UNCLASSIFIED - NO CUI

Skip to content

chore(findings): virtualitics/predict/predict-frontend

Summary

virtualitics/predict/predict-frontend has 39 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-2819 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2849 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3037 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2021-3826 Twistlock CVE Low libgomp-8.5.0-10.1.el8_6
CVE-2022-2980 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3153 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3153 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3219 Twistlock CVE Low gnupg2-smime-2.2.20-3.el8_6
CVE-2022-3219 Anchore CVE Low gnupg2-smime-2.2.20-3.el8_6
CVE-2022-3235 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3234 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2923 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2210 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2183 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2849 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2980 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2207 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3037 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2946 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2845 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3296 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2206 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2284 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3352 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-2286 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2287 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2285 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-2208 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3256 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3296 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3256 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3235 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3234 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3705 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3638 Twistlock CVE Medium nginx-1.23.0-1.el8.ngx
CVE-2022-3705 Anchore CVE Low vim-minimal-2:8.0.1763-19.el8_6.4
CVE-2022-3638 Anchore CVE Medium nginx-1:1.23.0-1.el8.ngx
CVE-2022-3324 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4
CVE-2022-3297 Twistlock CVE Low vim-minimal-8.0.1763-19.el8_6.4

VAT: https://vat.dso.mil/vat/image?imageName=virtualitics/predict/predict-frontend&tag=1.14.0-alpha-4&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/virtualitics/predict/predict-frontend/-/jobs/14175605

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Approval" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications
  • Send approval request to Authorizing Official
  • Close issue after approval from Authorizing Official

Note: If the above approval process is rejected for any reason, the Approval label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Approval label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI