UNCLASSIFIED - NO CUI

chore(findings): tetrate/istio/install-cni

Summary

tetrate/istio/install-cni has 77 new findings discovered during continuous monitoring.

id source severity package
CVE-2019-3826 Anchore CVE Medium github.com/prometheus/prometheus-v0.36.2
GHSA-vvpx-j8f3-3w6h Anchore CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
GHSA-vvpx-j8f3-3w6h Anchore CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
GHSA-69cg-p879-7622 Anchore CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
GHSA-69cg-p879-7622 Anchore CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
GHSA-69ch-w2m2-3vjp Anchore CVE High golang.org/x/text-v0.3.7
GHSA-69ch-w2m2-3vjp Anchore CVE High golang.org/x/text-v0.3.7
GHSA-fxg5-wq6x-vr4w Anchore CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
GHSA-fxg5-wq6x-vr4w Anchore CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
GHSA-232p-vwff-86mp Anchore CVE High github.com/docker/docker-v20.10.17+incompatible
GHSA-33pg-m6jh-5237 Anchore CVE Medium github.com/docker/docker-v20.10.17+incompatible
GHSA-6wrf-mxfj-pf5p Anchore CVE Medium github.com/docker/docker-v20.10.17+incompatible
GHSA-hqxw-f8mx-cpmw Anchore CVE High github.com/docker/distribution-v2.8.1+incompatible
GHSA-rm8v-mxj3-5rmq Anchore CVE Medium github.com/lestrrat-go/jwx-v1.2.25
GHSA-82hx-w2r5-c2wq Anchore CVE Medium k8s.io/apiserver-v0.24.2
PRISMA-2022-0227 Twistlock CVE High github.com/emicklei/go-restful/v3-v3.8.0
PRISMA-2022-0270 Twistlock CVE Medium github.com/golang-jwt/jwt/v4-v4.2.0
CVE-2022-41723 Twistlock CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
CVE-2022-27664 Twistlock CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
CVE-2022-41721 Twistlock CVE High golang.org/x/net-v0.0.0-20220624214902-1bab6f366d9e
CVE-2023-28840 Twistlock CVE High github.com/docker/docker-v20.10.17
CVE-2023-28842 Twistlock CVE Medium github.com/docker/docker-v20.10.17
CVE-2023-28841 Twistlock CVE Medium github.com/docker/docker-v20.10.17
CVE-2022-41725 Twistlock CVE High go-1.19.1
CVE-2022-41725 Twistlock CVE High go-1.19.1
CVE-2022-41724 Twistlock CVE High go-1.19.1
CVE-2022-41724 Twistlock CVE High go-1.19.1
CVE-2022-41723 Twistlock CVE High go-1.19.1
CVE-2022-41723 Twistlock CVE High go-1.19.1
CVE-2022-41716 Twistlock CVE High go-1.19.1
CVE-2022-41716 Twistlock CVE High go-1.19.1
CVE-2022-41715 Twistlock CVE High go-1.19.1
CVE-2022-41715 Twistlock CVE High go-1.19.1
CVE-2022-2880 Twistlock CVE High go-1.19.1
CVE-2022-2880 Twistlock CVE High go-1.19.1
CVE-2022-2879 Twistlock CVE High go-1.19.1
CVE-2022-2879 Twistlock CVE High go-1.19.1
CVE-2023-24532 Twistlock CVE Medium go-1.19.1
CVE-2023-24532 Twistlock CVE Medium go-1.19.1
CVE-2022-41717 Twistlock CVE Medium go-1.19.1
CVE-2022-41717 Twistlock CVE Medium go-1.19.1
CVE-2023-24537 Twistlock CVE High go-1.19.1
CVE-2023-24537 Twistlock CVE High go-1.19.1
CVE-2023-24538 Twistlock CVE Critical go-1.19.1
CVE-2023-24538 Twistlock CVE Critical go-1.19.1
CVE-2023-24536 Twistlock CVE High go-1.19.1
CVE-2023-24536 Twistlock CVE High go-1.19.1
CVE-2023-24534 Twistlock CVE High go-1.19.1
CVE-2023-24534 Twistlock CVE High go-1.19.1
PRISMA-2023-0056 Twistlock CVE Medium github.com/sirupsen/logrus-v1.8.1
CVE-2023-2253 Twistlock CVE High github.com/docker/distribution-v2.8.1
CVE-2023-24540 Twistlock CVE Critical go-1.19.1
CVE-2023-24540 Twistlock CVE Critical go-1.19.1
CVE-2023-29400 Twistlock CVE High go-1.19.1
CVE-2023-29400 Twistlock CVE High go-1.19.1
CVE-2023-24539 Twistlock CVE High go-1.19.1
CVE-2023-24539 Twistlock CVE High go-1.19.1
GHSA-rm8v-mxj3-5rmq Twistlock CVE Medium github.com/lestrrat-go/jwx-v1.2.25
CVE-2023-29405 Twistlock CVE Critical go-1.19.1
CVE-2023-29405 Twistlock CVE Critical go-1.19.1
CVE-2023-29404 Twistlock CVE Critical go-1.19.1
CVE-2023-29404 Twistlock CVE Critical go-1.19.1
CVE-2023-29402 Twistlock CVE Critical go-1.19.1
CVE-2023-29402 Twistlock CVE Critical go-1.19.1
CVE-2023-29403 Twistlock CVE High go-1.19.1
CVE-2023-29403 Twistlock CVE High go-1.19.1
CVE-2023-29406 Twistlock CVE Medium go-1.19.1
CVE-2023-29406 Twistlock CVE Medium go-1.19.1
CVE-2023-29409 Twistlock CVE Medium go-1.19.1
CVE-2023-29409 Twistlock CVE Medium go-1.19.1
CVE-2023-39533 Twistlock CVE High go-1.19.1
CVE-2023-39533 Twistlock CVE High go-1.19.1
CVE-2023-39319 Twistlock CVE Medium go-1.19.1
CVE-2023-39319 Twistlock CVE Medium go-1.19.1
CVE-2023-39318 Twistlock CVE Medium go-1.19.1
CVE-2023-39318 Twistlock CVE Medium go-1.19.1
CVE-2020-8552 Twistlock CVE Medium k8s.io/apiserver-v0.24.2

VAT: https://vat.dso.mil/vat/image?imageName=tetrate/istio/install-cni&tag=1.15.1-tetratefips-v1&branch=master
More information can be found in the VAT located here: https://vat.dso.mil/vat/image?imageName=tetrate/istio/install-cni&tag=1.15.1-tetratefips-v1&branch=master

Tasks

Contributor:

  • Provide justifications for findings in the VAT (docs)
  • Apply the ~"Hardening::Verification" label to this issue and wait for feedback

Iron Bank:

  • Review findings and justifications

Note: If the above process is rejected for any reason, the Verification label will be removed and the issue will be sent back to Open. Any comments will be listed in this issue for you to address. Once they have been addressed, you must re-add the Verification label.

Questions?

Contact the Iron Bank team by commenting on this issue with your questions or concerns. If you do not receive a response, add /cc @ironbank-notifications/onboarding.

Additionally, Iron Bank hosts an AMA working session every Wednesday from 1630-1730EST to answer questions.

Edited by Ghost User
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information

UNCLASSIFIED - NO CUI