diff --git a/src/report.ts b/src/report.ts index fe911aa..9fd25ae 100644 --- a/src/report.ts +++ b/src/report.ts @@ -76,11 +76,12 @@ export interface Vuln { } export enum Priority { - Critical, - High, - Medium, - Low, - Negligible, + critical, + high, + medium, + low, + negligible, + any } export type SeverityValue = keyof typeof Priority; diff --git a/tests/fixtures/report-test-layered.json b/tests/fixtures/report-test-layered.json new file mode 100644 index 0000000..1baddfe --- /dev/null +++ b/tests/fixtures/report-test-layered.json @@ -0,0 +1,7580 @@ +{ + "info": { + "scanTime": "2024-07-26T12:47:56.678762241+02:00", + "scanDuration": "16.092177339s", + "resultUrl": "https://secure.sysdig.com/#/vulnerabilities/results/17e5bd93fd249af9b9550041d5429bb0/overview", + "resultId": "17e5bd93fd249af9b9550041d5429bb0" + }, + "scanner": { + "name": "sysdig-cli-scanner", + "version": "1.13.0" + }, + "result": { + "type": "dockerImage", + "metadata": { + "pullString": "jenkins/jenkins:2.401.1-alpine", + "imageId": "sha256:2208f3cc77d0c6bc66fd8ff18e25628df8e9d759e7aa82fe9c7c84f254ff0237", + "digest": "sha256:345ba1354949b1c66802fef1d048e89399d6f0116d4eea31d81c789b69b30b29", + "baseOs": "alpine 3.18.0", + "size": 259845632, + "os": "linux", + "architecture": "amd64", + "labels": { + "org.opencontainers.image.description": "The Jenkins Continuous Integration and Delivery server", + "org.opencontainers.image.licenses": "MIT", + "org.opencontainers.image.revision": "10cec2d12424b2b05b9c07a622765b929d9768c8", + "org.opencontainers.image.source": "https://github.com/jenkinsci/docker", + "org.opencontainers.image.title": "Official Jenkins Docker image", + "org.opencontainers.image.url": "https://www.jenkins.io/", + "org.opencontainers.image.vendor": "Jenkins project", + "org.opencontainers.image.version": "2.401.1" + }, + "layersCount": 12, + "createdAt": "2023-08-21T17:20:15.301947053Z" + }, + "vulnTotalBySeverity": { + "critical": 13, + "high": 37, + "low": 3, + "medium": 80, + "negligible": 0 + }, + "fixableVulnTotalBySeverity": { + "critical": 13, + "high": 37, + "low": 3, + "medium": 80, + "negligible": 0 + }, + "exploitsCount": 13, + "packages": [ + { + "type": "os", + "name": "alpine-baselayout", + "version": "3.4.3-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "alpine-baselayout-data", + "version": "3.4.3-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "alpine-keys", + "version": "2.4-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "apk-tools", + "version": "2.14.0-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "busybox", + "version": "1.36.0-r9", + "path": "/lib/apk/db/installed", + "suggestedFix": "1.36.1-r1", + "vulns": [ + { + "name": "CVE-2022-48174", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2022-12-28", + "exploitable": false, + "fixedInVersion": "1.36.1-r1", + "publishDateByVendor": { + "nvd": "2023-08-22", + "vulndb": "2022-12-28" + } + }, + { + "name": "CVE-2023-42366", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r6", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42363", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42364", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42365", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + } + ], + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "busybox-binsh", + "version": "1.36.0-r9", + "path": "/lib/apk/db/installed", + "suggestedFix": "1.36.1-r1", + "vulns": [ + { + "name": "CVE-2023-42363", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42364", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42365", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2022-48174", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2022-12-28", + "exploitable": false, + "fixedInVersion": "1.36.1-r1", + "publishDateByVendor": { + "nvd": "2023-08-22", + "vulndb": "2022-12-28" + } + }, + { + "name": "CVE-2023-42366", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r6", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + } + ], + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "ca-certificates-bundle", + "version": "20230506-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "libc-utils", + "version": "0.7.2-r5", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "libcrypto3", + "version": "3.1.0-r4", + "path": "/lib/apk/db/installed", + "suggestedFix": "3.1.6-r0", + "vulns": [ + { + "name": "CVE-2023-3446", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-13", + "solutionDate": "2023-08-01", + "exploitable": false, + "fixedInVersion": "3.1.1-r3", + "publishDateByVendor": { + "nvd": "2023-07-19", + "vulndb": "2023-07-13" + } + }, + { + "name": "CVE-2023-2975", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-07", + "solutionDate": "2023-08-01", + "exploitable": false, + "fixedInVersion": "3.1.1-r2", + "publishDateByVendor": { + "nvd": "2023-07-14", + "vulndb": "2023-07-07" + } + }, + { + "name": "CVE-2024-0727", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-22", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r5", + "publishDateByVendor": { + "nvd": "2024-01-26", + "vulndb": "2024-01-22" + } + }, + { + "name": "CVE-2024-4603", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-05-16", + "solutionDate": "2024-06-04", + "exploitable": false, + "fixedInVersion": "3.1.5-r0", + "publishDateByVendor": { + "nvd": "2024-05-16", + "vulndb": "2024-05-16" + } + }, + { + "name": "CVE-2023-3817", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-25", + "solutionDate": "2023-08-01", + "exploitable": false, + "fixedInVersion": "3.1.2-r0", + "publishDateByVendor": { + "nvd": "2023-07-31", + "vulndb": "2023-07-25" + } + }, + { + "name": "CVE-2023-5678", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-26", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r1", + "publishDateByVendor": { + "nvd": "2023-11-06", + "vulndb": "2023-10-26" + } + }, + { + "name": "CVE-2024-5535", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 8.2, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-06-27", + "exploitable": false, + "fixedInVersion": "3.1.6-r0", + "publishDateByVendor": { + "nvd": "2024-06-27", + "vulndb": "2024-06-27" + } + }, + { + "name": "CVE-2024-4741", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 8.1, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-05-28", + "solutionDate": "2024-06-04", + "exploitable": false, + "fixedInVersion": "3.1.6-r0", + "publishDateByVendor": { + "vulndb": "2024-05-28" + } + }, + { + "name": "CVE-2024-2511", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.9, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-04-05", + "solutionDate": "2024-06-04", + "exploitable": false, + "fixedInVersion": "3.1.4-r6", + "publishDateByVendor": { + "nvd": "2024-04-08", + "vulndb": "2024-04-05" + } + }, + { + "name": "CVE-2023-2650", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-05-29", + "solutionDate": "2023-05-29", + "exploitable": false, + "fixedInVersion": "3.1.1-r0", + "publishDateByVendor": { + "nvd": "2023-05-30", + "vulndb": "2023-05-29" + } + }, + { + "name": "CVE-2023-6237", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-01-09", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r4", + "publishDateByVendor": { + "nvd": "2024-04-25", + "vulndb": "2024-01-09" + } + }, + { + "name": "CVE-2023-6129", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.5, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-09", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r3", + "publishDateByVendor": { + "nvd": "2024-01-09", + "vulndb": "2024-01-09" + } + }, + { + "name": "CVE-2023-5363", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-24", + "solutionDate": "2023-10-24", + "exploitable": false, + "fixedInVersion": "3.1.4-r0", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ], + "publishDateByVendor": { + "nvd": "2023-10-25", + "vulndb": "2023-10-24" + } + } + ], + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "libssl3", + "version": "3.1.0-r4", + "path": "/lib/apk/db/installed", + "suggestedFix": "3.1.6-r0", + "vulns": [ + { + "name": "CVE-2024-2511", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.9, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-04-05", + "solutionDate": "2024-06-04", + "exploitable": false, + "fixedInVersion": "3.1.4-r6", + "publishDateByVendor": { + "nvd": "2024-04-08", + "vulndb": "2024-04-05" + } + }, + { + "name": "CVE-2023-3446", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-13", + "solutionDate": "2023-08-01", + "exploitable": false, + "fixedInVersion": "3.1.1-r3", + "publishDateByVendor": { + "nvd": "2023-07-19", + "vulndb": "2023-07-13" + } + }, + { + "name": "CVE-2024-0727", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-22", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r5", + "publishDateByVendor": { + "nvd": "2024-01-26", + "vulndb": "2024-01-22" + } + }, + { + "name": "CVE-2023-5363", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-24", + "solutionDate": "2023-10-24", + "exploitable": false, + "fixedInVersion": "3.1.4-r0", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ], + "publishDateByVendor": { + "nvd": "2023-10-25", + "vulndb": "2023-10-24" + } + }, + { + "name": "CVE-2024-4603", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-05-16", + "solutionDate": "2024-06-04", + "exploitable": false, + "fixedInVersion": "3.1.5-r0", + "publishDateByVendor": { + "nvd": "2024-05-16", + "vulndb": "2024-05-16" + } + }, + { + "name": "CVE-2023-2975", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-07", + "solutionDate": "2023-08-01", + "exploitable": false, + "fixedInVersion": "3.1.1-r2", + "publishDateByVendor": { + "nvd": "2023-07-14", + "vulndb": "2023-07-07" + } + }, + { + "name": "CVE-2023-5678", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-26", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r1", + "publishDateByVendor": { + "nvd": "2023-11-06", + "vulndb": "2023-10-26" + } + }, + { + "name": "CVE-2024-5535", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 8.2, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-06-27", + "exploitable": false, + "fixedInVersion": "3.1.6-r0", + "publishDateByVendor": { + "nvd": "2024-06-27", + "vulndb": "2024-06-27" + } + }, + { + "name": "CVE-2024-4741", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 8.1, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-05-28", + "solutionDate": "2024-06-04", + "exploitable": false, + "fixedInVersion": "3.1.6-r0", + "publishDateByVendor": { + "vulndb": "2024-05-28" + } + }, + { + "name": "CVE-2023-6237", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-01-09", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r4", + "publishDateByVendor": { + "nvd": "2024-04-25", + "vulndb": "2024-01-09" + } + }, + { + "name": "CVE-2023-2650", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-05-29", + "solutionDate": "2023-05-29", + "exploitable": false, + "fixedInVersion": "3.1.1-r0", + "publishDateByVendor": { + "nvd": "2023-05-30", + "vulndb": "2023-05-29" + } + }, + { + "name": "CVE-2023-3817", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-25", + "solutionDate": "2023-08-01", + "exploitable": false, + "fixedInVersion": "3.1.2-r0", + "publishDateByVendor": { + "nvd": "2023-07-31", + "vulndb": "2023-07-25" + } + }, + { + "name": "CVE-2023-6129", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.5, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-09", + "solutionDate": "2024-01-30", + "exploitable": false, + "fixedInVersion": "3.1.4-r3", + "publishDateByVendor": { + "nvd": "2024-01-09", + "vulndb": "2024-01-09" + } + } + ], + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "musl", + "version": "1.2.4-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "musl-utils", + "version": "1.2.4-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "scanelf", + "version": "1.3.7-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "ssl_client", + "version": "1.36.0-r9", + "path": "/lib/apk/db/installed", + "suggestedFix": "1.36.1-r1", + "vulns": [ + { + "name": "CVE-2023-42366", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r6", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42363", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42364", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-42365", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "exploitable": false, + "fixedInVersion": "1.36.1-r7", + "publishDateByVendor": { + "nvd": "2023-11-27", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2022-48174", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2022-12-28", + "exploitable": false, + "fixedInVersion": "1.36.1-r1", + "publishDateByVendor": { + "nvd": "2023-08-22", + "vulndb": "2022-12-28" + } + } + ], + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "zlib", + "version": "1.2.13-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c" + }, + { + "type": "os", + "name": "bash", + "version": "5.2.15-r5", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "brotli-libs", + "version": "1.0.9-r14", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "ca-certificates", + "version": "20230506-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "coreutils", + "version": "9.3-r1", + "path": "/lib/apk/db/installed", + "suggestedFix": "9.3-r2", + "vulns": [ + { + "name": "CVE-2024-0684", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-17", + "solutionDate": "2024-01-17", + "exploitable": false, + "fixedInVersion": "9.3-r2", + "publishDateByVendor": { + "nvd": "2024-02-06", + "vulndb": "2024-01-17" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "curl", + "version": "8.2.1-r0", + "path": "/lib/apk/db/installed", + "suggestedFix": "8.4.0-r0", + "vulns": [ + { + "name": "CVE-2024-6197", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-06-28", + "solutionDate": "2024-07-24", + "exploitable": false, + "fixedInVersion": "8.9.0-r0", + "publishDateByVendor": { + "nvd": "2024-07-24", + "vulndb": "2024-06-28" + } + }, + { + "name": "CVE-2024-6874", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 8.2, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-07-18", + "solutionDate": "2024-07-24", + "exploitable": false, + "fixedInVersion": "8.9.0-r0", + "publishDateByVendor": { + "nvd": "2024-07-24", + "vulndb": "2024-07-18" + } + }, + { + "name": "CVE-2024-2004", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 4.2, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-02-27", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-02-27" + } + }, + { + "name": "CVE-2024-2379", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.4, + "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-12", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-03-12" + } + }, + { + "name": "CVE-2024-2398", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-07", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-03-07" + } + }, + { + "name": "CVE-2024-2466", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.4, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-18", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-03-18" + } + }, + { + "name": "CVE-2023-46218", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "solutionDate": "2023-12-06", + "exploitable": false, + "fixedInVersion": "8.5.0-r0", + "publishDateByVendor": { + "nvd": "2023-12-07", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-46219", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-12-06", + "solutionDate": "2023-12-06", + "exploitable": false, + "fixedInVersion": "8.5.0-r0", + "publishDateByVendor": { + "nvd": "2023-12-12", + "vulndb": "2023-12-06" + } + }, + { + "name": "CVE-2024-0853", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-23", + "solutionDate": "2024-01-31", + "exploitable": false, + "fixedInVersion": "8.6.0-r0", + "publishDateByVendor": { + "nvd": "2024-02-03", + "vulndb": "2024-01-23" + } + }, + { + "name": "CVE-2023-38545", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-04", + "solutionDate": "2023-10-11", + "exploitable": true, + "fixedInVersion": "8.4.0-r0", + "publishDateByVendor": { + "nvd": "2023-10-18", + "vulndb": "2023-10-04" + } + }, + { + "name": "CVE-2023-38546", + "severity": { + "value": "Low", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 3.7, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-15", + "solutionDate": "2023-10-11", + "exploitable": false, + "fixedInVersion": "8.4.0-r0", + "publishDateByVendor": { + "nvd": "2023-10-18", + "vulndb": "2023-09-15" + } + }, + { + "name": "CVE-2023-38039", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-08-02", + "solutionDate": "2023-09-13", + "exploitable": false, + "fixedInVersion": "8.3.0-r0", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-08-02" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "encodings", + "version": "1.0.7-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "font-dejavu", + "version": "2.37-r5", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "fontconfig", + "version": "2.14.2-r3", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "freetype", + "version": "2.13.0-r5", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gdbm", + "version": "1.23-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "git", + "version": "2.40.1-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "git-lfs", + "version": "3.3.0-r3", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gmp", + "version": "6.2.1-r3", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gnupg", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gnupg-dirmngr", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gnupg-gpgconf", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gnupg-keyboxd", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gnupg-utils", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gnupg-wks-client", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gnutls", + "version": "3.8.0-r2", + "path": "/lib/apk/db/installed", + "suggestedFix": "3.8.4-r0", + "vulns": [ + { + "name": "CVE-2023-5981", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.9, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-15", + "solutionDate": "2024-01-16", + "exploitable": false, + "fixedInVersion": "3.8.3-r0", + "publishDateByVendor": { + "nvd": "2023-11-28", + "vulndb": "2023-11-15" + } + }, + { + "name": "CVE-2024-0553", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-15", + "solutionDate": "2024-01-16", + "exploitable": false, + "fixedInVersion": "3.8.3-r0", + "publishDateByVendor": { + "nvd": "2024-01-16", + "vulndb": "2023-11-15" + } + }, + { + "name": "CVE-2024-0567", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-02", + "solutionDate": "2024-01-16", + "exploitable": false, + "fixedInVersion": "3.8.3-r0", + "publishDateByVendor": { + "nvd": "2024-01-16", + "vulndb": "2024-01-02" + } + }, + { + "name": "CVE-2024-28834", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.9, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-18", + "solutionDate": "2024-03-18", + "exploitable": false, + "fixedInVersion": "3.8.4-r0", + "publishDateByVendor": { + "nvd": "2024-03-21", + "vulndb": "2024-03-18" + } + }, + { + "name": "CVE-2024-28835", + "severity": { + "value": "Critical", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 9.8, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-18", + "solutionDate": "2024-03-18", + "exploitable": false, + "fixedInVersion": "3.8.4-r0", + "publishDateByVendor": { + "nvd": "2024-03-21", + "vulndb": "2024-03-18" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gpg", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gpg-agent", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gpg-wks-server", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gpgsm", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "gpgv", + "version": "2.4.3-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libacl", + "version": "2.3.1-r3", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libassuan", + "version": "2.5.6-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libattr", + "version": "2.5.1-r4", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libbz2", + "version": "1.0.8-r5", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libcurl", + "version": "8.2.1-r0", + "path": "/lib/apk/db/installed", + "suggestedFix": "8.4.0-r0", + "vulns": [ + { + "name": "CVE-2023-46218", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-23", + "solutionDate": "2023-12-06", + "exploitable": false, + "fixedInVersion": "8.5.0-r0", + "publishDateByVendor": { + "nvd": "2023-12-07", + "vulndb": "2023-11-23" + } + }, + { + "name": "CVE-2023-46219", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-12-06", + "solutionDate": "2023-12-06", + "exploitable": false, + "fixedInVersion": "8.5.0-r0", + "publishDateByVendor": { + "nvd": "2023-12-12", + "vulndb": "2023-12-06" + } + }, + { + "name": "CVE-2023-38039", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-08-02", + "solutionDate": "2023-09-13", + "exploitable": false, + "fixedInVersion": "8.3.0-r0", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-08-02" + } + }, + { + "name": "CVE-2023-38545", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-04", + "solutionDate": "2023-10-11", + "exploitable": true, + "fixedInVersion": "8.4.0-r0", + "publishDateByVendor": { + "nvd": "2023-10-18", + "vulndb": "2023-10-04" + } + }, + { + "name": "CVE-2023-38546", + "severity": { + "value": "Low", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 3.7, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-15", + "solutionDate": "2023-10-11", + "exploitable": false, + "fixedInVersion": "8.4.0-r0", + "publishDateByVendor": { + "nvd": "2023-10-18", + "vulndb": "2023-09-15" + } + }, + { + "name": "CVE-2024-6197", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-06-28", + "solutionDate": "2024-07-24", + "exploitable": false, + "fixedInVersion": "8.9.0-r0", + "publishDateByVendor": { + "nvd": "2024-07-24", + "vulndb": "2024-06-28" + } + }, + { + "name": "CVE-2024-6874", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 8.2, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-07-18", + "solutionDate": "2024-07-24", + "exploitable": false, + "fixedInVersion": "8.9.0-r0", + "publishDateByVendor": { + "nvd": "2024-07-24", + "vulndb": "2024-07-18" + } + }, + { + "name": "CVE-2024-0853", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-23", + "solutionDate": "2024-01-31", + "exploitable": false, + "fixedInVersion": "8.6.0-r0", + "publishDateByVendor": { + "nvd": "2024-02-03", + "vulndb": "2024-01-23" + } + }, + { + "name": "CVE-2024-2004", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 4.2, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-02-27", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-02-27" + } + }, + { + "name": "CVE-2024-2379", + "severity": { + "value": "Medium", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 5.4, + "vector": "CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-12", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-03-12" + } + }, + { + "name": "CVE-2024-2398", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-07", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-03-07" + } + }, + { + "name": "CVE-2024-2466", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.4, + "vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-18", + "solutionDate": "2024-03-27", + "exploitable": false, + "fixedInVersion": "8.7.1-r0", + "publishDateByVendor": { + "nvd": "2024-03-27", + "vulndb": "2024-03-18" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libedit", + "version": "20221030.3.1-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libexpat", + "version": "2.5.0-r1", + "path": "/lib/apk/db/installed", + "suggestedFix": "2.6.0-r0", + "vulns": [ + { + "name": "CVE-2023-52425", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-15", + "solutionDate": "2024-02-06", + "exploitable": false, + "fixedInVersion": "2.6.0-r0", + "publishDateByVendor": { + "nvd": "2024-02-04", + "vulndb": "2023-11-15" + } + }, + { + "name": "CVE-2023-52426", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-11-06", + "exploitable": false, + "fixedInVersion": "2.6.0-r0", + "publishDateByVendor": { + "nvd": "2024-02-04", + "vulndb": "2023-11-06" + } + }, + { + "name": "CVE-2024-28757", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-03", + "solutionDate": "2024-03-03", + "exploitable": false, + "fixedInVersion": "2.6.2-r0", + "publishDateByVendor": { + "nvd": "2024-03-10", + "vulndb": "2024-03-03" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libffi", + "version": "3.4.4-r2", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libfontenc", + "version": "1.1.7-r2", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libgcrypt", + "version": "1.10.2-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libgpg-error", + "version": "1.47-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libidn2", + "version": "2.3.4-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libintl", + "version": "0.21.1-r7", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libksba", + "version": "1.6.4-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libldap", + "version": "2.6.5-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libncursesw", + "version": "6.4_p20230506-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libpng", + "version": "1.6.39-r3", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libsasl", + "version": "2.1.28-r4", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libtasn1", + "version": "4.19.0-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "libunistring", + "version": "1.1-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "mkfontscale", + "version": "1.2.2-r3", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "musl-locales", + "version": "0.1.0-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "musl-locales-lang", + "version": "0.1.0-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "ncurses-terminfo-base", + "version": "6.4_p20230506-r0", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "nettle", + "version": "3.8.1-r2", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "nghttp2-libs", + "version": "1.55.1-r0", + "path": "/lib/apk/db/installed", + "suggestedFix": "1.57.0-r0", + "vulns": [ + { + "name": "CVE-2023-44487", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-10", + "solutionDate": "2023-10-10", + "exploitable": true, + "fixedInVersion": "1.57.0-r0", + "publishDateByVendor": { + "cisakev": "2023-10-10", + "nvd": "2023-10-10", + "vulndb": "2023-10-10" + }, + "annotations": { + "cisakev.dueDate": "2023-10-31", + "cisakev.knownRansomwareCampaignUse": "false" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "npth", + "version": "1.6-r4", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "openssh-client-common", + "version": "9.3_p2-r0", + "path": "/lib/apk/db/installed", + "suggestedFix": "9.3_p2-r2", + "vulns": [ + { + "name": "CVE-2024-6387", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 8.1, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-07-01", + "solutionDate": "2024-07-01", + "exploitable": true, + "fixedInVersion": "9.3_p2-r2", + "publishDateByVendor": { + "nvd": "2024-07-01", + "vulndb": "2024-07-01" + } + }, + { + "name": "CVE-2023-48795", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.9, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-12-12", + "solutionDate": "2023-12-18", + "exploitable": false, + "fixedInVersion": "9.3_p2-r1", + "publishDateByVendor": { + "nvd": "2023-12-18", + "vulndb": "2023-12-12" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "openssh-client-default", + "version": "9.3_p2-r0", + "path": "/lib/apk/db/installed", + "suggestedFix": "9.3_p2-r2", + "vulns": [ + { + "name": "CVE-2023-48795", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.9, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-12-12", + "solutionDate": "2023-12-18", + "exploitable": false, + "fixedInVersion": "9.3_p2-r1", + "publishDateByVendor": { + "nvd": "2023-12-18", + "vulndb": "2023-12-12" + } + }, + { + "name": "CVE-2024-6387", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 8.1, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-07-01", + "solutionDate": "2024-07-01", + "exploitable": true, + "fixedInVersion": "9.3_p2-r2", + "publishDateByVendor": { + "nvd": "2024-07-01", + "vulndb": "2024-07-01" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "openssh-keygen", + "version": "9.3_p2-r0", + "path": "/lib/apk/db/installed", + "suggestedFix": "9.3_p2-r2", + "vulns": [ + { + "name": "CVE-2023-48795", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.9, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-12-12", + "solutionDate": "2023-12-18", + "exploitable": false, + "fixedInVersion": "9.3_p2-r1", + "publishDateByVendor": { + "nvd": "2023-12-18", + "vulndb": "2023-12-12" + } + }, + { + "name": "CVE-2024-6387", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 8.1, + "vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-07-01", + "solutionDate": "2024-07-01", + "exploitable": true, + "fixedInVersion": "9.3_p2-r2", + "publishDateByVendor": { + "nvd": "2024-07-01", + "vulndb": "2024-07-01" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "p11-kit", + "version": "0.24.1-r2", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "pcre2", + "version": "10.42-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "pinentry", + "version": "1.2.1-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "readline", + "version": "8.2.1-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "skalibs", + "version": "2.13.1.1-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "sqlite-libs", + "version": "3.41.2-r2", + "path": "/lib/apk/db/installed", + "suggestedFix": "3.41.2-r3", + "vulns": [ + { + "name": "CVE-2023-7104", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-12-25", + "solutionDate": "2023-09-07", + "exploitable": false, + "fixedInVersion": "3.41.2-r3", + "publishDateByVendor": { + "nvd": "2023-12-29", + "vulndb": "2023-12-25" + } + } + ], + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "tini", + "version": "0.19.0-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "tzdata", + "version": "2023c-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "unzip", + "version": "6.0-r14", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "os", + "name": "utmps-libs", + "version": "0.1.2.1-r1", + "path": "/lib/apk/db/installed", + "layerDigest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246" + }, + { + "type": "java", + "name": "org.jenkins-ci.main:jenkins-war", + "version": "2.401.1", + "path": "/usr/share/jenkins/jenkins.war", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke:access-modifier-annotation", + "version": "1.31", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/access-modifier-annotation-1.31.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jvnet.robust-http-client:robust-http-client", + "version": "1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/robust-http-client-1.2.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "jakarta.annotation:jakarta.annotation-api", + "version": "2.1.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jakarta.annotation-api-2.1.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke:windows-package-checker", + "version": "1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/windows-package-checker-1.2.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.metainf-services:metainf-services", + "version": "1.9", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/metainf-services-1.9.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci.main:websocket-spi", + "version": "2.401.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/websocket-spi-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci.main:websocket-jetty10", + "version": "2.401.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/websocket-jetty10-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.objectweb.asm:asm-commons", + "version": "9.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/asm-commons-9.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.stapler:stapler-groovy", + "version": "1777.v7c6fe6d54a_0c", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/stapler-groovy-1777.v7c6fe6d54a_0c.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.objectweb.asm:asm-tree", + "version": "9.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/asm-tree-9.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:task-reactor", + "version": "1.8", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/task-reactor-1.8.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.slf4j:log4j-over-slf4j", + "version": "2.0.7", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/log4j-over-slf4j-2.0.7.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:symbol-annotation", + "version": "1.24", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/symbol-annotation-1.24.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:memory-monitor", + "version": "1.12", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/memory-monitor-1.12.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.jinterop:j-interopdeps", + "version": "2.0.8-kohsuke-1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/j-interopdeps-2.0.8-kohsuke-1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jvnet:tiger-types", + "version": "2.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/tiger-types-2.2.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.stapler:json-lib", + "version": "2.4-jenkins-3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/json-lib-2.4-jenkins-3.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.objectweb:asm", + "version": "9.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/asm-9.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.objectweb.asm:asm-util", + "version": "9.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/asm-util-9.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.google.guava:listenablefuture", + "version": "9999.0-empty-to-avoid-conflict-with-guava", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:commons-jelly", + "version": "1.1-jenkins-20230124", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-jelly-1.1-jenkins-20230124.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "jline:jline", + "version": "2.14.6", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jline-2.14.6.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.jcraft:jzlib", + "version": "1.1.3-kohsuke-1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jzlib-1.1.3-kohsuke-1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.stapler:stapler", + "version": "1777.v7c6fe6d54a_0c", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/stapler-1777.v7c6fe6d54a_0c.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-beanutils:commons-beanutils", + "version": "1.9.4", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-beanutils-1.9.4.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "io.jenkins.stapler:jenkins-stapler-support", + "version": "1.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jenkins-stapler-support-1.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jfree:jcommon", + "version": "1.0.23", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jcommon-1.0.23.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "net.sf.ezmorph:ezmorph", + "version": "1.0.6", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/ezmorph-1.0.6.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.fusesource.hawtjni:hawtjni-runtime", + "version": "1.8", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jansi-1.11.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.fusesource.jansi:jansi-native", + "version": "1.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jansi-1.11.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.fusesource.jansi:jansi", + "version": "1.11", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jansi-1.11.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-collections:commons-collections", + "version": "3.2.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-collections-3.2.2.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "jakarta.servlet.jsp.jstl:jakarta.servlet.jsp.jstl-api", + "version": "1.2.7", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jakarta.servlet.jsp.jstl-api-1.2.7.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.infradna.tool:bridge-method-annotation", + "version": "1.26", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/bridge-method-annotation-1.26.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.antlr:antlr4-runtime", + "version": "4.12.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/antlr4-runtime-4.12.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jvnet.hudson:commons-jelly-tags-define", + "version": "1.1-jenkins-20230124", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-jelly-tags-define-1.1-jenkins-20230124.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "javax.annotation:javax.annotation-api", + "version": "1.3.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/javax.annotation-api-1.3.2.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:commons-jexl", + "version": "1.1-jenkins-20111212", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-jexl-1.1-jenkins-20111212.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:version-number", + "version": "1.11", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/version-number-1.11.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.stapler:stapler-jelly", + "version": "1777.v7c6fe6d54a_0c", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/stapler-jelly-1777.v7c6fe6d54a_0c.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:crypto-util", + "version": "1.8", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/crypto-util-1.8.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.google.guava:failureaccess", + "version": "1.0.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/failureaccess-1.0.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-fileupload:commons-fileupload", + "version": "1.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-fileupload-1.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "net.java.sezpoz:sezpoz", + "version": "1.13", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/sezpoz-1.13.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.sun.solaris:embedded_su4j", + "version": "1.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/embedded_su4j-1.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "io.github.x-stream:mxparser", + "version": "1.2.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/mxparser-1.2.2.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.thoughtworks.xstream:xstream", + "version": "1.4.20", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/xstream-1.4.20.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.stapler:stapler-adjunct-codemirror", + "version": "1.3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/stapler-adjunct-codemirror-1.3.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci.main:websocket-jetty9", + "version": "2.401.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/websocket-jetty9-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.stapler:stapler-adjunct-timeline", + "version": "1.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/stapler-adjunct-timeline-1.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.sun.xml.txw2:txw2", + "version": "20110809", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/txw2-20110809.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci.main:remoting", + "version": "3107.v665000b_51092", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/remoting-3107.v665000b_51092.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus.bundles:tyrus-standalone-client-jdk", + "version": "2.1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/remoting-3107.v665000b_51092.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-client", + "version": "2.1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/remoting-3107.v665000b_51092.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-core", + "version": "2.1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/remoting-3107.v665000b_51092.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-spi", + "version": "2.1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/remoting-3107.v665000b_51092.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-container-jdk-client", + "version": "2.1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/remoting-3107.v665000b_51092.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:constant-pool-scanner", + "version": "1.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/remoting-3107.v665000b_51092.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "jaxen:jaxen", + "version": "2.0.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jaxen-2.0.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-codec:commons-codec", + "version": "1.15", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-codec-1.15.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "args4j:args4j", + "version": "2.33", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/args4j-2.33.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.kohsuke.jinterop:j-interop", + "version": "2.0.8-kohsuke-1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/j-interop-2.0.8-kohsuke-1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jvnet.winp:winp", + "version": "1.30", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/winp-1.30.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.objectweb.asm.tree:asm-analysis", + "version": "9.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/asm-analysis-9.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-discovery:commons-discovery", + "version": "0.5", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-discovery-0.5.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "spotbugs-annotations:spotbugs-annotations", + "version": "4.7.3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spotbugs-annotations-4.7.3.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.google:guice", + "version": "5.1.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/guice-5.1.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jfree:jfreechart", + "version": "1.0.19", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jfreechart-1.0.19.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.samba.jcifs:jcifs", + "version": "1.3.18-kohsuke-1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jcifs-1.3.18-kohsuke-1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.apache.commons:commons-compress", + "version": "1.23.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-compress-1.23.0.jar", + "suggestedFix": "v1.26.0", + "vulns": [ + { + "name": "CVE-2024-25710", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-02-18", + "solutionDate": "2024-02-18", + "exploitable": false, + "fixedInVersion": "v1.26.0", + "publishDateByVendor": { + "nvd": "2024-02-19", + "vulndb": "2024-02-18" + } + }, + { + "name": "CVE-2023-42503", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-03", + "solutionDate": "2023-09-09", + "exploitable": false, + "fixedInVersion": "v1.24.0", + "publishDateByVendor": { + "nvd": "2023-09-14", + "vulndb": "2023-09-03" + } + }, + { + "name": "CVE-2024-26308", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.5, + "vector": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-02-18", + "solutionDate": "2024-02-18", + "exploitable": false, + "fixedInVersion": "v1.26.0", + "publishDateByVendor": { + "nvd": "2024-02-19", + "vulndb": "2024-02-18" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.google.guava:guava", + "version": "31.1-jre", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/guava-31.1-jre.jar", + "suggestedFix": "v32.0.0-android", + "vulns": [ + { + "name": "CVE-2023-2976", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.1, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2016-09-27", + "solutionDate": "2023-06-08", + "exploitable": false, + "fixedInVersion": "v32.0.0-android", + "publishDateByVendor": { + "nvd": "2023-06-14", + "vulndb": "2016-09-27" + } + }, + { + "name": "CVE-2020-8908", + "severity": { + "value": "Low", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 3.3, + "vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2020-08-27", + "solutionDate": "2023-06-08", + "exploitable": false, + "fixedInVersion": "v32.0.0-android", + "publishDateByVendor": { + "nvd": "2020-12-10", + "vulndb": "2020-08-27" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.sun:com.sun.jna", + "version": "5.13.0 (b0)", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jna-5.13.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:winstone", + "version": "6.10", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "io.jenkins.lib:support-log-formatter", + "version": "1.2", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-alpn-java-server", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-io", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.14", + "vulns": [ + { + "name": "CVE-2023-41900", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-04-10", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-04-10" + } + }, + { + "name": "CVE-2023-26048", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-13", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-13" + } + }, + { + "name": "CVE-2023-26049", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-09", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-09" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.slf4j:slf4j-api", + "version": "2.0.6", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-alpn-server", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-jmx", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-server", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.16", + "vulns": [ + { + "name": "CVE-2023-36479", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-14", + "solutionDate": "2023-09-14", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-09-14" + } + }, + { + "name": "CVE-2023-40167", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-14", + "solutionDate": "2023-08-29", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-09-14" + } + }, + { + "name": "CVE-2023-41900", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-04-10", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-04-10" + } + }, + { + "name": "CVE-2023-26049", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-09", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-09" + } + }, + { + "name": "CVE-2023-26048", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-13", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-13" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-http", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.14", + "vulns": [ + { + "name": "CVE-2023-40167", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-14", + "solutionDate": "2023-08-29", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-09-14" + } + }, + { + "name": "CVE-2023-26048", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-13", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-13" + } + }, + { + "name": "CVE-2023-26049", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-09", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-09" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-servlet", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-security", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-util", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.16", + "vulns": [ + { + "name": "CVE-2023-26048", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-13", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-13" + } + }, + { + "name": "CVE-2023-26049", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-09", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-09" + } + }, + { + "name": "CVE-2023-36479", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-14", + "solutionDate": "2023-09-14", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-09-14" + } + }, + { + "name": "CVE-2023-40167", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-14", + "solutionDate": "2023-08-29", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-09-14" + } + }, + { + "name": "CVE-2023-41900", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-04-10", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-04-10" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-webapp", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.16", + "vulns": [ + { + "name": "CVE-2023-36479", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-14", + "solutionDate": "2023-09-14", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-09-14" + } + }, + { + "name": "CVE-2023-40167", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-14", + "solutionDate": "2023-08-29", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-09-14" + } + }, + { + "name": "CVE-2023-41900", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-04-10", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-09-15", + "vulndb": "2023-04-10" + } + }, + { + "name": "CVE-2023-26048", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-13", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-13" + } + }, + { + "name": "CVE-2023-26049", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-02-09", + "solutionDate": "2023-02-17", + "exploitable": false, + "fixedInVersion": "v10.0.14", + "publishDateByVendor": { + "nvd": "2023-04-18", + "vulndb": "2023-02-09" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty:jetty-xml", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.http2:http2-hpack", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.16", + "vulns": [ + { + "name": "CVE-2023-36478", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-09", + "solutionDate": "2023-08-30", + "exploitable": false, + "fixedInVersion": "v10.0.16", + "publishDateByVendor": { + "nvd": "2023-10-10", + "vulndb": "2023-10-09" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.http2:http2-server", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.17", + "vulns": [ + { + "name": "CVE-2023-44487", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-10", + "solutionDate": "2023-10-10", + "exploitable": true, + "fixedInVersion": "v10.0.17", + "publishDateByVendor": { + "cisakev": "2023-10-10", + "nvd": "2023-10-10", + "vulndb": "2023-10-10" + }, + "annotations": { + "cisakev.dueDate": "2023-10-31", + "cisakev.knownRansomwareCampaignUse": "false" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.http2:http2-common", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "suggestedFix": "v10.0.17", + "vulns": [ + { + "name": "CVE-2024-22201", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 7.5, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-01-09", + "solutionDate": "2024-01-31", + "exploitable": false, + "fixedInVersion": "v10.0.20", + "publishDateByVendor": { + "nvd": "2024-02-26", + "vulndb": "2024-01-09" + } + }, + { + "name": "CVE-2023-44487", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-10-10", + "solutionDate": "2023-10-10", + "exploitable": true, + "fixedInVersion": "v10.0.17", + "publishDateByVendor": { + "cisakev": "2023-10-10", + "nvd": "2023-10-10", + "vulndb": "2023-10-10" + }, + "annotations": { + "cisakev.dueDate": "2023-10-31", + "cisakev.knownRansomwareCampaignUse": "false" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.websocket:websocket-jetty-server", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.websocket:websocket-jetty-api", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.websocket:websocket-jetty-common", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.websocket:websocket-core-common", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.websocket:websocket-servlet", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.eclipse.jetty.websocket:websocket-core-server", + "version": "10.0.13", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.slf4j:slf4j-jdk14", + "version": "2.0.6", + "path": "/usr/share/jenkins/jenkins.war:executable/winstone.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci.main:cli", + "version": "2.401.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-io:commons-io", + "version": "2.11.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-lang:commons-lang", + "version": "2.6", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "net.i2p.crypto:eddsa", + "version": "0.3.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.apache.sshd:sshd-common", + "version": "2.9.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "suggestedFix": "v2.9.3", + "vulns": [ + { + "name": "CVE-2023-35887", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-07", + "solutionDate": "2023-05-09", + "exploitable": false, + "fixedInVersion": "v2.9.3", + "publishDateByVendor": { + "nvd": "2023-07-10", + "vulndb": "2023-07-07" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.slf4j:slf4j-api", + "version": "2.0.7", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.slf4j:jcl-over-slf4j", + "version": "2.0.7", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.apache.sshd:sshd-core", + "version": "2.9.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus.bundles:tyrus-standalone-client-jdk", + "version": "2.1.3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-client", + "version": "2.1.3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-core", + "version": "2.1.3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-spi", + "version": "2.1.3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "jakarta.websocket:jakarta.websocket-api", + "version": "2.1.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.glassfish.tyrus:tyrus-container-jdk-client", + "version": "2.1.3", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "jakarta.websocket:jakarta.websocket-client-api", + "version": "2.1.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci:annotation-indexer", + "version": "1.17", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jvnet.localizer:localizer", + "version": "1.31", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.slf4j:slf4j-jdk14", + "version": "2.0.7", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/cli-2.401.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "groovy-all:groovy-all", + "version": "2.4.21", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/groovy-all-2.4.21.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.jenkins-ci.main:jenkins-core", + "version": "2.401.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jenkins-core-2.401.1.jar", + "suggestedFix": "v2.426.3", + "vulns": [ + { + "name": "CVE-2023-43494", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 4.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-06", + "solutionDate": "2023-09-20", + "exploitable": false, + "fixedInVersion": "v2.414.2", + "publishDateByVendor": { + "nvd": "2023-09-20", + "vulndb": "2023-09-06" + } + }, + { + "name": "CVE-2023-43496", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 8.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-06", + "solutionDate": "2023-09-20", + "exploitable": false, + "fixedInVersion": "v2.414.2", + "publishDateByVendor": { + "nvd": "2023-09-20", + "vulndb": "2023-09-06" + } + }, + { + "name": "CVE-2023-43495", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.4, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-06", + "solutionDate": "2023-09-20", + "exploitable": false, + "fixedInVersion": "v2.414.2", + "publishDateByVendor": { + "nvd": "2023-09-20", + "vulndb": "2023-09-06" + } + }, + { + "name": "CVE-2023-43498", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 8.1, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-06", + "solutionDate": "2023-09-20", + "exploitable": false, + "fixedInVersion": "v2.414.2", + "publishDateByVendor": { + "nvd": "2023-09-20", + "vulndb": "2023-09-06" + } + }, + { + "name": "CVE-2023-43497", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 8.1, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-09-19", + "solutionDate": "2023-09-20", + "exploitable": false, + "fixedInVersion": "v2.414.2", + "publishDateByVendor": { + "nvd": "2023-09-20", + "vulndb": "2023-09-19" + } + }, + { + "name": "CVE-2024-23898", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 8.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-16", + "solutionDate": "2024-01-22", + "exploitable": false, + "fixedInVersion": "v2.426.3", + "publishDateByVendor": { + "nvd": "2024-01-24", + "vulndb": "2024-01-16" + } + }, + { + "name": "CVE-2024-23897", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2024-01-16", + "solutionDate": "2024-01-22", + "exploitable": true, + "fixedInVersion": "v2.426.3", + "publishDateByVendor": { + "nvd": "2024-01-24", + "vulndb": "2024-01-16" + } + }, + { + "name": "CVE-2023-39151", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.4, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-13", + "solutionDate": "2023-07-26", + "exploitable": false, + "fixedInVersion": "v2.401.3", + "publishDateByVendor": { + "nvd": "2023-07-26", + "vulndb": "2023-07-13" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.apache.ant:ant", + "version": "1.10.13", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/ant-1.10.13.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.robolectric:android-kxml2", + "version": "4.1.2_r1_rc", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/kxml2-2.3.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "activesoap:relaxngDatatype", + "version": "20050407", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/relaxngDatatype-20020414.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework:spring-expression", + "version": "5.3.27", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-expression-5.3.27.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework:spring-aop", + "version": "5.3.27", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-aop-5.3.27.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "com.guicedee.services:dom4j", + "version": "2.1.4", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/dom4j-2.1.4.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework.security:spring-security-core", + "version": "5.8.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-security-core-5.8.2.jar", + "suggestedFix": "v5.8.5", + "vulns": [ + { + "name": "CVE-2023-20862", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-04-17", + "solutionDate": "2023-04-17", + "exploitable": false, + "fixedInVersion": "v5.8.3", + "publishDateByVendor": { + "nvd": "2023-04-19", + "vulndb": "2023-04-17" + } + }, + { + "name": "CVE-2023-34034", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-18", + "solutionDate": "2023-07-18", + "exploitable": false, + "fixedInVersion": "v5.8.5", + "publishDateByVendor": { + "nvd": "2023-07-19", + "vulndb": "2023-07-18" + } + }, + { + "name": "CVE-2023-34035", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 5.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-07-17", + "solutionDate": "2023-07-17", + "exploitable": true, + "fixedInVersion": "v5.8.5", + "publishDateByVendor": { + "nvd": "2023-07-18", + "vulndb": "2023-07-17" + } + }, + { + "name": "CVE-2024-22257", + "severity": { + "value": "High", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 8.2, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:L/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-03-18", + "solutionDate": "2024-03-18", + "exploitable": false, + "fixedInVersion": "v5.8.11", + "publishDateByVendor": { + "nvd": "2024-03-18", + "vulndb": "2024-03-18" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "javax.inject:javax.inject", + "version": "1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/javax.inject-1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-jelly:commons-jelly-tags-fmt", + "version": "1.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-jelly-tags-fmt-1.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework.security:spring-security-web", + "version": "5.8.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-security-web-5.8.2.jar", + "suggestedFix": "v5.8.3", + "vulns": [ + { + "name": "CVE-2023-20862", + "severity": { + "value": "Medium", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 6.3, + "vector": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-04-17", + "solutionDate": "2023-04-17", + "exploitable": false, + "fixedInVersion": "v5.8.3", + "publishDateByVendor": { + "nvd": "2023-04-19", + "vulndb": "2023-04-17" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework:spring-web", + "version": "5.3.27", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-web-5.3.27.jar", + "suggestedFix": "v5.3.32", + "vulns": [ + { + "name": "CVE-2024-22243", + "severity": { + "value": "Critical", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 9.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-02-21", + "solutionDate": "2024-04-11", + "exploitable": true, + "fixedInVersion": "v5.3.32", + "publishDateByVendor": { + "nvd": "2024-02-23", + "vulndb": "2024-02-21" + } + }, + { + "name": "CVE-2024-22262", + "severity": { + "value": "Critical", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 9.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-02-21", + "solutionDate": "2024-04-11", + "exploitable": true, + "fixedInVersion": "v5.3.34", + "publishDateByVendor": { + "nvd": "2024-04-16", + "vulndb": "2024-02-21" + } + }, + { + "name": "CVE-2024-22259", + "severity": { + "value": "Critical", + "sourceName": "vulndb" + }, + "cvssScore": { + "value": { + "version": "3.0", + "score": 9.3, + "vector": "CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:N" + }, + "sourceName": "vulndb" + }, + "disclosureDate": "2024-02-21", + "solutionDate": "2024-04-11", + "exploitable": true, + "fixedInVersion": "v5.3.33", + "publishDateByVendor": { + "nvd": "2024-03-16", + "vulndb": "2024-02-21" + } + }, + { + "name": "CVE-2016-1000027", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2016-07-08", + "solutionDate": "2020-08-11", + "exploitable": false, + "fixedInVersion": "v6.0.0", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ], + "publishDateByVendor": { + "nvd": "2020-01-02", + "vulndb": "2016-07-08" + } + } + ], + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework:spring-context", + "version": "5.3.27", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-context-5.3.27.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "xpp3:xpp3", + "version": "1.1.4c", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/xpp3-1.1.4c.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework:spring-beans", + "version": "5.3.27", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-beans-5.3.27.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.apache.ant:ant-launcher", + "version": "1.10.13", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/ant-launcher-1.10.13.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework.security:spring-security-crypto", + "version": "5.8.2", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-security-crypto-5.8.2.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "de.svws-nrw.ext:jbcrypt", + "version": "1.0.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jbcrypt-1.0.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "org.springframework:spring-core", + "version": "5.3.27", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/spring-core-5.3.27.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "net.jcip:jcip-annotations", + "version": "1.0", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/jcip-annotations-1.0.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "commons-jelly:commons-jelly-tags-xml", + "version": "1.1", + "path": "/usr/share/jenkins/jenkins.war:WEB-INF/lib/commons-jelly-tags-xml-1.1.jar", + "layerDigest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109" + }, + { + "type": "java", + "name": "io.jenkins.plugin-management:plugin-management-library", + "version": "2.12.11", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "org.jenkins-ci:version-number", + "version": "1.11", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "commons-io:commons-io", + "version": "2.11.0", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "org.apache.commons:commons-lang3", + "version": "3.12.0", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "commons-validator:commons-validator", + "version": "1.7", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "commons-beanutils:commons-beanutils", + "version": "1.9.4", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "commons-digester:commons-digester", + "version": "2.1", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "commons-logging:commons-logging", + "version": "1.2", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "commons-collections:commons-collections", + "version": "3.2.2", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "org.apache.httpcomponents:httpclient", + "version": "4.5.14", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "org.apache.httpcomponents:httpcore", + "version": "4.4.16", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "commons-codec:commons-codec", + "version": "1.15", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "org.json:json", + "version": "20220924", + "path": "/opt/jenkins-plugin-manager.jar", + "suggestedFix": "v20230227", + "vulns": [ + { + "name": "CVE-2022-45688", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2022-11-19", + "solutionDate": "2023-02-27", + "exploitable": false, + "fixedInVersion": "v20230227", + "publishDateByVendor": { + "nvd": "2022-12-13", + "vulndb": "2022-11-19" + } + }, + { + "name": "CVE-2023-5072", + "severity": { + "value": "High", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 7.5, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2023-08-01", + "exploitable": false, + "fixedInVersion": "v20231013", + "publishDateByVendor": { + "nvd": "2023-10-12", + "vulndb": "2023-08-01" + } + } + ], + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "com.fasterxml.jackson.dataformat:jackson-dataformat-yaml", + "version": "2.14.2", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "com.fasterxml.jackson.core:jackson-databind", + "version": "2.14.2", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "com.fasterxml.jackson.core:jackson-annotations", + "version": "2.14.2", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "com.fasterxml.jackson.core:jackson-core", + "version": "2.14.2", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "org.yaml:snakeyaml", + "version": "1.33", + "path": "/opt/jenkins-plugin-manager.jar", + "suggestedFix": "v2.0", + "vulns": [ + { + "name": "CVE-2022-1471", + "severity": { + "value": "Critical", + "sourceName": "nvd" + }, + "cvssScore": { + "value": { + "version": "3.1", + "score": 9.8, + "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H" + }, + "sourceName": "nvd" + }, + "disclosureDate": "2019-11-29", + "solutionDate": "2023-02-26", + "exploitable": false, + "fixedInVersion": "v2.0", + "publishDateByVendor": { + "nvd": "2022-12-01", + "vulndb": "2019-11-29" + } + } + ], + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "args4j:args4j", + "version": "2.33", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "com.google.code.findbugs:jsr305", + "version": "3.0.2", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + }, + { + "type": "java", + "name": "io.jenkins.plugin-management:plugin-management-cli", + "version": "2.12.11", + "path": "/opt/jenkins-plugin-manager.jar", + "layerDigest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec" + } + ], + "layers": [ + { + "digest": "sha256:bb01bd7e32b58b6694c8c3622c230171f1cec24001a82068a8d30d338f420d6c", + "size": 7617536, + "command": "/bin/sh -c #(nop) ADD file:7625ddfd589fb824ee39f1b1eb387b98f3676420ff52f26eb9d975151e889667 in / ", + "vulns": { + "critical": 3, + "high": 6, + "low": 0, + "medium": 32, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [ + { + "pullstrings": [ + "alpine:3.18.0", + "alpine:3.18.0@sha256:02bb6f428431fbc2809c5d1b41eab5a68350194fb508869a33cb1af4444c9b11" + ] + } + ] + }, + { + "command": "/bin/sh -c #(nop) CMD [\"/bin/sh\"]", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:1b8057f94583cc8b952e484a7d2a6ef22f8440e22833344ed95793a174413246", + "size": 58825216, + "command": "RUN /bin/sh -c apk add --no-cache bash coreutils curl git git-lfs gnupg musl-locales musl-locales-lang openssh-client tini ttf-dejavu tzdata unzip \u0026\u0026 git lfs install # buildkit", + "vulns": { + "critical": 3, + "high": 19, + "low": 2, + "medium": 17, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV LANG=C.UTF-8", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG TARGETARCH", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG COMMIT_SHA", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG user=jenkins", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG group=jenkins", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG uid=1000", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG gid=1000", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG http_port=8080", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG agent_port=50000", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG JENKINS_HOME=/var/jenkins_home", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG REF=/usr/share/jenkins/ref", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV JENKINS_HOME=/var/jenkins_home", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV JENKINS_SLAVE_AGENT_PORT=50000", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV REF=/usr/share/jenkins/ref", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:c3146db7f065866c4891c7a1397fd9fd81e060205551502ff04ea09620bc8b40", + "size": 11776, + "command": "RUN |10 TARGETARCH=amd64 COMMIT_SHA=10cec2d12424b2b05b9c07a622765b929d9768c8 user=jenkins group=jenkins uid=1000 gid=1000 http_port=8080 agent_port=50000 JENKINS_HOME=/var/jenkins_home REF=/usr/share/jenkins/ref /bin/sh -c mkdir -p $JENKINS_HOME \u0026\u0026 chown ${uid}:${gid} $JENKINS_HOME \u0026\u0026 addgroup -g ${gid} ${group} \u0026\u0026 adduser -h \"$JENKINS_HOME\" -u ${uid} -G ${group} -s /bin/bash -D ${user} # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "VOLUME [/var/jenkins_home]", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:ff34534a832cda46155a31e923eeb66e48fa855dbbba3ce3c7e493d719e2703d", + "size": 3584, + "command": "RUN |10 TARGETARCH=amd64 COMMIT_SHA=10cec2d12424b2b05b9c07a622765b929d9768c8 user=jenkins group=jenkins uid=1000 gid=1000 http_port=8080 agent_port=50000 JENKINS_HOME=/var/jenkins_home REF=/usr/share/jenkins/ref /bin/sh -c mkdir -p ${REF}/init.groovy.d # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG JENKINS_VERSION", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV JENKINS_VERSION=2.401.1", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG JENKINS_SHA=1163c4554dc93439c5eef02b06a8d74f98ca920bbc012c2b8a089d414cfa8075", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/2.401.1/jenkins-war-2.401.1.war", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:41ee4160cfce07cfa715985dc419afc648a3a7ee21c22ba89fb7ee62ba48a109", + "size": 98365952, + "command": "RUN |13 TARGETARCH=amd64 COMMIT_SHA=10cec2d12424b2b05b9c07a622765b929d9768c8 user=jenkins group=jenkins uid=1000 gid=1000 http_port=8080 agent_port=50000 JENKINS_HOME=/var/jenkins_home REF=/usr/share/jenkins/ref JENKINS_VERSION=2.401.1 JENKINS_SHA=600b73eabf797852e39919541b84f7686ff601b97c77b44eb00843eb91c7dd6c JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/2.401.1/jenkins-war-2.401.1.war /bin/sh -c curl -fsSL ${JENKINS_URL} -o /usr/share/jenkins/jenkins.war \u0026\u0026 echo \"${JENKINS_SHA} /usr/share/jenkins/jenkins.war\" \u003e/tmp/jenkins_sha \u0026\u0026 sha256sum -c --strict /tmp/jenkins_sha \u0026\u0026 rm -f /tmp/jenkins_sha # buildkit", + "vulns": { + "critical": 6, + "high": 10, + "low": 1, + "medium": 31, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV JENKINS_UC=https://updates.jenkins.io", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV JENKINS_UC_EXPERIMENTAL=https://updates.jenkins.io/experimental", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV JENKINS_INCREMENTALS_REPO_MIRROR=https://repo.jenkins-ci.org/incrementals", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:e5c1ab04d4512307919dc7aeb3124e96a713b896e5cb65ab723b8b65c4623563", + "size": 3584, + "command": "RUN |13 TARGETARCH=amd64 COMMIT_SHA=10cec2d12424b2b05b9c07a622765b929d9768c8 user=jenkins group=jenkins uid=1000 gid=1000 http_port=8080 agent_port=50000 JENKINS_HOME=/var/jenkins_home REF=/usr/share/jenkins/ref JENKINS_VERSION=2.401.1 JENKINS_SHA=600b73eabf797852e39919541b84f7686ff601b97c77b44eb00843eb91c7dd6c JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/2.401.1/jenkins-war-2.401.1.war /bin/sh -c chown -R ${user} \"$JENKINS_HOME\" \"$REF\" # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG PLUGIN_CLI_VERSION=2.12.11", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ARG PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/2.12.11/jenkins-plugin-manager-2.12.11.jar", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:68d773aa52bc7904ef8b95e0ed3bf6271a694eae8b2bb80eec690e747b925aec", + "size": 6444032, + "command": "RUN |15 TARGETARCH=amd64 COMMIT_SHA=10cec2d12424b2b05b9c07a622765b929d9768c8 user=jenkins group=jenkins uid=1000 gid=1000 http_port=8080 agent_port=50000 JENKINS_HOME=/var/jenkins_home REF=/usr/share/jenkins/ref JENKINS_VERSION=2.401.1 JENKINS_SHA=600b73eabf797852e39919541b84f7686ff601b97c77b44eb00843eb91c7dd6c JENKINS_URL=https://repo.jenkins-ci.org/public/org/jenkins-ci/main/jenkins-war/2.401.1/jenkins-war-2.401.1.war PLUGIN_CLI_VERSION=2.12.11 PLUGIN_CLI_URL=https://github.com/jenkinsci/plugin-installation-manager-tool/releases/download/2.12.11/jenkins-plugin-manager-2.12.11.jar /bin/sh -c curl -fsSL ${PLUGIN_CLI_URL} -o /opt/jenkins-plugin-manager.jar # buildkit", + "vulns": { + "critical": 1, + "high": 2, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "EXPOSE map[8080/tcp:{}]", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "EXPOSE map[50000/tcp:{}]", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV COPY_REFERENCE_FILE_LOG=/var/jenkins_home/copy_reference_file.log", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV JAVA_HOME=/opt/java/openjdk", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENV PATH=/opt/java/openjdk/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:cae56fbb649d09649e0ba85a4d1ca91e64fcc53e4ae47a2c5bbb6d61e8d3d937", + "size": 88552448, + "command": "COPY /javaruntime /opt/java/openjdk # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "USER jenkins", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:795ba54cdefa12826921776cf757891a5a34fa47bd835d7a701a87bb2104a044", + "size": 9728, + "command": "COPY jenkins-support /usr/local/bin/jenkins-support # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:f2ec06f1c467224823511d7d3a9a9ba1e62e9a5c65486b57e850aca1bce48a3b", + "size": 5632, + "command": "COPY jenkins.sh /usr/local/bin/jenkins.sh # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:bbb959b402d92b7a4fc1b4a1b9d7e1e4f065171c412fc99a6522f6946f4baee0", + "size": 2560, + "command": "COPY jenkins-plugin-cli.sh /bin/jenkins-plugin-cli # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "ENTRYPOINT [\"/sbin/tini\" \"--\" \"/usr/local/bin/jenkins.sh\"]", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + }, + { + "digest": "sha256:9e70a6e25c4da6852e44a5b06db400f4550d5501a322d1892ef423754d531393", + "size": 3584, + "command": "COPY install-plugins.sh /usr/local/bin/install-plugins.sh # buildkit", + "vulns": { + "critical": 0, + "high": 0, + "low": 0, + "medium": 0, + "negligible": 0 + }, + "runningVulns": {}, + "baseImages": [] + }, + { + "command": "LABEL org.opencontainers.image.vendor=Jenkins project org.opencontainers.image.title=Official Jenkins Docker image org.opencontainers.image.description=The Jenkins Continuous Integration and Delivery server org.opencontainers.image.version=2.401.1 org.opencontainers.image.url=https://www.jenkins.io/ org.opencontainers.image.source=https://github.com/jenkinsci/docker org.opencontainers.image.revision=10cec2d12424b2b05b9c07a622765b929d9768c8 org.opencontainers.image.licenses=MIT", + "vulns": {}, + "runningVulns": {}, + "baseImages": [] + } + ], + "policyEvaluations": [ + { + "name": "Sysdig Best Practices", + "identifier": "sysdig-best-practices", + "type": "alwaysApply", + "bundles": [ + { + "name": "Severe vulnerabilities with a Fix", + "identifier": "severe_vulnerabilities_with_a_fix", + "type": "predefined", + "rules": [ + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity greater than or equal high AND Network attack vector AND Fixable", + "failures": [ + { + "pkgIndex": 4, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[4].vuln[0]", + "description": "CVE-2022-48174 found in pkg 'busybox:1.36.0-r9'" + }, + { + "pkgIndex": 5, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[5].vuln[3]", + "description": "CVE-2022-48174 found in pkg 'busybox-binsh:1.36.0-r9'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[8].vuln[6]", + "description": "CVE-2024-5535 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[8].vuln[7]", + "description": "CVE-2024-4741 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 12, + "ref": "$.result.packages[8].vuln[12]", + "description": "CVE-2023-5363 found in pkg 'libcrypto3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[9].vuln[3]", + "description": "CVE-2023-5363 found in pkg 'libssl3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[9].vuln[7]", + "description": "CVE-2024-5535 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 8, + "ref": "$.result.packages[9].vuln[8]", + "description": "CVE-2024-4741 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 13, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[13].vuln[4]", + "description": "CVE-2022-48174 found in pkg 'ssl_client:1.36.0-r9'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[19].vuln[0]", + "description": "CVE-2024-6197 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[19].vuln[1]", + "description": "CVE-2024-6874 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[19].vuln[4]", + "description": "CVE-2024-2398 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[19].vuln[5]", + "description": "CVE-2024-2466 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 9, + "ref": "$.result.packages[19].vuln[9]", + "description": "CVE-2023-38545 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[19].vuln[11]", + "description": "CVE-2023-38039 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[34].vuln[1]", + "description": "CVE-2024-0553 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[34].vuln[2]", + "description": "CVE-2024-0567 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[34].vuln[4]", + "description": "CVE-2024-28835 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[44].vuln[2]", + "description": "CVE-2023-38039 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[44].vuln[3]", + "description": "CVE-2023-38545 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[44].vuln[5]", + "description": "CVE-2024-6197 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[44].vuln[6]", + "description": "CVE-2024-6874 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 10, + "ref": "$.result.packages[44].vuln[10]", + "description": "CVE-2024-2398 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[44].vuln[11]", + "description": "CVE-2024-2466 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[46].vuln[0]", + "description": "CVE-2023-52425 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[46].vuln[2]", + "description": "CVE-2024-28757 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 65, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[65].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'nghttp2-libs:1.55.1-r0'" + }, + { + "pkgIndex": 67, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[67].vuln[0]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-common:9.3_p2-r0'" + }, + { + "pkgIndex": 68, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[68].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-default:9.3_p2-r0'" + }, + { + "pkgIndex": 69, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[69].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-keygen:9.3_p2-r0'" + }, + { + "pkgIndex": 75, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[75].vuln[0]", + "description": "CVE-2023-7104 found in pkg 'sqlite-libs:3.41.2-r2'" + }, + { + "pkgIndex": 167, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[167].vuln[0]", + "description": "CVE-2023-36478 found in pkg 'org.eclipse.jetty.http2:http2-hpack:10.0.13'" + }, + { + "pkgIndex": 168, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[168].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-server:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[169].vuln[0]", + "description": "CVE-2024-22201 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[169].vuln[1]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[196].vuln[1]", + "description": "CVE-2023-43496 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[196].vuln[3]", + "description": "CVE-2023-43498 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[196].vuln[4]", + "description": "CVE-2023-43497 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[196].vuln[5]", + "description": "CVE-2024-23898 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[196].vuln[6]", + "description": "CVE-2024-23897 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[203].vuln[1]", + "description": "CVE-2023-34034 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[203].vuln[3]", + "description": "CVE-2024-22257 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[207].vuln[0]", + "description": "CVE-2024-22243 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[207].vuln[1]", + "description": "CVE-2024-22262 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[207].vuln[2]", + "description": "CVE-2024-22259 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[207].vuln[3]", + "description": "CVE-2016-1000027 found in pkg 'org.springframework:spring-web:5.3.27'", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ] + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[229].vuln[0]", + "description": "CVE-2022-45688 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[229].vuln[1]", + "description": "CVE-2023-5072 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 234, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[234].vuln[0]", + "description": "CVE-2022-1471 found in pkg 'org.yaml:snakeyaml:1.33'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverity", + "extra": { + "level": "high" + } + }, + { + "type": "vulnExploitableViaNetwork" + }, + { + "type": "vulnIsFixable" + } + ] + }, + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity equal critical AND Fixable", + "failures": [ + { + "pkgIndex": 4, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[4].vuln[0]", + "description": "CVE-2022-48174 found in pkg 'busybox:1.36.0-r9'" + }, + { + "pkgIndex": 5, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[5].vuln[3]", + "description": "CVE-2022-48174 found in pkg 'busybox-binsh:1.36.0-r9'" + }, + { + "pkgIndex": 13, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[13].vuln[4]", + "description": "CVE-2022-48174 found in pkg 'ssl_client:1.36.0-r9'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 9, + "ref": "$.result.packages[19].vuln[9]", + "description": "CVE-2023-38545 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[34].vuln[4]", + "description": "CVE-2024-28835 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[44].vuln[3]", + "description": "CVE-2023-38545 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[196].vuln[6]", + "description": "CVE-2024-23897 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[203].vuln[1]", + "description": "CVE-2023-34034 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[207].vuln[0]", + "description": "CVE-2024-22243 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[207].vuln[1]", + "description": "CVE-2024-22262 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[207].vuln[2]", + "description": "CVE-2024-22259 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[207].vuln[3]", + "description": "CVE-2016-1000027 found in pkg 'org.springframework:spring-web:5.3.27'", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ] + }, + { + "pkgIndex": 234, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[234].vuln[0]", + "description": "CVE-2022-1471 found in pkg 'org.yaml:snakeyaml:1.33'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverityEquals", + "extra": { + "level": "critical" + } + }, + { + "type": "vulnIsFixable" + } + ] + }, + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity equal high AND Fixable since 30 days", + "failures": [ + { + "pkgIndex": 8, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[8].vuln[7]", + "description": "CVE-2024-4741 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 12, + "ref": "$.result.packages[8].vuln[12]", + "description": "CVE-2023-5363 found in pkg 'libcrypto3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[9].vuln[3]", + "description": "CVE-2023-5363 found in pkg 'libssl3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 8, + "ref": "$.result.packages[9].vuln[8]", + "description": "CVE-2024-4741 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[19].vuln[4]", + "description": "CVE-2024-2398 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[19].vuln[5]", + "description": "CVE-2024-2466 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[19].vuln[11]", + "description": "CVE-2023-38039 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[34].vuln[1]", + "description": "CVE-2024-0553 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[34].vuln[2]", + "description": "CVE-2024-0567 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[44].vuln[2]", + "description": "CVE-2023-38039 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 10, + "ref": "$.result.packages[44].vuln[10]", + "description": "CVE-2024-2398 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[44].vuln[11]", + "description": "CVE-2024-2466 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[46].vuln[0]", + "description": "CVE-2023-52425 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[46].vuln[2]", + "description": "CVE-2024-28757 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 65, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[65].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'nghttp2-libs:1.55.1-r0'" + }, + { + "pkgIndex": 75, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[75].vuln[0]", + "description": "CVE-2023-7104 found in pkg 'sqlite-libs:3.41.2-r2'" + }, + { + "pkgIndex": 151, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[151].vuln[0]", + "description": "CVE-2023-2976 found in pkg 'com.google.guava:guava:31.1-jre'" + }, + { + "pkgIndex": 167, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[167].vuln[0]", + "description": "CVE-2023-36478 found in pkg 'org.eclipse.jetty.http2:http2-hpack:10.0.13'" + }, + { + "pkgIndex": 168, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[168].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-server:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[169].vuln[0]", + "description": "CVE-2024-22201 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[169].vuln[1]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[196].vuln[1]", + "description": "CVE-2023-43496 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[196].vuln[3]", + "description": "CVE-2023-43498 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[196].vuln[4]", + "description": "CVE-2023-43497 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[196].vuln[5]", + "description": "CVE-2024-23898 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[203].vuln[3]", + "description": "CVE-2024-22257 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[229].vuln[0]", + "description": "CVE-2022-45688 found in pkg 'org.json:json:20220924'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverityEquals", + "extra": { + "level": "high" + } + }, + { + "type": "vulnIsFixableWithAge", + "extra": { + "age": 30 + } + } + ] + } + ], + "createdAt": "2022-01-17T10:54:14.571304Z", + "updatedAt": "2022-01-17T10:54:14.571304Z" + }, + { + "name": "Marc's Famous bundle 'o rules", + "identifier": "marcs-famous-bundle-o-rules", + "type": "custom", + "rules": [ + { + "ruleType": "vulnDenyList", + "failureType": "pkgVulnFailure", + "description": "Vulnerabilities Deny List: CVE-2016-3086, CVE-2021-12345", + "evaluationResult": "passed", + "predicates": [ + { + "type": "denyCVE", + "extra": { + "vulnIds": [ + "CVE-2016-3086", + "CVE-2021-12345" + ] + } + } + ] + }, + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity greater than or equal high AND Fixable since 30 days AND Disclosure date older than or equal 180 days", + "failures": [ + { + "pkgIndex": 8, + "vulnInPkgIndex": 12, + "ref": "$.result.packages[8].vuln[12]", + "description": "CVE-2023-5363 found in pkg 'libcrypto3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[9].vuln[3]", + "description": "CVE-2023-5363 found in pkg 'libssl3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 9, + "ref": "$.result.packages[19].vuln[9]", + "description": "CVE-2023-38545 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[19].vuln[11]", + "description": "CVE-2023-38039 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[34].vuln[1]", + "description": "CVE-2024-0553 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[34].vuln[2]", + "description": "CVE-2024-0567 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[44].vuln[2]", + "description": "CVE-2023-38039 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[44].vuln[3]", + "description": "CVE-2023-38545 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[46].vuln[0]", + "description": "CVE-2023-52425 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 65, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[65].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'nghttp2-libs:1.55.1-r0'" + }, + { + "pkgIndex": 75, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[75].vuln[0]", + "description": "CVE-2023-7104 found in pkg 'sqlite-libs:3.41.2-r2'" + }, + { + "pkgIndex": 151, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[151].vuln[0]", + "description": "CVE-2023-2976 found in pkg 'com.google.guava:guava:31.1-jre'" + }, + { + "pkgIndex": 167, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[167].vuln[0]", + "description": "CVE-2023-36478 found in pkg 'org.eclipse.jetty.http2:http2-hpack:10.0.13'" + }, + { + "pkgIndex": 168, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[168].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-server:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[169].vuln[0]", + "description": "CVE-2024-22201 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[169].vuln[1]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[196].vuln[1]", + "description": "CVE-2023-43496 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[196].vuln[3]", + "description": "CVE-2023-43498 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[196].vuln[4]", + "description": "CVE-2023-43497 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[196].vuln[5]", + "description": "CVE-2024-23898 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[196].vuln[6]", + "description": "CVE-2024-23897 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[203].vuln[1]", + "description": "CVE-2023-34034 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[207].vuln[3]", + "description": "CVE-2016-1000027 found in pkg 'org.springframework:spring-web:5.3.27'", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ] + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[229].vuln[0]", + "description": "CVE-2022-45688 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 234, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[234].vuln[0]", + "description": "CVE-2022-1471 found in pkg 'org.yaml:snakeyaml:1.33'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverity", + "extra": { + "level": "high" + } + }, + { + "type": "vulnIsFixableWithAge", + "extra": { + "age": 30 + } + }, + { + "type": "vulnAge", + "extra": { + "age": 180 + } + } + ] + } + ], + "createdAt": "2022-01-18T18:58:43.676154Z", + "updatedAt": "2024-06-21T14:49:16.841678Z" + } + ], + "acceptedRiskTotal": 9, + "evaluationResult": "failed", + "createdAt": "2022-01-17T10:56:37.857605Z", + "updatedAt": "2022-07-19T20:11:24.833525Z" + }, + { + "name": "Cardholder Policy", + "identifier": "cardholder-policy", + "type": "alwaysApply", + "bundles": [ + { + "name": "PCI DSS (Payment Card Industry Data Security Standard) v3.2.1", + "identifier": "pci-dss-v3-2-1", + "type": "predefined", + "rules": [ + { + "ruleType": "imageConfigSensitiveInformationAndSecrets", + "failureType": "imageConfigFailure", + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "predicates": [ + { + "type": "imageConfigSensitiveInformationAndSecrets" + } + ] + }, + { + "ruleType": "imageConfigDefaultUser", + "failureType": "imageConfigFailure", + "description": "User is root", + "evaluationResult": "passed", + "predicates": [ + { + "type": "imageConfigDefaultUserIsRoot" + } + ] + }, + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity greater than or equal high", + "failures": [ + { + "pkgIndex": 4, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[4].vuln[0]", + "description": "CVE-2022-48174 found in pkg 'busybox:1.36.0-r9'" + }, + { + "pkgIndex": 5, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[5].vuln[3]", + "description": "CVE-2022-48174 found in pkg 'busybox-binsh:1.36.0-r9'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[8].vuln[6]", + "description": "CVE-2024-5535 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[8].vuln[7]", + "description": "CVE-2024-4741 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 12, + "ref": "$.result.packages[8].vuln[12]", + "description": "CVE-2023-5363 found in pkg 'libcrypto3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[9].vuln[3]", + "description": "CVE-2023-5363 found in pkg 'libssl3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[9].vuln[7]", + "description": "CVE-2024-5535 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 8, + "ref": "$.result.packages[9].vuln[8]", + "description": "CVE-2024-4741 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 13, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[13].vuln[4]", + "description": "CVE-2022-48174 found in pkg 'ssl_client:1.36.0-r9'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[19].vuln[0]", + "description": "CVE-2024-6197 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[19].vuln[1]", + "description": "CVE-2024-6874 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[19].vuln[4]", + "description": "CVE-2024-2398 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[19].vuln[5]", + "description": "CVE-2024-2466 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 9, + "ref": "$.result.packages[19].vuln[9]", + "description": "CVE-2023-38545 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[19].vuln[11]", + "description": "CVE-2023-38039 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[34].vuln[1]", + "description": "CVE-2024-0553 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[34].vuln[2]", + "description": "CVE-2024-0567 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[34].vuln[4]", + "description": "CVE-2024-28835 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[44].vuln[2]", + "description": "CVE-2023-38039 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[44].vuln[3]", + "description": "CVE-2023-38545 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[44].vuln[5]", + "description": "CVE-2024-6197 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[44].vuln[6]", + "description": "CVE-2024-6874 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 10, + "ref": "$.result.packages[44].vuln[10]", + "description": "CVE-2024-2398 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[44].vuln[11]", + "description": "CVE-2024-2466 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[46].vuln[0]", + "description": "CVE-2023-52425 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[46].vuln[2]", + "description": "CVE-2024-28757 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 65, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[65].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'nghttp2-libs:1.55.1-r0'" + }, + { + "pkgIndex": 67, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[67].vuln[0]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-common:9.3_p2-r0'" + }, + { + "pkgIndex": 68, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[68].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-default:9.3_p2-r0'" + }, + { + "pkgIndex": 69, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[69].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-keygen:9.3_p2-r0'" + }, + { + "pkgIndex": 75, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[75].vuln[0]", + "description": "CVE-2023-7104 found in pkg 'sqlite-libs:3.41.2-r2'" + }, + { + "pkgIndex": 151, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[151].vuln[0]", + "description": "CVE-2023-2976 found in pkg 'com.google.guava:guava:31.1-jre'" + }, + { + "pkgIndex": 167, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[167].vuln[0]", + "description": "CVE-2023-36478 found in pkg 'org.eclipse.jetty.http2:http2-hpack:10.0.13'" + }, + { + "pkgIndex": 168, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[168].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-server:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[169].vuln[0]", + "description": "CVE-2024-22201 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[169].vuln[1]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[196].vuln[1]", + "description": "CVE-2023-43496 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[196].vuln[3]", + "description": "CVE-2023-43498 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[196].vuln[4]", + "description": "CVE-2023-43497 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[196].vuln[5]", + "description": "CVE-2024-23898 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[196].vuln[6]", + "description": "CVE-2024-23897 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[203].vuln[1]", + "description": "CVE-2023-34034 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[203].vuln[3]", + "description": "CVE-2024-22257 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[207].vuln[0]", + "description": "CVE-2024-22243 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[207].vuln[1]", + "description": "CVE-2024-22262 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[207].vuln[2]", + "description": "CVE-2024-22259 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[207].vuln[3]", + "description": "CVE-2016-1000027 found in pkg 'org.springframework:spring-web:5.3.27'", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ] + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[229].vuln[0]", + "description": "CVE-2022-45688 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[229].vuln[1]", + "description": "CVE-2023-5072 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 234, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[234].vuln[0]", + "description": "CVE-2022-1471 found in pkg 'org.yaml:snakeyaml:1.33'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverity", + "extra": { + "level": "high" + } + } + ] + } + ], + "createdAt": "2023-02-08T12:19:19.250652Z", + "updatedAt": "2023-02-08T12:19:19.250652Z" + } + ], + "acceptedRiskTotal": 3, + "evaluationResult": "failed", + "createdAt": "2023-11-10T20:31:01.733406Z", + "updatedAt": "2023-11-10T20:31:01.733406Z" + }, + { + "name": "Dusko's policy", + "identifier": "duskos-policy", + "type": "alwaysApply", + "bundles": [ + { + "name": "Severe vulnerabilities with a Fix", + "identifier": "severe_vulnerabilities_with_a_fix", + "type": "predefined", + "rules": [ + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity greater than or equal high AND Network attack vector AND Fixable", + "failures": [ + { + "pkgIndex": 4, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[4].vuln[0]", + "description": "CVE-2022-48174 found in pkg 'busybox:1.36.0-r9'" + }, + { + "pkgIndex": 5, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[5].vuln[3]", + "description": "CVE-2022-48174 found in pkg 'busybox-binsh:1.36.0-r9'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[8].vuln[6]", + "description": "CVE-2024-5535 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[8].vuln[7]", + "description": "CVE-2024-4741 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 12, + "ref": "$.result.packages[8].vuln[12]", + "description": "CVE-2023-5363 found in pkg 'libcrypto3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[9].vuln[3]", + "description": "CVE-2023-5363 found in pkg 'libssl3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[9].vuln[7]", + "description": "CVE-2024-5535 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 8, + "ref": "$.result.packages[9].vuln[8]", + "description": "CVE-2024-4741 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 13, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[13].vuln[4]", + "description": "CVE-2022-48174 found in pkg 'ssl_client:1.36.0-r9'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[19].vuln[0]", + "description": "CVE-2024-6197 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[19].vuln[1]", + "description": "CVE-2024-6874 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[19].vuln[4]", + "description": "CVE-2024-2398 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[19].vuln[5]", + "description": "CVE-2024-2466 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 9, + "ref": "$.result.packages[19].vuln[9]", + "description": "CVE-2023-38545 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[19].vuln[11]", + "description": "CVE-2023-38039 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[34].vuln[1]", + "description": "CVE-2024-0553 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[34].vuln[2]", + "description": "CVE-2024-0567 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[34].vuln[4]", + "description": "CVE-2024-28835 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[44].vuln[2]", + "description": "CVE-2023-38039 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[44].vuln[3]", + "description": "CVE-2023-38545 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[44].vuln[5]", + "description": "CVE-2024-6197 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[44].vuln[6]", + "description": "CVE-2024-6874 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 10, + "ref": "$.result.packages[44].vuln[10]", + "description": "CVE-2024-2398 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[44].vuln[11]", + "description": "CVE-2024-2466 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[46].vuln[0]", + "description": "CVE-2023-52425 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[46].vuln[2]", + "description": "CVE-2024-28757 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 65, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[65].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'nghttp2-libs:1.55.1-r0'" + }, + { + "pkgIndex": 67, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[67].vuln[0]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-common:9.3_p2-r0'" + }, + { + "pkgIndex": 68, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[68].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-default:9.3_p2-r0'" + }, + { + "pkgIndex": 69, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[69].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-keygen:9.3_p2-r0'" + }, + { + "pkgIndex": 75, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[75].vuln[0]", + "description": "CVE-2023-7104 found in pkg 'sqlite-libs:3.41.2-r2'" + }, + { + "pkgIndex": 167, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[167].vuln[0]", + "description": "CVE-2023-36478 found in pkg 'org.eclipse.jetty.http2:http2-hpack:10.0.13'" + }, + { + "pkgIndex": 168, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[168].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-server:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[169].vuln[0]", + "description": "CVE-2024-22201 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[169].vuln[1]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[196].vuln[1]", + "description": "CVE-2023-43496 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[196].vuln[3]", + "description": "CVE-2023-43498 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[196].vuln[4]", + "description": "CVE-2023-43497 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[196].vuln[5]", + "description": "CVE-2024-23898 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[196].vuln[6]", + "description": "CVE-2024-23897 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[203].vuln[1]", + "description": "CVE-2023-34034 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[203].vuln[3]", + "description": "CVE-2024-22257 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[207].vuln[0]", + "description": "CVE-2024-22243 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[207].vuln[1]", + "description": "CVE-2024-22262 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[207].vuln[2]", + "description": "CVE-2024-22259 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[207].vuln[3]", + "description": "CVE-2016-1000027 found in pkg 'org.springframework:spring-web:5.3.27'", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ] + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[229].vuln[0]", + "description": "CVE-2022-45688 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[229].vuln[1]", + "description": "CVE-2023-5072 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 234, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[234].vuln[0]", + "description": "CVE-2022-1471 found in pkg 'org.yaml:snakeyaml:1.33'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverity", + "extra": { + "level": "high" + } + }, + { + "type": "vulnExploitableViaNetwork" + }, + { + "type": "vulnIsFixable" + } + ] + }, + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity equal high AND Fixable since 30 days", + "failures": [ + { + "pkgIndex": 8, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[8].vuln[7]", + "description": "CVE-2024-4741 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 12, + "ref": "$.result.packages[8].vuln[12]", + "description": "CVE-2023-5363 found in pkg 'libcrypto3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[9].vuln[3]", + "description": "CVE-2023-5363 found in pkg 'libssl3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 8, + "ref": "$.result.packages[9].vuln[8]", + "description": "CVE-2024-4741 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[19].vuln[4]", + "description": "CVE-2024-2398 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[19].vuln[5]", + "description": "CVE-2024-2466 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[19].vuln[11]", + "description": "CVE-2023-38039 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[34].vuln[1]", + "description": "CVE-2024-0553 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[34].vuln[2]", + "description": "CVE-2024-0567 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[44].vuln[2]", + "description": "CVE-2023-38039 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 10, + "ref": "$.result.packages[44].vuln[10]", + "description": "CVE-2024-2398 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[44].vuln[11]", + "description": "CVE-2024-2466 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[46].vuln[0]", + "description": "CVE-2023-52425 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[46].vuln[2]", + "description": "CVE-2024-28757 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 65, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[65].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'nghttp2-libs:1.55.1-r0'" + }, + { + "pkgIndex": 75, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[75].vuln[0]", + "description": "CVE-2023-7104 found in pkg 'sqlite-libs:3.41.2-r2'" + }, + { + "pkgIndex": 151, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[151].vuln[0]", + "description": "CVE-2023-2976 found in pkg 'com.google.guava:guava:31.1-jre'" + }, + { + "pkgIndex": 167, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[167].vuln[0]", + "description": "CVE-2023-36478 found in pkg 'org.eclipse.jetty.http2:http2-hpack:10.0.13'" + }, + { + "pkgIndex": 168, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[168].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-server:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[169].vuln[0]", + "description": "CVE-2024-22201 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[169].vuln[1]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[196].vuln[1]", + "description": "CVE-2023-43496 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[196].vuln[3]", + "description": "CVE-2023-43498 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[196].vuln[4]", + "description": "CVE-2023-43497 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[196].vuln[5]", + "description": "CVE-2024-23898 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[203].vuln[3]", + "description": "CVE-2024-22257 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[229].vuln[0]", + "description": "CVE-2022-45688 found in pkg 'org.json:json:20220924'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverityEquals", + "extra": { + "level": "high" + } + }, + { + "type": "vulnIsFixableWithAge", + "extra": { + "age": 30 + } + } + ] + }, + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity equal critical AND Fixable", + "failures": [ + { + "pkgIndex": 4, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[4].vuln[0]", + "description": "CVE-2022-48174 found in pkg 'busybox:1.36.0-r9'" + }, + { + "pkgIndex": 5, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[5].vuln[3]", + "description": "CVE-2022-48174 found in pkg 'busybox-binsh:1.36.0-r9'" + }, + { + "pkgIndex": 13, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[13].vuln[4]", + "description": "CVE-2022-48174 found in pkg 'ssl_client:1.36.0-r9'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 9, + "ref": "$.result.packages[19].vuln[9]", + "description": "CVE-2023-38545 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[34].vuln[4]", + "description": "CVE-2024-28835 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[44].vuln[3]", + "description": "CVE-2023-38545 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[196].vuln[6]", + "description": "CVE-2024-23897 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[203].vuln[1]", + "description": "CVE-2023-34034 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[207].vuln[0]", + "description": "CVE-2024-22243 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[207].vuln[1]", + "description": "CVE-2024-22262 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[207].vuln[2]", + "description": "CVE-2024-22259 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[207].vuln[3]", + "description": "CVE-2016-1000027 found in pkg 'org.springframework:spring-web:5.3.27'", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ] + }, + { + "pkgIndex": 234, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[234].vuln[0]", + "description": "CVE-2022-1471 found in pkg 'org.yaml:snakeyaml:1.33'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverityEquals", + "extra": { + "level": "critical" + } + }, + { + "type": "vulnIsFixable" + } + ] + } + ], + "createdAt": "2022-01-17T10:54:14.571304Z", + "updatedAt": "2022-01-17T10:54:14.571304Z" + }, + { + "name": "PCI DSS (Payment Card Industry Data Security Standard) v3.2.1", + "identifier": "pci-dss-v3-2-1", + "type": "predefined", + "rules": [ + { + "ruleType": "imageConfigDefaultUser", + "failureType": "imageConfigFailure", + "description": "User is root", + "evaluationResult": "passed", + "predicates": [ + { + "type": "imageConfigDefaultUserIsRoot" + } + ] + }, + { + "ruleType": "vulnSeverityAndThreats", + "failureType": "pkgVulnFailure", + "description": "Severity greater than or equal high", + "failures": [ + { + "pkgIndex": 4, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[4].vuln[0]", + "description": "CVE-2022-48174 found in pkg 'busybox:1.36.0-r9'" + }, + { + "pkgIndex": 5, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[5].vuln[3]", + "description": "CVE-2022-48174 found in pkg 'busybox-binsh:1.36.0-r9'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[8].vuln[6]", + "description": "CVE-2024-5535 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[8].vuln[7]", + "description": "CVE-2024-4741 found in pkg 'libcrypto3:3.1.0-r4'" + }, + { + "pkgIndex": 8, + "vulnInPkgIndex": 12, + "ref": "$.result.packages[8].vuln[12]", + "description": "CVE-2023-5363 found in pkg 'libcrypto3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[9].vuln[3]", + "description": "CVE-2023-5363 found in pkg 'libssl3:3.1.0-r4'", + "acceptedRisks": [ + { + "index": 1, + "ref": "$.result.riskAcceptanceDefinitions[1]", + "id": "17e39f122360b308e17b897ccb031ba4" + } + ] + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 7, + "ref": "$.result.packages[9].vuln[7]", + "description": "CVE-2024-5535 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 9, + "vulnInPkgIndex": 8, + "ref": "$.result.packages[9].vuln[8]", + "description": "CVE-2024-4741 found in pkg 'libssl3:3.1.0-r4'" + }, + { + "pkgIndex": 13, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[13].vuln[4]", + "description": "CVE-2022-48174 found in pkg 'ssl_client:1.36.0-r9'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[19].vuln[0]", + "description": "CVE-2024-6197 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[19].vuln[1]", + "description": "CVE-2024-6874 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[19].vuln[4]", + "description": "CVE-2024-2398 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[19].vuln[5]", + "description": "CVE-2024-2466 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 9, + "ref": "$.result.packages[19].vuln[9]", + "description": "CVE-2023-38545 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 19, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[19].vuln[11]", + "description": "CVE-2023-38039 found in pkg 'curl:8.2.1-r0'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[34].vuln[1]", + "description": "CVE-2024-0553 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[34].vuln[2]", + "description": "CVE-2024-0567 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 34, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[34].vuln[4]", + "description": "CVE-2024-28835 found in pkg 'gnutls:3.8.0-r2'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[44].vuln[2]", + "description": "CVE-2023-38039 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[44].vuln[3]", + "description": "CVE-2023-38545 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[44].vuln[5]", + "description": "CVE-2024-6197 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[44].vuln[6]", + "description": "CVE-2024-6874 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 10, + "ref": "$.result.packages[44].vuln[10]", + "description": "CVE-2024-2398 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 44, + "vulnInPkgIndex": 11, + "ref": "$.result.packages[44].vuln[11]", + "description": "CVE-2024-2466 found in pkg 'libcurl:8.2.1-r0'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[46].vuln[0]", + "description": "CVE-2023-52425 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 46, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[46].vuln[2]", + "description": "CVE-2024-28757 found in pkg 'libexpat:2.5.0-r1'" + }, + { + "pkgIndex": 65, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[65].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'nghttp2-libs:1.55.1-r0'" + }, + { + "pkgIndex": 67, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[67].vuln[0]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-common:9.3_p2-r0'" + }, + { + "pkgIndex": 68, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[68].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-client-default:9.3_p2-r0'" + }, + { + "pkgIndex": 69, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[69].vuln[1]", + "description": "CVE-2024-6387 found in pkg 'openssh-keygen:9.3_p2-r0'" + }, + { + "pkgIndex": 75, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[75].vuln[0]", + "description": "CVE-2023-7104 found in pkg 'sqlite-libs:3.41.2-r2'" + }, + { + "pkgIndex": 151, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[151].vuln[0]", + "description": "CVE-2023-2976 found in pkg 'com.google.guava:guava:31.1-jre'" + }, + { + "pkgIndex": 167, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[167].vuln[0]", + "description": "CVE-2023-36478 found in pkg 'org.eclipse.jetty.http2:http2-hpack:10.0.13'" + }, + { + "pkgIndex": 168, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[168].vuln[0]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-server:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[169].vuln[0]", + "description": "CVE-2024-22201 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 169, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[169].vuln[1]", + "description": "CVE-2023-44487 found in pkg 'org.eclipse.jetty.http2:http2-common:10.0.13'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[196].vuln[1]", + "description": "CVE-2023-43496 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[196].vuln[3]", + "description": "CVE-2023-43498 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 4, + "ref": "$.result.packages[196].vuln[4]", + "description": "CVE-2023-43497 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 5, + "ref": "$.result.packages[196].vuln[5]", + "description": "CVE-2024-23898 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 196, + "vulnInPkgIndex": 6, + "ref": "$.result.packages[196].vuln[6]", + "description": "CVE-2024-23897 found in pkg 'org.jenkins-ci.main:jenkins-core:2.401.1'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[203].vuln[1]", + "description": "CVE-2023-34034 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 203, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[203].vuln[3]", + "description": "CVE-2024-22257 found in pkg 'org.springframework.security:spring-security-core:5.8.2'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[207].vuln[0]", + "description": "CVE-2024-22243 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[207].vuln[1]", + "description": "CVE-2024-22262 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 2, + "ref": "$.result.packages[207].vuln[2]", + "description": "CVE-2024-22259 found in pkg 'org.springframework:spring-web:5.3.27'" + }, + { + "pkgIndex": 207, + "vulnInPkgIndex": 3, + "ref": "$.result.packages[207].vuln[3]", + "description": "CVE-2016-1000027 found in pkg 'org.springframework:spring-web:5.3.27'", + "acceptedRisks": [ + { + "index": 0, + "ref": "$.result.riskAcceptanceDefinitions[0]", + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23" + } + ] + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[229].vuln[0]", + "description": "CVE-2022-45688 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 229, + "vulnInPkgIndex": 1, + "ref": "$.result.packages[229].vuln[1]", + "description": "CVE-2023-5072 found in pkg 'org.json:json:20220924'" + }, + { + "pkgIndex": 234, + "vulnInPkgIndex": 0, + "ref": "$.result.packages[234].vuln[0]", + "description": "CVE-2022-1471 found in pkg 'org.yaml:snakeyaml:1.33'" + } + ], + "evaluationResult": "failed", + "predicates": [ + { + "type": "vulnSeverity", + "extra": { + "level": "high" + } + } + ] + }, + { + "ruleType": "imageConfigSensitiveInformationAndSecrets", + "failureType": "imageConfigFailure", + "description": "Forbid sensitive information and secrets in the image metadata", + "evaluationResult": "passed", + "predicates": [ + { + "type": "imageConfigSensitiveInformationAndSecrets" + } + ] + } + ], + "createdAt": "2023-02-08T12:19:19.250652Z", + "updatedAt": "2023-02-08T12:19:19.250652Z" + } + ], + "acceptedRiskTotal": 9, + "evaluationResult": "failed", + "createdAt": "2024-02-07T08:16:42.93169Z", + "updatedAt": "2024-02-07T08:16:42.93169Z" + } + ], + "policyEvaluationsResult": "failed", + "riskAcceptanceDefinitions": [ + { + "id": "17e0a8b60c95b6f0d20d3ea7906c1b23", + "entityType": "vulnerability", + "entityValue": "CVE-2016-1000027", + "context": [], + "status": "active", + "reason": "RiskOwned", + "description": "Lugo", + "expirationDate": "2024-08-08", + "createdAt": "2024-07-09T21:29:17.504182Z", + "updatedAt": "2024-07-09T21:29:17.504182Z" + }, + { + "id": "17e39f122360b308e17b897ccb031ba4", + "entityType": "vulnerability", + "entityValue": "CVE-2023-5363", + "context": [], + "status": "active", + "reason": "RiskOwned", + "description": "test", + "expirationDate": "2024-08-18", + "createdAt": "2024-07-19T13:06:22.837429Z", + "updatedAt": "2024-07-19T13:06:22.837429Z" + } + ] + } +} + diff --git a/tests/index.test.ts b/tests/index.test.ts index e3748b7..ab9a356 100644 --- a/tests/index.test.ts +++ b/tests/index.test.ts @@ -314,8 +314,6 @@ describe("process scan results", () => { }); it("handles error on invalid JSON", async () => { - // core.error = jest.fn(); - let scanResult = { ReturnCode: 0, Output: 'invalid JSON', diff --git a/tests/layered-summary.test.ts b/tests/layered-summary.test.ts new file mode 100644 index 0000000..6b75d80 --- /dev/null +++ b/tests/layered-summary.test.ts @@ -0,0 +1,26 @@ +import fs from "fs"; + + +describe("layered summary", () => { + + beforeAll(async () => { + await createReportFileIfNotExists(); + }); +}); + +async function createReportFileIfNotExists() { + const summary_file = process.env.GITHUB_STEP_SUMMARY || "/tmp/github_summary.html"; + const promise = new Promise((resolve, reject) => { + if (fs.existsSync(summary_file)) { + return resolve(undefined); + } + fs.writeFile(summary_file, "", (err) => { + if (err == null) { + return resolve(undefined); + } + return reject(err); + }); + }); + + return promise; +}