chore(findings): vivsoft/enbuild/backend
Summary
vivsoft/enbuild/backend has 33 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-23772 | twistlock_cve | High | go-1.15.11 |
CVE-2022-23806 | twistlock_cve | Critical | go-1.15.11 |
CVE-2022-23773 | twistlock_cve | High | go-1.15.11 |
CVE-2021-32036 | anchore_cve | High | mongodb-3.7.3 |
CVE-2022-24921 | twistlock_cve | High | go-1.15.11 |
CVE-2022-0778 | oscap_comp | Medium | |
CVE-2022-23806 | twistlock_cve | Critical | go-1.16.10 |
CVE-2022-24921 | twistlock_cve | High | go-1.16.10 |
CVE-2022-23773 | twistlock_cve | High | go-1.16.10 |
CVE-2022-23772 | twistlock_cve | High | go-1.16.10 |
CVE-2021-44906 | twistlock_cve | Critical | minimist-1.2.5 |
CVE-2022-28327 | twistlock_cve | High | go-1.15.11 |
CVE-2022-28327 | twistlock_cve | High | go-1.16.10 |
CVE-2022-24675 | twistlock_cve | High | go-1.16.10 |
CVE-2022-24675 | twistlock_cve | High | go-1.15.11 |
CVE-2022-24785 | twistlock_cve | High | moment-2.29.1 |
CVE-2022-1292 | twistlock_cve | Medium | openssl-libs-1.1.1k-5.el8_5 |
CVE-2022-1292 | twistlock_cve | Medium | openssl-1.1.1k-5.el8_5 |
CVE-2021-27400 | anchore_cve | High | github.com/hashicorp/vault/sdk-v0.1.13 |
CVE-2021-27400 | anchore_cve | High | github.com/hashicorp/vault/api-v1.0.4 |
CVE-2021-32923 | anchore_cve | High | github.com/hashicorp/vault/api-v1.0.4 |
GHSA-74fj-2j2h-c42q | anchore_cve | High | follow-redirects-1.14.6 |
CVE-2020-13223 | anchore_cve | High | github.com/hashicorp/vault/sdk-v0.1.13 |
CVE-2018-19786 | anchore_cve | High | github.com/hashicorp/vault/sdk-v0.1.13 |
CVE-2020-16250 | anchore_cve | Critical | github.com/hashicorp/vault/api-v1.0.4 |
GHSA-8hfj-j24r-96c4 | anchore_cve | High | moment-2.29.1 |
GHSA-xvch-5gv4-984h | anchore_cve | Critical | minimist-1.2.5 |
CVE-2020-13223 | anchore_cve | High | github.com/hashicorp/vault/api-v1.0.4 |
CVE-2020-10661 | anchore_cve | Critical | github.com/hashicorp/vault/api-v1.0.4 |
CVE-2020-7220 | anchore_cve | High | github.com/hashicorp/vault/api-v1.0.4 |
CVE-2020-16251 | anchore_cve | Critical | github.com/hashicorp/vault/api-v1.0.4 |
CVE-2022-1154 | oscap_comp | Medium | |
CVE-2022-1271 | oscap_comp | Medium |
VAT: https://vat.dso.mil/vat/container/17325?branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/vivsoft/enbuild/backend/-/jobs/10606623
Definition of Done
Justifications:
-
All findings have been justified -
Justifications have been provided to the container hardening team
Approval Process:
-
Findings Approver has reviewed and approved all justifications -
Approval request has been sent to Authorizing Official -
Approval request has been processed by Authorizing Official
Edited by Al Fontaine