UNCLASSIFIED - NO CUI

Skip to content

chore(findings): opensource/percona/mongodb-exporter

Summary

opensource/percona/mongodb-exporter has 28 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/percona/mongodb-exporter&tag=v0.39.0&branch=master

EPSS (Exploit Prediction Scoring System) provides an estimate of the likelihood that a vulnerability will be exploited in the wild.

KEV (Known Exploited Vulnerabilities) indicates whether a vulnerability is actively being exploited according to CISA.

id source severity package impact workaround epss_score kev
CVE-2023-45288 Twistlock CVE Medium golang.org/x/net/http2-v0.7.0 0.64852 false
CVE-2024-24791 Anchore CVE High stdlib-go1.21.11 0.00618 false
CVE-2024-24791 Twistlock CVE Low net/http-1.21.11 0.00618 false
CVE-2023-39325 Twistlock CVE High golang.org/x/net/http2-v0.7.0 0.00150 false
CVE-2024-45338 Anchore CVE Medium golang.org/x/net-v0.7.0 0.00129 false
CVE-2024-34158 Anchore CVE High stdlib-go1.21.11 0.00082 false
CVE-2024-34156 Anchore CVE High stdlib-go1.21.11 0.00082 false
CVE-2024-34155 Anchore CVE Medium stdlib-go1.21.11 0.00064 false
CVE-2025-47907 Anchore CVE High stdlib-go1.21.11 0.00053 false
CVE-2024-45336 Anchore CVE Medium stdlib-go1.21.11 0.00041 false
CVE-2024-45336 Twistlock CVE Low net/http-1.21.11 0.00041 false
CVE-2024-45341 Anchore CVE Medium stdlib-go1.21.11 0.00031 false
CVE-2024-45341 Twistlock CVE Low crypto/x509-1.21.11 0.00031 false
CVE-2025-47906 Anchore CVE Medium stdlib-go1.21.11 0.00017 false
CVE-2025-22871 Anchore CVE Critical stdlib-go1.21.11 0.00017 false
CVE-2025-22871 Twistlock CVE Low net/http/internal-1.21.11 0.00017 false
CVE-2025-4673 Twistlock CVE Low net/http-1.21.11 0.00014 false
CVE-2025-4673 Anchore CVE Medium stdlib-go1.21.11 0.00014 false
CVE-2025-22866 Anchore CVE Medium stdlib-go1.21.11 0.00012 false
CVE-2025-22866 Twistlock CVE Low crypto/internal/nistec-1.21.11 0.00012 false
CVE-2025-4674 Anchore CVE High stdlib-go1.21.11 0.00005 false
GHSA-vvgc-356p-c3xw Anchore CVE Medium golang.org/x/net-v0.7.0 N/A N/A
GHSA-v778-237x-gjrc Anchore CVE Critical golang.org/x/crypto-v0.0.0-20220622213112-05595931fe9d N/A N/A
GHSA-qxp5-gwg8-xv66 Anchore CVE Medium golang.org/x/net-v0.7.0 N/A N/A
GHSA-hcg3-q754-cr77 Anchore CVE High golang.org/x/crypto-v0.0.0-20220622213112-05595931fe9d N/A N/A
GHSA-8r3f-844c-mc37 Anchore CVE Medium google.golang.org/protobuf-v1.28.0 N/A N/A
GHSA-6v2p-p543-phr9 Anchore CVE High golang.org/x/oauth2-v0.0.0-20220223155221-ee480838109b N/A N/A
GHSA-4v7x-pqxf-cx7m Anchore CVE Medium golang.org/x/net-v0.7.0 N/A N/A

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=opensource/percona/mongodb-exporter&tag=v0.39.0&branch=master

Tasks

Contributor:

  • Apply the StatusReview label to this issue for a merge request review and wait for feedback

OR

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue for a VAT justifications review and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Review or Verification label will be removed and the issue will be sent back to To-Do. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Review or Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by CHORE_TOKEN
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI