.1.1k-7.el8_6
CVE-2022-4304 Twistlock CVE Medium openssl-libs-1.1.1k-7.el8_6
CVE-2023-25584 Twistlock CVE Low gdb-gdbserver-8.2-19.el8
CVE-2023-25588 Twistlock CVE Low gdb-gdbserver-8.2-19.el8
CVE-2023-25586 Twistlock CVE Low gdb-gdbserver-8.2-19.el8
CVE-2023-25585 Twistlock CVE Low gdb-gdbserver-8.2-19.el8
GHSA-w7pp-m8wf-vj6r Anchore CVE Medium cryptography-3.4.7
CVE-2022-4450 Anchore CVE Medium openssl-libs-1:1.1.1k-7.el8_6
GHSA-w7pp-m8wf-vj6r Anchore CVE Medium cryptography-3.4.7
CVE-2023-0215 Anchore CVE Medium openssl-libs-1:1.1.1k-7.el8_6
CVE-2023-0286 Anchore CVE Medium openssl-libs-1:1.1.1k-7.el8_6
CVE-2022-4304 Anchore CVE Medium openssl-libs-1:1.1.1k-7.el8_6
CVE-2023-23931 Twistlock CVE Medium cryptography-3.4.7
CVE-2023-0286 Twistlock CVE High cryptography-3.4.7
GHSA-x4qr-2fvf-3mr5 Anchore CVE High cryptography-3.4.7
GHSA-x4qr-2fvf-3mr5 Anchore CVE High cryptography-3.4.7
CVE-2023-0361 Twistlock CVE Medium gnutls-3.6.16-5.el8_6
CVE-2023-0361 Anchore CVE Medium gnutls-3.6.16-5.el8_6
CVE-2023-23916 Twistlock CVE Medium libcurl-7.61.1-25.el8_7.2
CVE-2023-23916 Twistlock CVE Medium curl-7.61.1-25.el8_7.2
CVE-2018-20839 Twistlock CVE Medium systemd-239-68.el8_7.4
CVE-2018-20839 Twistlock CVE Medium systemd-libs-239-68.el8_7.4
CVE-2018-20839 Twistlock CVE Medium systemd-pam-239-68.el8_7.4
CVE-2019-9674 Twistlock CVE Low platform-python-3.6.8-48.el8_7.1
CVE-2019-9674 Twistlock CVE Low python3-libs-3.6.8-48.el8_7.1
CVE-2022-43552 Twistlock CVE Low curl-7.61.1-25.el8_7.2
CVE-2022-43552 Twistlock CVE Low libcurl-7.61.1-25.el8_7.2
CVE-2018-20406 Twistlock CVE Low platform-python-3.6.8-48.el8_7.1
CVE-2021-3997 Twistlock CVE Low systemd-pam-239-68.el8_7.4
CVE-2021-3997 Twistlock CVE Low systemd-239-68.el8_7.4
CVE-2021-3997 Twistlock CVE Low systemd-libs-239-68.el8_7.4
CVE-2021-20193 Twistlock CVE Low tar-1.30-6.el8_7.1
CVE-2019-9923 Twistlock CVE Low tar-1.30-6.el8_7.1
CVE-2022-35252 Twistlock CVE Low curl-7.61.1-25.el8_7.2
CVE-2022-35252 Twistlock CVE Low libcurl-7.61.1-25.el8_7.2
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CVE-2022-45061 Anchore CVE High python-3.9.5
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2022-45061 Anchore CVE High python-3.9.5
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2023-23916 Anchore CVE Medium libcurl-7.61.1-25.el8_7.2
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2022-43552 Anchore CVE Low libcurl-7.61.1-25.el8_7.2
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2022-45061 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2022-45061 Anchore CVE High python-3.9.5
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium platform-python-3.6.8-48.el8_7.1
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2022-35252 Anchore CVE Low libcurl-7.61.1-25.el8_7.2
CVE-2022-43552 Anchore CVE Low curl-7.61.1-25.el8_7.2
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2022-45061 Anchore CVE High python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium python3-libs-3.6.8-48.el8_7.1
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
CVE-2022-35252 Anchore CVE Low curl-7.61.1-25.el8_7.2
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2021-3737 Anchore CVE High python-3.9.5
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CVE-2016-3189 Anchore CVE Medium python-3.9.5
CVE-2018-25032 Anchore CVE High python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
CVE-2021-28861 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2023-23916 Anchore CVE Medium curl-7.61.1-25.el8_7.2
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2022-45061 Anchore CVE High python-3.9.5
CVE-2020-10735 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2022-42919 Anchore CVE High python-3.9.5
CVE-2007-4559 Anchore CVE Medium python-3.9.5
CVE-2013-0340 Anchore CVE Medium python-3.9.5
CVE-2019-12900 Anchore CVE Critical python-3.9.5
CVE-2022-45061 Anchore CVE High python-3.9.5
CVE-2022-26488 Anchore CVE High python-3.9.5
CVE-2015-20107 Anchore CVE High python-3.9.5
CVE-2022-37454 Anchore CVE Critical python-3.9.5
CVE-2023-24329 Twistlock CVE Critical platform-python-3.6.8-48.el8_7.1
CVE-2023-24329 Twistlock CVE Critical python3-libs-3.6.8-48.el8_7.1
CVE-2022-25927 Twistlock CVE Medium python3-subscription-manager-rhsm-1.28.32-1.el8
CVE-2022-25927 Twistlock CVE Medium subscription-manager-1.28.32-1.el8
CVE-2022-25927 Twistlock CVE Medium subscription-manager-rhsm-certificates-1.28.32-1.el8
CVE-2022-25927 Twistlock CVE Medium python3-syspurpose-1.28.32-1.el8
CVE-2022-25927 Twistlock CVE Medium dnf-plugin-subscription-manager-1.28.32-1.el8
CVE-2022-25927 Twistlock CVE Medium python3-cloud-what-1.28.32-1.el8
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2023-24329 Anchore CVE High python3-libs-3.6.8-48.el8_7.1
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2023-24329 Anchore CVE High platform-python-3.6.8-48.el8_7.1
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2023-24329 Anchore CVE High python-3.9.5
CVE-2022-42919 Twistlock CVE Critical platform-python-3.6.8-48.el8_7.1
CVE-2023-25585 Anchore CVE Low gdb-gdbserver-8.2-19.el8
CVE-2023-25587 Anchore CVE Medium gdb-gdbserver-8.2-19.el8
CVE-2023-25584 Anchore CVE Low gdb-gdbserver-8.2-19.el8
CVE-2023-25588 Anchore CVE Low gdb-gdbserver-8.2-19.el8

More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/via/base-image/conda-build-env/-/jobs/19289057

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI