UNCLASSIFIED - NO CUI

Skip to content

chore(findings): via-science/base-image/conda_build_env

Summary

via-science/base-image/conda_build_env has 212 new findings discovered during continuous monitoring.

id source severity package
CVE-2007-4559 anchore_cve Medium python-3.9.5
CVE-2021-3737 anchore_cve High python-3.9.5
CVE-2022-26488 anchore_cve High python-3.9.5
GHSA-xr2c-5w89-63pv anchore_cve Critical poetry-1.1.7
CVE-2015-20107 anchore_cve Critical python-3.9.5
CVE-2021-35938 anchore_cve Medium python3-rpm-4.14.3-23.el8
CVE-2021-35939 anchore_cve Medium rpm-build-libs-4.14.3-23.el8
CVE-2021-35938 anchore_cve Medium rpm-4.14.3-23.el8
CVE-2022-1304 anchore_cve Medium libcom_err-1.45.6-4.el8
CVE-2021-35938 anchore_cve Medium rpm-build-libs-4.14.3-23.el8
CVE-2021-35937 anchore_cve Medium python3-rpm-4.14.3-23.el8
CVE-2021-35939 anchore_cve Medium python3-rpm-4.14.3-23.el8
CVE-2021-35937 anchore_cve Medium rpm-build-libs-4.14.3-23.el8
CVE-2021-35939 anchore_cve Medium rpm-4.14.3-23.el8
CVE-2021-35937 anchore_cve Medium rpm-libs-4.14.3-23.el8
CVE-2021-35938 anchore_cve Medium rpm-libs-4.14.3-23.el8
CVE-2021-35939 anchore_cve Medium rpm-libs-4.14.3-23.el8
CVE-2021-35937 anchore_cve Medium rpm-4.14.3-23.el8
CVE-2021-44568 anchore_cve Low libsolv-0.7.20-1.el8
addbb93c22e9b0988b8b40392a4538cb anchore_comp Low
CVE-2019-12900 anchore_cve Critical python-3.9.5
CVE-2013-0340 anchore_cve Medium python-3.9.5
CVE-2022-26184 twistlock_cve Critical poetry-1.1.7
CVE-2022-27943 anchore_cve Low libstdc++-8.5.0-10.1.el8_6
CVE-2022-27943 anchore_cve Low libgcc-8.5.0-10.1.el8_6
CVE-2021-46828 anchore_cve Medium libtirpc-1.1.4-6.el8
CVE-2022-2509 anchore_cve Medium gnutls-3.6.16-4.el8
CVE-2022-2343 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2126 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2345 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2125 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2124 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2344 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2129 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2175 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-30698 anchore_cve Medium unbound-libs-1.7.3-17.el8
CVE-2022-30699 anchore_cve Medium unbound-libs-1.7.3-17.el8
CVE-2022-2522 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-30698 anchore_cve Medium python3-unbound-1.7.3-17.el8
CVE-2022-37434 anchore_cve Medium zlib-1.2.11-18.el8_5
CVE-2022-30699 anchore_cve Medium python3-unbound-1.7.3-17.el8
CCE-88248-0 oscap_comp Medium
CCE-86107-0 oscap_comp Medium
CVE-2022-2175 twistlock_cve Critical vim-minimal-8.0.1763-19.el8_6.4
CVE-2017-15412 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2016-5131 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2019-17543 twistlock_cve Medium lz4-libs-1.8.3-3.el8_4
CVE-2017-0663 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2022-2183 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2182 twistlock_cve Medium vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2509 twistlock_cve Medium gnutls-3.6.16-4.el8
CVE-2017-9047 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2022-2207 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2020-17049 twistlock_cve Medium krb5-libs-1.18.2-14.el8
CVE-2022-37434 twistlock_cve Medium zlib-1.2.11-18.el8_5
CVE-2022-30699 twistlock_cve Medium python3-unbound-1.7.3-17.el8
CVE-2022-30699 twistlock_cve Medium unbound-libs-1.7.3-17.el8
CVE-2022-30698 twistlock_cve Medium python3-unbound-1.7.3-17.el8
CVE-2022-30698 twistlock_cve Medium unbound-libs-1.7.3-17.el8
CVE-2021-35939 twistlock_cve Medium rpm-4.14.3-23.el8
CVE-2021-35939 twistlock_cve Medium rpm-build-libs-4.14.3-23.el8
CVE-2021-35939 twistlock_cve Medium python3-rpm-4.14.3-23.el8
CVE-2021-35939 twistlock_cve Medium rpm-libs-4.14.3-23.el8
CVE-2021-35938 twistlock_cve Medium rpm-build-libs-4.14.3-23.el8
CVE-2021-35938 twistlock_cve Medium python3-rpm-4.14.3-23.el8
CVE-2021-35938 twistlock_cve Medium rpm-4.14.3-23.el8
CVE-2021-35938 twistlock_cve Medium rpm-libs-4.14.3-23.el8
CVE-2017-9050 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2017-9049 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2017-7375 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2021-35937 twistlock_cve Medium python3-rpm-4.14.3-23.el8
CVE-2021-35937 twistlock_cve Medium rpm-build-libs-4.14.3-23.el8
CVE-2021-35937 twistlock_cve Medium rpm-4.14.3-23.el8
CVE-2021-35937 twistlock_cve Medium rpm-libs-4.14.3-23.el8
CVE-2022-2206 twistlock_cve Medium vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-0235 twistlock_cve Medium dnf-plugin-subscription-manager-1.28.29-3.el8
CVE-2022-0235 twistlock_cve Medium python3-syspurpose-1.28.29-3.el8
CVE-2022-0235 twistlock_cve Medium subscription-manager-rhsm-certificates-1.28.29-3.el8
CVE-2022-0235 twistlock_cve Medium python3-subscription-manager-rhsm-1.28.29-3.el8
CVE-2022-0235 twistlock_cve Medium python3-cloud-what-1.28.29-3.el8
CVE-2022-0235 twistlock_cve Medium subscription-manager-1.28.29-3.el8
CVE-2016-3709 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2016-3709 twistlock_cve Medium libxml2-2.9.7-13.el8_6.1
CVE-2022-1304 twistlock_cve Medium libcom_err-1.45.6-4.el8
CVE-2022-2231 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2021-39537 twistlock_cve Medium ncurses-libs-6.1-9.20180224.el8
CVE-2021-39537 twistlock_cve Medium ncurses-base-6.1-9.20180224.el8
CVE-2022-2210 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2016-4658 twistlock_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2018-16428 twistlock_cve Low glib2-2.56.4-158.el8
CVE-2022-2345 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2344 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2343 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2020-21674 twistlock_cve Low libarchive-3.3.3-3.el8_5
CVE-2019-19244 twistlock_cve Low sqlite-libs-3.26.0-15.el8
CVE-2021-3927 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2021-4166 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2020-35512 twistlock_cve Low dbus-1.12.8-18.el8_6.1
CVE-2020-35512 twistlock_cve Low dbus-common-1.12.8-18.el8_6.1
CVE-2020-35512 twistlock_cve Low dbus-daemon-1.12.8-18.el8_6.1
CVE-2020-35512 twistlock_cve Low dbus-tools-1.12.8-18.el8_6.1
CVE-2020-35512 twistlock_cve Low dbus-libs-1.12.8-18.el8_6.1
CVE-2022-2522 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-0351 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2021-4209 twistlock_cve Low gnutls-3.6.16-4.el8
CVE-2021-44568 twistlock_cve Low libsolv-0.7.20-1.el8
CVE-2021-43618 twistlock_cve Low gmp-6.1.2-10.el8
CVE-2022-2129 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2819 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-27943 twistlock_cve Low libstdc++-8.5.0-10.1.el8_6
CVE-2022-27943 twistlock_cve Low libgcc-8.5.0-10.1.el8_6
CVE-2022-1720 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2021-24032 twistlock_cve Low libzstd-1.4.4-1.el8
CVE-2022-2288 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2019-16866 twistlock_cve Low unbound-libs-1.7.3-17.el8
CVE-2019-16866 twistlock_cve Low python3-unbound-1.7.3-17.el8
CVE-2018-20786 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2017-9048 twistlock_cve Low python3-libxml2-2.9.7-13.el8_6.1
CVE-2018-19211 twistlock_cve Low ncurses-libs-6.1-9.20180224.el8
CVE-2018-19211 twistlock_cve Low ncurses-base-6.1-9.20180224.el8
CVE-2022-2289 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2286 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2285 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2284 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2019-8906 twistlock_cve Low file-libs-5.33-20.el8
CVE-2019-8905 twistlock_cve Low file-libs-5.33-20.el8
CVE-2019-12900 twistlock_cve Low bzip2-libs-1.0.6-26.el8
CVE-2018-1000654 twistlock_cve Low libtasn1-4.13-3.el8
CVE-2022-1619 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2017-18258 twistlock_cve Low python3-libxml2-2.9.7-13.el8_6.1
CVE-2022-2287 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2208 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2126 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2125 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2124 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2021-46195 twistlock_cve Low libgcc-8.5.0-10.1.el8_6
CVE-2021-46195 twistlock_cve Low libstdc++-8.5.0-10.1.el8_6
CVE-2021-20193 twistlock_cve Low tar-1.30-5.el8
CVE-2019-9937 twistlock_cve Low sqlite-libs-3.26.0-15.el8
CVE-2019-9936 twistlock_cve Low sqlite-libs-3.26.0-15.el8
CVE-2019-9923 twistlock_cve Low tar-1.30-5.el8
CVE-2019-14250 twistlock_cve Low libgcc-8.5.0-10.1.el8_6
CVE-2019-14250 twistlock_cve Low libstdc++-8.5.0-10.1.el8_6
CVE-2018-20657 twistlock_cve Low libgcc-8.5.0-10.1.el8_6
CVE-2018-20657 twistlock_cve Low libstdc++-8.5.0-10.1.el8_6
CVE-2018-1000880 twistlock_cve Low libarchive-3.3.3-3.el8_5
CVE-2018-1000879 twistlock_cve Low libarchive-3.3.3-3.el8_5
CVE-2021-3974 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2016-3189 anchore_cve Medium python-3.9.5
CVE-2016-3709 anchore_cve Medium python3-libxml2-2.9.7-13.el8_6.1
CVE-2018-25032 anchore_cve High python-3.9.5
CVE-2016-3709 anchore_cve Medium libxml2-2.9.7-13.el8_6.1
CVE-2022-2845 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2946 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2923 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2182 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2021-28861 anchore_cve High python-3.9.5
CVE-2022-2819 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2849 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2020-35527 twistlock_cve Medium sqlite-libs-3.26.0-15.el8
CVE-2020-35525 twistlock_cve Low sqlite-libs-3.26.0-15.el8
CVE-2021-3826 twistlock_cve Low gdb-gdbserver-8.2-18.el8
CVE-2021-3826 twistlock_cve Low libgcc-8.5.0-10.1.el8_6
CVE-2021-3826 twistlock_cve Low libstdc++-8.5.0-10.1.el8_6
CVE-2022-39046 twistlock_cve Medium glibc-langpack-en-2.28-189.5.el8_6
CVE-2022-39046 twistlock_cve Medium glibc-minimal-langpack-2.28-189.5.el8_6
CVE-2022-39046 twistlock_cve Medium glibc-2.28-189.5.el8_6
CVE-2022-39046 twistlock_cve Medium glibc-common-2.28-189.5.el8_6
CVE-2022-3037 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-35252 twistlock_cve Low curl-7.61.1-22.el8_6.4
CVE-2022-35252 twistlock_cve Low libcurl-7.61.1-22.el8_6.4
CVE-2020-35527 anchore_cve Medium sqlite-libs-3.26.0-15.el8
CVE-2020-35525 anchore_cve Low sqlite-libs-3.26.0-15.el8
CVE-2022-35252 anchore_cve Low libcurl-7.61.1-22.el8_6.4
CVE-2022-35252 anchore_cve Low curl-7.61.1-22.el8_6.4
CVE-2022-2980 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-36069 twistlock_cve High poetry-1.1.7
CVE-2022-3153 twistlock_cve Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3153 anchore_cve Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2020-10735 twistlock_cve Medium platform-python-3.6.8-47.el8_6
CVE-2020-10735 twistlock_cve Medium python3-libs-3.6.8-47.el8_6
CVE-2018-20839 twistlock_cve Medium systemd-libs-239-58.el8_6.7
CVE-2018-20839 twistlock_cve Medium systemd-pam-239-58.el8_6.7
CVE-2018-20839 twistlock_cve Medium systemd-239-58.el8_6.7
CVE-2019-9674 twistlock_cve Low platform-python-3.6.8-47.el8_6
CVE-2019-9674 twistlock_cve Low python3-libs-3.6.8-47.el8_6
CVE-2020-12413 twistlock_cve Low nss-sysinit-3.79.0-10.el8_6
CVE-2020-12413 twistlock_cve Low nss-softokn-freebl-3.79.0-10.el8_6
CVE-2020-12413 twistlock_cve Low nss-3.79.0-10.el8_6
CVE-2020-12413 twistlock_cve Low nss-softokn-3.79.0-10.el8_6
CVE-2020-12413 twistlock_cve Low nss-util-3.79.0-10.el8_6
CVE-2018-20406 twistlock_cve Low platform-python-3.6.8-47.el8_6
CVE-2018-20406 twistlock_cve Low python3-libs-3.6.8-47.el8_6
CVE-2021-3997 twistlock_cve Low systemd-239-58.el8_6.7
CVE-2021-3997 twistlock_cve Low systemd-libs-239-58.el8_6.7
CVE-2021-3997 twistlock_cve Low systemd-pam-239-58.el8_6.7
CVE-2021-28861 anchore_cve Medium python3-libs-3.6.8-47.el8_6
CVE-2015-20107 anchore_cve Medium platform-python-3.6.8-47.el8_6
CVE-2022-0391 anchore_cve Medium platform-python-3.6.8-47.el8_6
CVE-2015-20107 anchore_cve Medium python3-libs-3.6.8-47.el8_6
CVE-2022-34903 anchore_cve Medium gnupg2-smime-2.2.20-3.el8_6
CVE-2021-28861 anchore_cve Medium platform-python-3.6.8-47.el8_6
CVE-2020-10735 anchore_cve Medium python3-libs-3.6.8-47.el8_6
CVE-2022-0391 anchore_cve Medium python3-libs-3.6.8-47.el8_6
CVE-2020-10735 anchore_cve Medium platform-python-3.6.8-47.el8_6
CVE-2022-34903 anchore_cve Medium gnupg2-2.2.20-3.el8_6
CVE-2022-3219 twistlock_cve Low gnupg2-2.2.20-3.el8_6
CVE-2022-3219 twistlock_cve Low gnupg2-smime-2.2.20-3.el8_6
CVE-2022-3219 anchore_cve Low gnupg2-2.2.20-3.el8_6
CVE-2022-3219 anchore_cve Low gnupg2-smime-2.2.20-3.el8_6
CVE-2022-36070 anchore_cve High poetry-1.1.7
GHSA-9xgj-fcgf-x6mw anchore_cve High poetry-1.1.7

VAT: https://vat.dso.mil/vat/container/17519?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/via/base-image/conda-build-env/-/jobs/9126922

Definition of Done

Justifications:

  • All findings have been justified
  • Justifications have been provided to the container hardening team

Approval Process:

  • Findings Approver has reviewed and approved all justifications
  • Approval request has been sent to Authorizing Official
  • Approval request has been processed by Authorizing Official
Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI