UNCLASSIFIED - NO CUI

Skip to content

chore(findings): synopsys/blackduck/blackduck-postgres

Summary

synopsys/blackduck/blackduck-postgres has 198 new findings discovered during continuous monitoring.

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/blackduck/blackduck-postgres&tag=14-1.22_ubi9.3&branch=master

id source severity package impact workaround
e07d84b039b0e6fcea42fbda1d378647 Anchore Compliance Critical
addbb93c22e9b0988b8b40392a4538cb Anchore Compliance Low
b18c88ddeab24abfb92ae2ccddb0b022 Anchore Compliance Critical
CVE-2024-25260 Anchore CVE Low elfutils-default-yama-scope-0.190-2.el9
CVE-2022-3219 Anchore CVE Low gnupg2-2.3.3-4.el9
CVE-2023-45322 Anchore CVE Low libxml2-2.9.13-6.el9_4
CVE-2023-2222 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2021-3572 Anchore CVE Low python3-pip-wheel-21.2.3-8.el9
CVE-2022-47010 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2023-4156 Anchore CVE Low gawk-5.1.0-6.el9
CVE-2023-30571 Anchore CVE Medium libarchive-3.5.3-4.el9
CVE-2021-45940 Anchore CVE Low libbpf-2:1.3.0-2.el9
CVE-2022-47007 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2024-25260 Anchore CVE Low elfutils-libelf-0.190-2.el9
CVE-2022-27943 Anchore CVE Low libgcc-11.4.1-3.el9
GHSA-8r3f-844c-mc37 Anchore CVE Medium google.golang.org/protobuf-v1.31.0
CVE-2024-0232 Anchore CVE Low sqlite-libs-3.34.1-7.el9_3
GHSA-hj3v-m684-v259 Anchore CVE Medium github.com/lestrrat-go/jwx/v2-v2.0.19
CVE-2022-41409 Anchore CVE Low pcre2-10.40-5.el9
CVE-2022-27943 Anchore CVE Low libgomp-11.4.1-3.el9
CVE-2023-2953 Anchore CVE Low openldap-2.6.6-3.el9
CVE-2022-4899 Anchore CVE Low libzstd-1.5.1-2.el9
CVE-2021-45941 Anchore CVE Medium libbpf-2:1.3.0-2.el9
CVE-2023-50495 Anchore CVE Low ncurses-base-6.2-10.20210508.el9
CVE-2024-25260 Anchore CVE Low elfutils-libs-0.190-2.el9
CVE-2022-33070 Anchore CVE Low protobuf-c-1.3.3-13.el9
CVE-2022-29458 Anchore CVE Low ncurses-base-6.2-10.20210508.el9
CVE-2023-36191 Anchore CVE Low sqlite-libs-3.34.1-7.el9_3
CVE-2022-41409 Anchore CVE Low pcre2-syntax-10.40-5.el9
GHSA-xw73-rw38-6vjc Anchore CVE Medium github.com/docker/docker-v24.0.7+incompatible
CVE-2022-27943 Anchore CVE Low libstdc++-11.4.1-3.el9
CVE-2022-3606 Anchore CVE Low libbpf-2:1.3.0-2.el9
CVE-2022-29458 Anchore CVE Low ncurses-libs-6.2-10.20210508.el9
GHSA-4v7x-pqxf-cx7m Anchore CVE Medium golang.org/x/net-v0.17.0
CVE-2023-50495 Anchore CVE Low ncurses-libs-6.2-10.20210508.el9
CVE-2022-47011 Anchore CVE Low gdb-gdbserver-10.2-13.el9
CVE-2024-33655 Anchore CVE Low unbound-libs-1.16.2-3.el9_3.5
CVE-2024-24784 Anchore CVE High stdlib-go1.20.12
CVE-2024-4317 Anchore CVE Low postgresql-14.11
CVE-2024-24791 Anchore CVE High stdlib-go1.20.12
CVE-2023-45290 Anchore CVE Low stdlib-go1.20.12
CVE-2024-43168 Anchore CVE Low unbound-libs-1.16.2-3.el9_3.5
CVE-2023-45918 Anchore CVE Low ncurses-base-6.2-10.20210508.el9
CVE-2023-45288 Anchore CVE High stdlib-go1.20.12
CVE-2024-43167 Anchore CVE Low unbound-libs-1.16.2-3.el9_3.5
CVE-2024-24783 Anchore CVE Low stdlib-go1.20.12
CVE-2024-24789 Anchore CVE Medium stdlib-go1.20.12
CVE-2024-24785 Anchore CVE Low stdlib-go1.20.12
CVE-2024-29040 Anchore CVE Medium tpm2-tss-3.2.2-2.el9
GHSA-v6v8-xj6m-xwqh Anchore CVE Medium github.com/hashicorp/go-retryablehttp-v0.6.6
CVE-2024-24787 Anchore CVE Medium stdlib-go1.20.12
CVE-2023-45289 Anchore CVE Low stdlib-go1.20.12
CVE-2024-24790 Anchore CVE Critical stdlib-go1.20.12
CVE-2023-24531 Anchore CVE Critical stdlib-go1.20.12
CVE-2024-34459 Anchore CVE Low libxml2-2.9.13-6.el9_4
CVE-2024-7348 Anchore CVE High postgresql-14.11
CVE-2024-35325 Anchore CVE Medium libyaml-0.2.5-7.el9
CVE-2023-45918 Anchore CVE Low ncurses-libs-6.2-10.20210508.el9
GHSA-v23v-6jw2-98fq Anchore CVE Critical github.com/docker/docker-v24.0.7+incompatible
CVE-2023-37920 Anchore CVE Low ca-certificates-2024.2.69_v8.0.303-91.4.el9_4
CVE-2021-23336 Anchore CVE Medium python3-libs-3.9.18-3.el9_4.5
CVE-2024-7264 Anchore CVE Low libcurl-minimal-7.76.1-29.el9_4.1
CVE-2024-8088 Anchore CVE Medium python3-libs-3.9.18-3.el9_4.5
CVE-2021-3997 Anchore CVE Medium systemd-252-32.el9_4.7
CVE-2023-36632 Anchore CVE Medium python3-3.9.18-3.el9_4.5
CVE-2024-6232 Anchore CVE Medium python3-libs-3.9.18-3.el9_4.5
CVE-2024-26461 Anchore CVE Low krb5-libs-1.21.1-2.el9_4
CVE-2024-7264 Anchore CVE Low curl-minimal-7.76.1-29.el9_4.1
CVE-2023-36632 Anchore CVE Medium python3-libs-3.9.18-3.el9_4.5
CVE-2021-3997 Anchore CVE Medium systemd-rpm-macros-252-32.el9_4.7
CVE-2021-3997 Anchore CVE Medium systemd-pam-252-32.el9_4.7
CVE-2024-8088 Anchore CVE Medium python3-3.9.18-3.el9_4.5
CVE-2021-23336 Anchore CVE Medium python3-3.9.18-3.el9_4.5
CVE-2021-3997 Anchore CVE Medium systemd-libs-252-32.el9_4.7
CVE-2024-26458 Anchore CVE Low krb5-libs-1.21.1-2.el9_4
CVE-2024-26462 Anchore CVE Medium krb5-libs-1.21.1-2.el9_4
CVE-2024-6232 Anchore CVE Medium python3-3.9.18-3.el9_4.5
CVE-2024-7592 Anchore CVE Low python3-3.9.18-3.el9_4.5
CVE-2024-34158 Anchore CVE High stdlib-go1.20.12
CVE-2024-34155 Anchore CVE Low stdlib-go1.20.12
CVE-2024-34156 Anchore CVE High stdlib-go1.20.12
CVE-2024-7592 Anchore CVE Low python3-libs-3.9.18-3.el9_4.5
CVE-2023-7256 Anchore CVE Medium libpcap-14:1.10.0-4.el9
CVE-2005-2541 Anchore CVE Medium tar-2:1.34-6.el9_4.1
CVE-2023-39804 Anchore CVE Low tar-2:1.34-6.el9_4.1
CVE-2024-7531 Anchore CVE Low nss-3.101.0-7.el9_2
CVE-2020-12413 Anchore CVE Low nspr-4.35.0-14.el9_2
CVE-2020-12413 Anchore CVE Low nss-3.101.0-7.el9_2
CVE-2020-12413 Anchore CVE Low nss-softokn-3.101.0-7.el9_2
CVE-2024-7531 Anchore CVE Low nss-softokn-3.101.0-7.el9_2
CVE-2024-6602 Anchore CVE Medium nss-softokn-3.101.0-7.el9_2
CVE-2024-6602 Anchore CVE Medium nss-3.101.0-7.el9_2
CVE-2020-12413 Anchore CVE Low nss-softokn-freebl-3.101.0-7.el9_2
CVE-2024-6602 Anchore CVE Medium nspr-4.35.0-14.el9_2
CVE-2024-7531 Anchore CVE Low nss-sysinit-3.101.0-7.el9_2
CVE-2024-6602 Anchore CVE Medium nss-sysinit-3.101.0-7.el9_2
CVE-2024-7531 Anchore CVE Low nss-softokn-freebl-3.101.0-7.el9_2
CVE-2024-7531 Anchore CVE Low nss-util-3.101.0-7.el9_2
CVE-2020-12413 Anchore CVE Low nss-util-3.101.0-7.el9_2
CVE-2023-32636 Anchore CVE Low glib2-2.68.4-14.el9_4.1
CVE-2024-6602 Anchore CVE Medium nss-util-3.101.0-7.el9_2
CVE-2024-7531 Anchore CVE Low nspr-4.35.0-14.el9_2
CVE-2024-6602 Anchore CVE Medium nss-softokn-freebl-3.101.0-7.el9_2
CVE-2020-12413 Anchore CVE Low nss-sysinit-3.101.0-7.el9_2
CVE-2024-4603 Anchore CVE Low openssl-1:3.0.7-28.el9_4
CVE-2024-5535 Anchore CVE Low openssl-libs-1:3.0.7-28.el9_4
CVE-2024-2511 Anchore CVE Low openssl-1:3.0.7-28.el9_4
CVE-2024-5535 Anchore CVE Low openssl-1:3.0.7-28.el9_4
CVE-2024-2511 Anchore CVE Low openssl-libs-1:3.0.7-28.el9_4
CVE-2024-4741 Anchore CVE Low openssl-libs-1:3.0.7-28.el9_4
CVE-2024-4603 Anchore CVE Low openssl-libs-1:3.0.7-28.el9_4
CVE-2024-4741 Anchore CVE Low openssl-1:3.0.7-28.el9_4
CCE-83438-2 OSCAP Compliance Medium
CCE-83448-1 OSCAP Compliance Medium
CCE-83615-5 OSCAP Compliance Medium
CCE-83621-3 OSCAP Compliance Medium
CCE-83629-6 OSCAP Compliance Medium
CCE-87087-3 OSCAP Compliance Medium
CCE-83634-6 OSCAP Compliance Medium
CCE-83644-5 OSCAP Compliance Medium
CCE-83911-8 OSCAP Compliance Medium
CVE-2024-35195 Twistlock CVE Medium python3-requests-2.25.1-8.el9
CVE-2021-45941 Twistlock CVE Medium libbpf-1.3.0-2.el9
CVE-2021-45940 Twistlock CVE Medium libbpf-1.3.0-2.el9
CVE-2024-29040 Twistlock CVE Medium tpm2-tss-3.2.2-2.el9
CVE-2023-2953 Twistlock CVE Low openldap-2.6.6-3.el9
CVE-2024-34459 Twistlock CVE Low libxml2-2.9.13-6.el9_4
CVE-2022-47011 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-47010 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-47007 Twistlock CVE Low gdb-gdbserver-10.2-13.el9
CVE-2022-27943 Twistlock CVE Low libstdc++-11.4.1-3.el9
CVE-2022-27943 Twistlock CVE Low libgomp-11.4.1-3.el9
CVE-2022-27943 Twistlock CVE Low libgcc-11.4.1-3.el9
CVE-2022-41409 Twistlock CVE Low pcre2-syntax-10.40-5.el9
CVE-2022-41409 Twistlock CVE Low pcre2-10.40-5.el9
CVE-2021-3572 Twistlock CVE Low python3-pip-wheel-21.2.3-8.el9
CVE-2022-3606 Twistlock CVE Low libbpf-1.3.0-2.el9
CVE-2024-25260 Twistlock CVE Low elfutils-libelf-0.190-2.el9
CVE-2024-25260 Twistlock CVE Low elfutils-default-yama-scope-0.190-2.el9
CVE-2024-25260 Twistlock CVE Low elfutils-libs-0.190-2.el9
CVE-2024-33655 Twistlock CVE Low unbound-libs-1.16.2-3.el9_3.5
CVE-2024-6104 Twistlock CVE Medium github.com/hashicorp/go-retryablehttp-v0.6.6
CVE-2023-45918 Twistlock CVE Low ncurses-libs-6.2-10.20210508.el9
CVE-2023-45918 Twistlock CVE Low ncurses-base-6.2-10.20210508.el9
CVE-2024-43168 Twistlock CVE Low unbound-libs-1.16.2-3.el9_3.5
CVE-2024-43167 Twistlock CVE Low unbound-libs-1.16.2-3.el9_3.5
CVE-2024-7264 Twistlock CVE Low curl-minimal-7.76.1-29.el9_4.1
CVE-2024-7264 Twistlock CVE Low libcurl-minimal-7.76.1-29.el9_4.1
CVE-2017-9226 Twistlock CVE Medium oniguruma-6.9.6-1.el9.5
CVE-2023-37920 Twistlock CVE Low ca-certificates-2024.2.69_v8.0.303-91.4.el9_4
CVE-2020-1712 Twistlock CVE High systemd-252-32.el9_4.7
CVE-2024-6232 Twistlock CVE Medium python3-libs-3.9.18-3.el9_4.5
CVE-2024-6232 Twistlock CVE Medium python3-3.9.18-3.el9_4.5
CVE-2024-26462 Twistlock CVE Medium krb5-libs-1.21.1-2.el9_4
CVE-2021-23336 Twistlock CVE Medium python3-3.9.18-3.el9_4.5
CVE-2021-23336 Twistlock CVE Medium python3-libs-3.9.18-3.el9_4.5
CVE-2021-3997 Twistlock CVE Medium systemd-rpm-macros-252-32.el9_4.7
CVE-2021-3997 Twistlock CVE Medium systemd-libs-252-32.el9_4.7
CVE-2021-3997 Twistlock CVE Medium systemd-pam-252-32.el9_4.7
CVE-2021-3997 Twistlock CVE Medium systemd-252-32.el9_4.7
CVE-2024-8088 Twistlock CVE Medium python3-3.9.18-3.el9_4.5
CVE-2024-8088 Twistlock CVE Medium python3-libs-3.9.18-3.el9_4.5
CVE-2024-26461 Twistlock CVE Low krb5-libs-1.21.1-2.el9_4
CVE-2024-26458 Twistlock CVE Low krb5-libs-1.21.1-2.el9_4
CVE-2024-0397 Twistlock CVE Low python3-libs-3.9.18-3.el9_4.5
CVE-2024-0397 Twistlock CVE Low python3-3.9.18-3.el9_4.5
CVE-2019-20386 Twistlock CVE Low systemd-252-32.el9_4.7
CVE-2023-7256 Twistlock CVE Medium libpcap-1.10.0-4.el9
CVE-2024-7592 Twistlock CVE Low python3-3.9.18-3.el9_4.5
CVE-2024-7592 Twistlock CVE Low python3-libs-3.9.18-3.el9_4.5
CVE-2023-39804 Twistlock CVE Low tar-1.34-6.el9_4.1
CVE-2024-6602 Twistlock CVE Medium nss-util-3.101.0-7.el9_2
CVE-2024-6602 Twistlock CVE Medium nss-sysinit-3.101.0-7.el9_2
CVE-2024-6602 Twistlock CVE Medium nss-3.101.0-7.el9_2
CVE-2024-6602 Twistlock CVE Medium nspr-4.35.0-14.el9_2
CVE-2024-6602 Twistlock CVE Medium nss-softokn-3.101.0-7.el9_2
CVE-2024-6602 Twistlock CVE Medium nss-softokn-freebl-3.101.0-7.el9_2
CVE-2023-32636 Twistlock CVE Low glib2-2.68.4-14.el9_4.1
CVE-2020-12413 Twistlock CVE Low nss-3.101.0-7.el9_2
CVE-2020-12413 Twistlock CVE Low nss-util-3.101.0-7.el9_2
CVE-2020-12413 Twistlock CVE Low nss-softokn-freebl-3.101.0-7.el9_2
CVE-2020-12413 Twistlock CVE Low nss-softokn-3.101.0-7.el9_2
CVE-2020-12413 Twistlock CVE Low nspr-4.35.0-14.el9_2
CVE-2020-12413 Twistlock CVE Low nss-sysinit-3.101.0-7.el9_2
CVE-2024-7531 Twistlock CVE Low nspr-4.35.0-14.el9_2
CVE-2024-7531 Twistlock CVE Low nss-3.101.0-7.el9_2
CVE-2024-7531 Twistlock CVE Low nss-softokn-3.101.0-7.el9_2
CVE-2024-7531 Twistlock CVE Low nss-sysinit-3.101.0-7.el9_2
CVE-2024-7531 Twistlock CVE Low nss-softokn-freebl-3.101.0-7.el9_2
CVE-2024-7531 Twistlock CVE Low nss-util-3.101.0-7.el9_2
CVE-2024-5535 Twistlock CVE Low openssl-3.0.7-28.el9_4
CVE-2024-5535 Twistlock CVE Low openssl-libs-3.0.7-28.el9_4
CVE-2024-4741 Twistlock CVE Low openssl-libs-3.0.7-28.el9_4
CVE-2024-4741 Twistlock CVE Low openssl-3.0.7-28.el9_4
CVE-2024-4603 Twistlock CVE Low openssl-libs-3.0.7-28.el9_4
CVE-2024-4603 Twistlock CVE Low openssl-3.0.7-28.el9_4
CVE-2024-2511 Twistlock CVE Low openssl-3.0.7-28.el9_4
CVE-2024-2511 Twistlock CVE Low openssl-libs-3.0.7-28.el9_4

More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=synopsys/blackduck/blackduck-postgres&tag=14-1.22_ubi9.3&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the StatusVerification label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI