UNCLASSIFIED - NO CUI

chore(findings): opensource/istio/install-cni

Summary

opensource/istio/install-cni has 73 new findings discovered during continuous monitoring.

id source severity package
CVE-2022-0391 Anchore CVE Medium python3-3.9.18-1.el9_3
CVE-2023-27043 Anchore CVE Medium python3-3.9.18-1.el9_3
CVE-2021-22925 Anchore CVE Low curl-minimal-7.76.1-26.el9_3.2
CVE-2023-25180 Anchore CVE Low glib2-2.68.4-11.el9
CVE-2020-19185 Anchore CVE Medium ncurses-base-6.2-10.20210508.el9
CVE-2023-28320 Anchore CVE Low libcurl-minimal-7.76.1-26.el9_3.2
CVE-2023-0687 Anchore CVE Medium glibc-minimal-langpack-2.34-83.el9_3.7
CVE-2021-27212 Anchore CVE Medium openldap-compat-2.6.3-1.el9
CVE-2023-3446 Anchore CVE Low openssl-libs-1:3.0.7-24.el9
CVE-2020-19188 Anchore CVE Medium ncurses-libs-6.2-10.20210508.el9
CVE-2022-48565 Anchore CVE Medium python-unversioned-command-3.9.18-1.el9_3
CVE-2022-48554 Anchore CVE Low file-libs-5.39-14.el9
CVE-2023-28320 Anchore CVE Low curl-minimal-7.76.1-26.el9_3.2
CVE-2023-39615 Anchore CVE Medium libxml2-2.9.13-4.el9
CVE-2020-19189 Anchore CVE Medium ncurses-base-6.2-10.20210508.el9
CVE-2021-3572 Anchore CVE Low python3-pip-wheel-21.2.3-7.el9
CVE-2023-0687 Anchore CVE Medium glibc-2.34-83.el9_3.7
CVE-2023-4039 Anchore CVE Medium libstdc++-11.4.1-2.1.el9
CVE-2022-48565 Anchore CVE Medium python3-libs-3.9.18-1.el9_3
CVE-2020-19188 Anchore CVE Medium ncurses-base-6.2-10.20210508.el9
CVE-2022-48566 Anchore CVE Medium python-unversioned-command-3.9.18-1.el9_3
CVE-2021-35938 Anchore CVE Medium rpm-libs-4.16.1.3-25.el9
CVE-2023-5156 Anchore CVE Medium glibc-minimal-langpack-2.34-83.el9_3.7
CVE-2021-22925 Anchore CVE Low libcurl-minimal-7.76.1-26.el9_3.2
CVE-2023-29383 Anchore CVE Medium libblkid-2.37.4-15.el9
CVE-2023-5156 Anchore CVE Medium glibc-langpack-en-2.34-83.el9_3.7
CVE-2021-35937 Anchore CVE Medium rpm-4.16.1.3-25.el9
CVE-2021-3997 Anchore CVE Medium systemd-libs-252-18.el9
CVE-2021-23840 Anchore CVE Medium openssl-libs-1:3.0.7-24.el9
CVE-2023-5363 Anchore CVE Medium openssl-libs-1:3.0.7-24.el9
CVE-2021-35938 Anchore CVE Medium rpm-4.16.1.3-25.el9
CVE-2022-48566 Anchore CVE Medium python3-3.9.18-1.el9_3
CVE-2020-19190 Anchore CVE Medium ncurses-base-6.2-10.20210508.el9
CVE-2023-2953 Anchore CVE Low openldap-compat-2.6.3-1.el9
CVE-2023-2953 Anchore CVE Low openldap-2.6.3-1.el9
CVE-2023-4039 Anchore CVE Medium libgcc-11.4.1-2.1.el9
CVE-2022-48565 Anchore CVE Medium python3-3.9.18-1.el9_3
CVE-2022-0391 Anchore CVE Medium python3-libs-3.9.18-1.el9_3
CVE-2022-0391 Anchore CVE Medium python-unversioned-command-3.9.18-1.el9_3
CVE-2023-27043 Anchore CVE Medium python3-libs-3.9.18-1.el9_3
CVE-2023-5156 Anchore CVE Medium glibc-common-2.34-83.el9_3.7
CVE-2020-19190 Anchore CVE Medium ncurses-libs-6.2-10.20210508.el9
CVE-2022-48566 Anchore CVE Medium python3-libs-3.9.18-1.el9_3
CVE-2020-19186 Anchore CVE Medium ncurses-libs-6.2-10.20210508.el9
CVE-2023-45853 Anchore CVE Medium zlib-1.2.11-40.el9
CVE-2023-3817 Anchore CVE Low openssl-libs-1:3.0.7-24.el9
CVE-2023-29383 Anchore CVE Medium libmount-2.37.4-15.el9
CVE-2023-27043 Anchore CVE Medium python-unversioned-command-3.9.18-1.el9_3
CVE-2023-29383 Anchore CVE Medium libsmartcols-2.37.4-15.el9
CVE-2021-23336 Anchore CVE Medium python3-3.9.18-1.el9_3
CVE-2021-27212 Anchore CVE Medium openldap-2.6.3-1.el9
CVE-2023-29383 Anchore CVE Medium libuuid-2.37.4-15.el9
CVE-2023-5156 Anchore CVE Medium glibc-2.34-83.el9_3.7
CVE-2020-19189 Anchore CVE Medium ncurses-libs-6.2-10.20210508.el9
CVE-2023-32636 Anchore CVE Low glib2-2.68.4-11.el9
CVE-2023-0687 Anchore CVE Medium glibc-langpack-en-2.34-83.el9_3.7
CVE-2020-19187 Anchore CVE Medium ncurses-base-6.2-10.20210508.el9
CVE-2021-23336 Anchore CVE Medium python-unversioned-command-3.9.18-1.el9_3
CVE-2021-23336 Anchore CVE Medium python3-libs-3.9.18-1.el9_3
CVE-2020-19186 Anchore CVE Medium ncurses-base-6.2-10.20210508.el9
CVE-2023-24593 Anchore CVE Low glib2-2.68.4-11.el9
CVE-2021-35939 Anchore CVE Medium rpm-libs-4.16.1.3-25.el9
CVE-2020-19187 Anchore CVE Medium ncurses-libs-6.2-10.20210508.el9
CVE-2021-35939 Anchore CVE Medium rpm-4.16.1.3-25.el9
CVE-2023-0687 Anchore CVE Medium glibc-common-2.34-83.el9_3.7
CVE-2021-44568 Anchore CVE Low libsolv-0.7.24-2.el9
CVE-2023-2975 Anchore CVE Low openssl-libs-1:3.0.7-24.el9
CVE-2020-19185 Anchore CVE Medium ncurses-libs-6.2-10.20210508.el9
CVE-2021-35937 Anchore CVE Medium rpm-libs-4.16.1.3-25.el9
CVE-2023-5678 Anchore CVE Low openssl-libs-1:3.0.7-24.el9
CCE-88048-4 OSCAP Compliance Medium
CCE-89442-8 OSCAP Compliance Medium
CVE-2022-48468 OSCAP Compliance Medium

VAT: https://vat.dso.mil/vat/image?imageName=opensource/istio/install-cni&tag=1.17.8&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/istio/install-cni&tag=1.17.8&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI