chore(findings): vivsoft/enbuild/backend
Summary
vivsoft/enbuild/backend has 283 new findings discovered during continuous monitoring.
id | source | severity | package |
---|---|---|---|
CVE-2022-35737 | Anchore CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
CVE-2022-43680 | Anchore CVE | Medium | expat-2.2.5-10.el8 |
CVE-2022-42898 | Anchore CVE | High | krb5-libs-1.18.2-21.el8 |
CVE-2022-45061 | Anchore CVE | Medium | platform-python-3.6.8-48.el8_7 |
CVE-2007-4559 | Anchore CVE | Medium | python3-libs-3.6.8-48.el8_7 |
CVE-2007-4559 | Anchore CVE | Medium | platform-python-3.6.8-48.el8_7 |
CVE-2022-45061 | Anchore CVE | Medium | python3-libs-3.6.8-48.el8_7 |
CVE-2021-46848 | Anchore CVE | Medium | libtasn1-4.13-3.el8 |
GHSA-w573-4hg7-7wgq | Anchore CVE | High | decode-uri-component-0.2.0 |
CVE-2022-43548 | Anchore CVE | High | node-16.18.0 |
CVE-2022-4415 | Anchore CVE | Medium | systemd-libs-239-68.el8 |
CVE-2022-43552 | Anchore CVE | Low | libcurl-7.61.1-25.el8 |
CVE-2022-4415 | Anchore CVE | Medium | systemd-pam-239-68.el8 |
CVE-2022-43552 | Anchore CVE | Low | curl-7.61.1-25.el8 |
CVE-2022-4415 | Anchore CVE | Medium | systemd-239-68.el8 |
GHSA-9c47-m6qq-7p4h | Anchore CVE | High | json5-1.0.1 |
GHSA-9c47-m6qq-7p4h | Anchore CVE | High | json5-0.5.1 |
GHSA-9c47-m6qq-7p4h | Anchore CVE | High | json5-2.2.1 |
CVE-2022-40897 | Anchore CVE | Medium | python3-setuptools-wheel-39.2.0-6.el8 |
CVE-2022-40897 | Anchore CVE | Medium | platform-python-setuptools-39.2.0-6.el8 |
CVE-2023-22551 | Anchore CVE | High | ftp-0.3.10 |
CVE-2022-47629 | Anchore CVE | High | libksba-1.3.5-8.el8_6 |
CVE-2018-25076 | Anchore CVE | Critical | events-1.1.1 |
GHSA-rc47-6667-2j5j | Anchore CVE | High | http-cache-semantics-4.1.0 |
CVE-2022-48303 | Anchore CVE | Medium | tar-2:1.30-6.el8 |
CVE-2022-39253 | Anchore CVE | Medium | git-core-doc-2.31.1-3.el8_7 |
CVE-2022-24765 | Anchore CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2023-0215 | Anchore CVE | Medium | openssl-libs-1:1.1.1k-7.el8_6 |
CVE-2022-29187 | Anchore CVE | Medium | git-core-doc-2.31.1-3.el8_7 |
CVE-2022-24765 | Anchore CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-39260 | Anchore CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2022-4304 | Anchore CVE | Medium | openssl-libs-1:1.1.1k-7.el8_6 |
CVE-2022-29187 | Anchore CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-4450 | Anchore CVE | Medium | openssl-libs-1:1.1.1k-7.el8_6 |
CVE-2022-39260 | Anchore CVE | Medium | git-core-doc-2.31.1-3.el8_7 |
CVE-2022-24765 | Anchore CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-39253 | Anchore CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-39260 | Anchore CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-29187 | Anchore CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2022-39253 | Anchore CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2022-24765 | Anchore CVE | Medium | git-core-doc-2.31.1-3.el8_7 |
CVE-2022-29187 | Anchore CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-39253 | Anchore CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-39260 | Anchore CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2023-0286 | Anchore CVE | High | openssl-libs-1:1.1.1k-7.el8_6 |
CVE-2023-0361 | Anchore CVE | Medium | gnutls-3.6.16-5.el8_6 |
GHSA-vvpx-j8f3-3w6h | Anchore CVE | High | golang.org/x/net-v0.0.0-20220420153159-1850ba15e1be |
CVE-2023-23916 | Anchore CVE | Medium | curl-7.61.1-25.el8 |
CVE-2023-23916 | Anchore CVE | Medium | libcurl-7.61.1-25.el8 |
GHSA-vvpx-j8f3-3w6h | Anchore CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
GHSA-vvpx-j8f3-3w6h | Anchore CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
GHSA-69cg-p879-7622 | Anchore CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
GHSA-69cg-p879-7622 | Anchore CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
GHSA-69cg-p879-7622 | Anchore CVE | High | golang.org/x/net-v0.0.0-20220420153159-1850ba15e1be |
GHSA-69ch-w2m2-3vjp | Anchore CVE | High | golang.org/x/text-v0.3.7 |
GHSA-69ch-w2m2-3vjp | Anchore CVE | High | golang.org/x/text-v0.3.7 |
GHSA-69ch-w2m2-3vjp | Anchore CVE | High | golang.org/x/text-v0.3.7 |
GHSA-fxg5-wq6x-vr4w | Anchore CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
CVE-2023-23936 | Anchore CVE | Medium | node-16.18.0 |
GHSA-fxg5-wq6x-vr4w | Anchore CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
CVE-2023-24329 | Anchore CVE | High | platform-python-3.6.8-48.el8_7 |
CVE-2023-24329 | Anchore CVE | High | python3-libs-3.6.8-48.el8_7 |
GHSA-59fq-727j-hm3f | Anchore CVE | Medium | keycloak-connect-19.0.2 |
CVE-2023-23918 | Anchore CVE | High | node-16.18.0 |
CVE-2023-23920 | Anchore CVE | Medium | node-16.18.0 |
CVE-2023-23919 | Anchore CVE | High | node-16.18.0 |
CVE-2023-26604 | Anchore CVE | Medium | systemd-pam-239-68.el8 |
CVE-2023-26604 | Anchore CVE | Medium | systemd-239-68.el8 |
CVE-2023-26604 | Anchore CVE | Medium | systemd-libs-239-68.el8 |
CVE-2023-0767 | Anchore CVE | High | nss-softokn-3.79.0-10.el8_6 |
CVE-2023-0767 | Anchore CVE | High | nss-util-3.79.0-10.el8_6 |
CVE-2023-0767 | Anchore CVE | High | nss-sysinit-3.79.0-10.el8_6 |
CVE-2023-0767 | Anchore CVE | High | nss-3.79.0-10.el8_6 |
CVE-2023-0767 | Anchore CVE | High | nss-softokn-freebl-3.79.0-10.el8_6 |
CVE-2023-27535 | Anchore CVE | Medium | curl-7.61.1-25.el8 |
CVE-2023-27536 | Anchore CVE | Medium | libcurl-7.61.1-25.el8 |
CVE-2023-27536 | Anchore CVE | Medium | curl-7.61.1-25.el8 |
CVE-2023-27535 | Anchore CVE | Medium | libcurl-7.61.1-25.el8 |
CVE-2023-0464 | Anchore CVE | Low | openssl-libs-1:1.1.1k-7.el8_6 |
CVE-2023-0466 | Anchore CVE | Low | openssl-libs-1:1.1.1k-7.el8_6 |
CVE-2023-0465 | Anchore CVE | Low | openssl-libs-1:1.1.1k-7.el8_6 |
GHSA-776f-qx25-q3cc | Anchore CVE | Medium | xml2js-0.4.19 |
CVE-2020-1416 | Anchore CVE | High | typescript-5.0.4 |
CVE-2020-24736 | Anchore CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
CVE-2023-28484 | Anchore CVE | Medium | python3-libxml2-2.9.7-15.el8 |
CVE-2023-29469 | Anchore CVE | Medium | python3-libxml2-2.9.7-15.el8 |
CVE-2023-29469 | Anchore CVE | Medium | libxml2-2.9.7-15.el8 |
CVE-2023-28484 | Anchore CVE | Medium | libxml2-2.9.7-15.el8 |
CVE-2023-29383 | Anchore CVE | Medium | libblkid-2.32.1-38.el8 |
CVE-2023-29383 | Anchore CVE | Medium | libsmartcols-2.32.1-38.el8 |
CVE-2023-29383 | Anchore CVE | Medium | libuuid-2.32.1-38.el8 |
CVE-2023-29383 | Anchore CVE | Medium | util-linux-2.32.1-38.el8 |
CVE-2023-29383 | Anchore CVE | Medium | libfdisk-2.32.1-38.el8 |
CVE-2023-29383 | Anchore CVE | Medium | libmount-2.32.1-38.el8 |
CVE-2022-48338 | Anchore CVE | Medium | emacs-filesystem-1:26.1-7.el8_7.1 |
CVE-2022-45939 | Anchore CVE | Medium | emacs-filesystem-1:26.1-7.el8_7.1 |
CVE-2022-48337 | Anchore CVE | Medium | emacs-filesystem-1:26.1-7.el8_7.1 |
CVE-2022-48339 | Anchore CVE | Medium | emacs-filesystem-1:26.1-7.el8_7.1 |
CVE-2023-22490 | Anchore CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2023-23946 | Anchore CVE | Medium | git-core-doc-2.31.1-3.el8_7 |
CVE-2023-23946 | Anchore CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2023-22490 | Anchore CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2023-23946 | Anchore CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2023-23946 | Anchore CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2023-22490 | Anchore CVE | Medium | git-core-doc-2.31.1-3.el8_7 |
CVE-2023-22490 | Anchore CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2023-25652 | Anchore CVE | High | git-core-doc-2.31.1-3.el8_7 |
CVE-2023-29007 | Anchore CVE | High | git-2.31.1-3.el8_7 |
CVE-2023-25652 | Anchore CVE | High | git-core-2.31.1-3.el8_7 |
CVE-2023-25815 | Anchore CVE | Low | git-core-2.31.1-3.el8_7 |
CVE-2023-25815 | Anchore CVE | Low | git-core-doc-2.31.1-3.el8_7 |
CVE-2023-25815 | Anchore CVE | Low | git-2.31.1-3.el8_7 |
CVE-2023-29007 | Anchore CVE | High | git-core-doc-2.31.1-3.el8_7 |
CVE-2023-25815 | Anchore CVE | Low | perl-Git-2.31.1-3.el8_7 |
CVE-2023-25652 | Anchore CVE | High | perl-Git-2.31.1-3.el8_7 |
CVE-2023-29007 | Anchore CVE | High | perl-Git-2.31.1-3.el8_7 |
CVE-2023-25652 | Anchore CVE | High | git-2.31.1-3.el8_7 |
CVE-2023-29007 | Anchore CVE | High | git-core-2.31.1-3.el8_7 |
CVE-2023-29491 | Anchore CVE | Medium | ncurses-6.1-9.20180224.el8 |
CVE-2023-2491 | Anchore CVE | High | emacs-filesystem-1:26.1-7.el8_7.1 |
CCE-80783-4 | OSCAP Compliance | Medium | |
CVE-2022-42898 | OSCAP Compliance | Medium | |
CCE-85886-0 | OSCAP Compliance | Medium | |
CVE-2021-46848 | OSCAP Compliance | Medium | |
CVE-2022-35737 | OSCAP Compliance | Medium | |
CVE-2022-43680 | OSCAP Compliance | Medium | |
CVE-2022-3821 | OSCAP Compliance | Medium | |
CVE-2022-42010 | OSCAP Compliance | Medium | |
CVE-2022-42011 | OSCAP Compliance | Medium | |
CVE-2022-42012 | OSCAP Compliance | Medium | |
CVE-2022-40303 | OSCAP Compliance | Medium | |
CVE-2022-40304 | OSCAP Compliance | Medium | |
CVE-2022-47629 | OSCAP Compliance | Medium | |
CVE-2022-48303 | OSCAP Compliance | Medium | |
CVE-2022-4415 | OSCAP Compliance | Medium | |
CVE-2022-40897 | OSCAP Compliance | Medium | |
CVE-2020-10735 | OSCAP Compliance | Medium | |
CVE-2021-28861 | OSCAP Compliance | Medium | |
CVE-2022-45061 | OSCAP Compliance | Medium | |
CVE-2023-23916 | OSCAP Compliance | Medium | |
CVE-2023-0767 | OSCAP Compliance | Medium | |
CVE-2022-4304 | OSCAP Compliance | Medium | |
CVE-2022-4450 | OSCAP Compliance | Medium | |
CVE-2023-0215 | OSCAP Compliance | Medium | |
CVE-2023-0286 | OSCAP Compliance | Medium | |
CVE-2023-0361 | OSCAP Compliance | Medium | |
PRISMA-2022-0227 | Twistlock CVE | High | github.com/emicklei/go-restful/v3-v3.8.0 |
CVE-2022-41715 | Twistlock CVE | High | go-1.17.9 |
CVE-2022-2880 | Twistlock CVE | High | go-1.17.9 |
CVE-2022-2879 | Twistlock CVE | High | go-1.17.9 |
CVE-2022-41716 | Twistlock CVE | High | go-1.17.9 |
CVE-2022-42898 | Twistlock CVE | Critical | krb5-libs-1.18.2-21.el8 |
CVE-2022-45061 | Twistlock CVE | Medium | python3-libs-3.6.8-48.el8_7 |
CVE-2022-45061 | Twistlock CVE | Medium | platform-python-3.6.8-48.el8_7 |
CVE-2022-38900 | Twistlock CVE | High | decode-uri-component-0.2.0 |
CVE-2022-41717 | Twistlock CVE | Medium | go-1.17.9 |
CVE-2022-4415 | Twistlock CVE | Medium | systemd-pam-239-68.el8 |
CVE-2022-4415 | Twistlock CVE | Medium | systemd-libs-239-68.el8 |
CVE-2022-4415 | Twistlock CVE | Medium | systemd-239-68.el8 |
CVE-2022-41716 | Twistlock CVE | High | go-1.19.2 |
CVE-2022-41716 | Twistlock CVE | High | go-1.19.2 |
CVE-2022-41717 | Twistlock CVE | Medium | go-1.19.2 |
CVE-2022-41717 | Twistlock CVE | Medium | go-1.19.2 |
CVE-2022-43552 | Twistlock CVE | Low | libcurl-7.61.1-25.el8 |
CVE-2022-43552 | Twistlock CVE | Low | curl-7.61.1-25.el8 |
CVE-2022-46175 | Twistlock CVE | High | json5-2.2.1 |
CVE-2022-46175 | Twistlock CVE | High | json5-0.5.1 |
CVE-2022-46175 | Twistlock CVE | High | json5-1.0.1 |
CVE-2022-35737 | Twistlock CVE | Medium | sqlite-libs-3.26.0-16.el8_6 |
CVE-2022-40897 | Twistlock CVE | Medium | python3-setuptools-wheel-39.2.0-6.el8 |
CVE-2022-40897 | Twistlock CVE | Medium | platform-python-setuptools-39.2.0-6.el8 |
CVE-2022-47629 | Twistlock CVE | Critical | libksba-1.3.5-8.el8_6 |
CVE-2022-25881 | Twistlock CVE | High | http-cache-semantics-4.1.0 |
CVE-2022-48303 | Twistlock CVE | Medium | tar-1.30-6.el8 |
CVE-2022-39260 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2022-39260 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-39260 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-29187 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-29187 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-29187 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2022-24765 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-24765 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-24765 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2021-40330 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2021-40330 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2021-40330 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2021-21300 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2021-21300 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2021-21300 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2022-39253 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2022-39253 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-39253 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2018-1000021 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2018-1000021 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2018-1000021 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2023-0361 | Twistlock CVE | Medium | gnutls-3.6.16-5.el8_6 |
CVE-2022-38778 | Twistlock CVE | Medium | decode-uri-component-0.2.0 |
CVE-2023-23916 | Twistlock CVE | Medium | libcurl-7.61.1-25.el8 |
CVE-2023-23916 | Twistlock CVE | Medium | curl-7.61.1-25.el8 |
CVE-2022-41723 | Twistlock CVE | High | golang.org/x/net-v0.0.0-20220420153159-1850ba15e1be |
CVE-2022-41723 | Twistlock CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
CVE-2023-23946 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2023-23946 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2023-23946 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2023-22490 | Twistlock CVE | Medium | git-core-2.31.1-3.el8_7 |
CVE-2023-22490 | Twistlock CVE | Medium | perl-Git-2.31.1-3.el8_7 |
CVE-2023-22490 | Twistlock CVE | Medium | git-2.31.1-3.el8_7 |
CVE-2022-27664 | Twistlock CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
CVE-2022-27664 | Twistlock CVE | High | golang.org/x/net-v0.0.0-20220420153159-1850ba15e1be |
CVE-2018-15919 | Twistlock CVE | Low | openssh-8.0p1-17.el8_7 |
CVE-2018-15919 | Twistlock CVE | Low | openssh-clients-8.0p1-17.el8_7 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-8.0p1-17.el8_7 |
CVE-2019-6110 | Twistlock CVE | Low | openssh-clients-8.0p1-17.el8_7 |
CVE-2022-41721 | Twistlock CVE | High | golang.org/x/net-v0.0.0-20220722155237-a158d28d115b |
CVE-2023-24329 | Twistlock CVE | Critical | python3-libs-3.6.8-48.el8_7 |
CVE-2023-24329 | Twistlock CVE | Critical | platform-python-3.6.8-48.el8_7 |
CVE-2022-2237 | Twistlock CVE | Medium | keycloak-connect-19.0.2 |
CVE-2023-0767 | Twistlock CVE | Critical | nss-sysinit-3.79.0-10.el8_6 |
CVE-2023-0767 | Twistlock CVE | Critical | nss-softokn-freebl-3.79.0-10.el8_6 |
CVE-2023-0767 | Twistlock CVE | Critical | nss-softokn-3.79.0-10.el8_6 |
CVE-2023-0767 | Twistlock CVE | Critical | nss-util-3.79.0-10.el8_6 |
CVE-2023-0767 | Twistlock CVE | Critical | nss-3.79.0-10.el8_6 |
CVE-2022-41725 | Twistlock CVE | High | go-1.17.9 |
CVE-2022-41725 | Twistlock CVE | High | go-1.19.2 |
CVE-2022-41725 | Twistlock CVE | High | go-1.19.2 |
CVE-2022-41724 | Twistlock CVE | High | go-1.17.9 |
CVE-2022-41724 | Twistlock CVE | High | go-1.19.2 |
CVE-2022-41724 | Twistlock CVE | High | go-1.19.2 |
CVE-2022-41723 | Twistlock CVE | High | go-1.17.9 |
CVE-2022-41723 | Twistlock CVE | High | go-1.19.2 |
CVE-2022-41723 | Twistlock CVE | High | go-1.19.2 |
CVE-2023-26604 | Twistlock CVE | Medium | systemd-239-68.el8 |
CVE-2023-26604 | Twistlock CVE | Medium | systemd-libs-239-68.el8 |
CVE-2023-26604 | Twistlock CVE | Medium | systemd-pam-239-68.el8 |
CVE-2022-23990 | Twistlock CVE | Medium | expat-2.2.5-10.el8 |
CVE-2023-24532 | Twistlock CVE | Medium | go-1.19.2 |
CVE-2023-24532 | Twistlock CVE | Medium | go-1.19.2 |
CVE-2023-24532 | Twistlock CVE | Medium | go-1.17.9 |
CVE-2023-27535 | Twistlock CVE | Medium | libcurl-7.61.1-25.el8 |
CVE-2023-27535 | Twistlock CVE | Medium | curl-7.61.1-25.el8 |
CVE-2023-27536 | Twistlock CVE | Medium | libcurl-7.61.1-25.el8 |
CVE-2023-27536 | Twistlock CVE | Medium | curl-7.61.1-25.el8 |
CVE-2023-27534 | Twistlock CVE | Low | libcurl-7.61.1-25.el8 |
CVE-2023-27534 | Twistlock CVE | Low | curl-7.61.1-25.el8 |
CVE-2023-0286 | Twistlock CVE | Critical | openssl-libs-1.1.1k-7.el8_6 |
CVE-2023-0215 | Twistlock CVE | Medium | openssl-libs-1.1.1k-7.el8_6 |
CVE-2022-4450 | Twistlock CVE | Medium | openssl-libs-1.1.1k-7.el8_6 |
CVE-2022-4304 | Twistlock CVE | Medium | openssl-libs-1.1.1k-7.el8_6 |
CVE-2023-0464 | Twistlock CVE | Low | openssl-libs-1.1.1k-7.el8_6 |
CVE-2023-0466 | Twistlock CVE | Low | openssl-libs-1.1.1k-7.el8_6 |
CVE-2023-0465 | Twistlock CVE | Low | openssl-libs-1.1.1k-7.el8_6 |
CVE-2023-0842 | Twistlock CVE | Medium | xml2js-0.4.19 |
GHSA-74fp-r6jw-h4mp | Twistlock CVE | High | k8s.io/apimachinery/pkg/runtime/serializer/json-1.19.2 |
CVE-2023-29469 | Twistlock CVE | Medium | libxml2-2.9.7-15.el8 |
CVE-2023-29469 | Twistlock CVE | Medium | python3-libxml2-2.9.7-15.el8 |
CVE-2023-28484 | Twistlock CVE | Medium | python3-libxml2-2.9.7-15.el8 |
CVE-2023-28484 | Twistlock CVE | Medium | libxml2-2.9.7-15.el8 |
CVE-2023-23936 | Twistlock CVE | Medium | node-16.18.0 |
CVE-2023-24537 | Twistlock CVE | High | go-1.17.9 |
CVE-2023-24537 | Twistlock CVE | High | go-1.19.2 |
CVE-2023-24537 | Twistlock CVE | High | go-1.19.2 |
CVE-2023-24538 | Twistlock CVE | Critical | go-1.19.2 |
CVE-2023-24538 | Twistlock CVE | Critical | go-1.19.2 |
CVE-2023-24538 | Twistlock CVE | Critical | go-1.17.9 |
CVE-2023-24536 | Twistlock CVE | High | go-1.19.2 |
CVE-2023-24536 | Twistlock CVE | High | go-1.19.2 |
CVE-2023-24536 | Twistlock CVE | High | go-1.17.9 |
CVE-2019-11250 | Twistlock CVE | Medium | k8s.io/client-go/transport-1.19.2 |
CVE-2023-24534 | Twistlock CVE | High | go-1.17.9 |
CVE-2023-24534 | Twistlock CVE | High | go-1.19.2 |
CVE-2023-24534 | Twistlock CVE | High | go-1.19.2 |
PRISMA-2023-0056 | Twistlock CVE | Medium | github.com/sirupsen/logrus-v1.8.1 |
CVE-2023-28617 | Twistlock CVE | Critical | emacs-filesystem-26.1-7.el8_7.1 |
CVE-2022-48339 | Twistlock CVE | Medium | emacs-filesystem-26.1-7.el8_7.1 |
CVE-2022-45939 | Twistlock CVE | Medium | emacs-filesystem-26.1-7.el8_7.1 |
CVE-2022-48338 | Twistlock CVE | Medium | emacs-filesystem-26.1-7.el8_7.1 |
CVE-2022-48337 | Twistlock CVE | Medium | emacs-filesystem-26.1-7.el8_7.1 |
CVE-2023-27043 | Anchore CVE | Medium | platform-python-3.6.8-48.el8_7 |
CVE-2023-1667 | Anchore CVE | Medium | libssh-0.9.6-3.el8 |
CVE-2023-1667 | Anchore CVE | Medium | libssh-config-0.9.6-3.el8 |
CVE-2023-2283 | Anchore CVE | Medium | libssh-config-0.9.6-3.el8 |
CVE-2023-2283 | Anchore CVE | Medium | libssh-0.9.6-3.el8 |
CVE-2023-27043 | Anchore CVE | Medium | python3-libs-3.6.8-48.el8_7 |
VAT: https://vat.dso.mil/vat/image?imageName=vivsoft/enbuild/backend&tag=0.0.1&branch=master
More information can be found in the failed pipeline located here: https://repo1.dso.mil/dsop/vivsoft/enbuild/backend/-/jobs/15716485
Tasks
Contributor:
-
Provide justifications for findings in the VAT (docs) -
Apply the ~"Hardening::Approval" label to this issue and wait for feedback
Iron Bank:
-
Review findings and justifications -
Send approval request to Authorizing Official -
Close issue after approval from Authorizing Official
Note: If the above approval process is rejected for any reason, the
Approval
label will be removed and the issue will be sent back toOpen
. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add theApproval
label.
Questions?
Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding
.
Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.