From ef40a6e696e94dbe747847517d62cd885e82820c Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Wed, 29 Oct 2025 13:36:10 +0100 Subject: [PATCH 01/12] Add OpenReports import support --- dojo/tools/openreports/__init__.py | 0 dojo/tools/openreports/parser.py | 190 + openreports.json | 9323 +++++++++++++++++ .../openreports/openreports_list_format.json | 113 + .../openreports/openreports_no_results.json | 36 + .../openreports_single_report.json | 66 + unittests/tools/test_openreports_parser.py | 83 + 7 files changed, 9811 insertions(+) create mode 100644 dojo/tools/openreports/__init__.py create mode 100644 dojo/tools/openreports/parser.py create mode 100644 openreports.json create mode 100644 unittests/scans/openreports/openreports_list_format.json create mode 100644 unittests/scans/openreports/openreports_no_results.json create mode 100644 unittests/scans/openreports/openreports_single_report.json create mode 100644 unittests/tools/test_openreports_parser.py diff --git a/dojo/tools/openreports/__init__.py b/dojo/tools/openreports/__init__.py new file mode 100644 index 00000000000..e69de29bb2d diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py new file mode 100644 index 00000000000..b826d2c3add --- /dev/null +++ b/dojo/tools/openreports/parser.py @@ -0,0 +1,190 @@ +"""Parser for OpenReports (https://github.com/openreports/reports-api) vulnerability scan reports""" + +import json +import logging + +from dojo.models import Finding + +logger = logging.getLogger(__name__) + + +OPENREPORTS_SEVERITIES = { + "critical": "Critical", + "high": "High", + "medium": "Medium", + "low": "Low", + "info": "Info", +} + +DESCRIPTION_TEMPLATE = """{message} + +**Category:** {category} +**Policy:** {policy} +**Result:** {result} +**Source:** {source} +**Package Name:** {pkg_name} +**Installed Version:** {installed_version} +**Fixed Version:** {fixed_version} +**Primary URL:** {primary_url} +""" + + +class OpenreportsParser: + def get_scan_types(self): + return ["OpenReports Scan"] + + def get_label_for_scan_types(self, scan_type): + return "OpenReports Scan" + + def get_description_for_scan_types(self, scan_type): + return "Import OpenReports JSON scan report." + + def get_findings(self, scan_file, test): + scan_data = scan_file.read() + + try: + data = json.loads(str(scan_data, "utf-8")) + except Exception: + data = json.loads(scan_data) + + if data is None: + return [] + + findings = [] + + # Handle both single report and list of reports + reports = [] + if isinstance(data, dict): + # Check if it's a Kubernetes List object + if data.get("kind") == "List" and "items" in data: + reports = data["items"] + # Check if it's a single Report object + elif data.get("kind") == "Report": + reports = [data] + elif isinstance(data, list): + reports = data + + for report in reports: + if not isinstance(report, dict) or report.get("kind") != "Report": + continue + + findings.extend(self._parse_report(test, report)) + + return findings + + def _parse_report(self, test, report): + findings = [] + + # Extract metadata + metadata = report.get("metadata", {}) + report_name = metadata.get("name", "") + namespace = metadata.get("namespace", "") + + # Extract scope information + scope = report.get("scope", {}) + scope_kind = scope.get("kind", "") + scope_name = scope.get("name", "") + + # Create service identifier from scope and metadata + service_name = f"{namespace}/{scope_kind}/{scope_name}" if namespace else f"{scope_kind}/{scope_name}" + + # Extract results + results = report.get("results", []) + + for result in results: + if not isinstance(result, dict): + continue + + finding = self._create_finding_from_result(test, result, service_name, report_name) + if finding: + findings.append(finding) + + return findings + + def _create_finding_from_result(self, test, result, service_name, report_name): + try: + # Extract basic fields + message = result.get("message", "") + category = result.get("category", "") + policy = result.get("policy", "") + result_status = result.get("result", "") + severity = result.get("severity", "info").lower() + source = result.get("source", "") + + # Extract properties + properties = result.get("properties", {}) + pkg_name = properties.get("pkgName", "") + installed_version = properties.get("installedVersion", "") + fixed_version = properties.get("fixedVersion", "") + primary_url = properties.get("primaryURL", "") + + # Convert severity to DefectDojo format + severity_normalized = OPENREPORTS_SEVERITIES.get(severity, "Info") + + # Create title + if policy.startswith("CVE-"): + title = f"{policy} in {pkg_name}" + else: + title = f"{policy}: {message}" + + # Create description + description = DESCRIPTION_TEMPLATE.format( + message=message, + category=category, + policy=policy, + result=result_status, + source=source, + pkg_name=pkg_name, + installed_version=installed_version, + fixed_version=fixed_version, + primary_url=primary_url, + ) + + # Determine if fix is available + fix_available = bool(fixed_version and fixed_version.strip()) + + # Set mitigation based on fixed version + mitigation = f"Upgrade to version: {fixed_version}" if fixed_version else "" + + # Set references + references = primary_url if primary_url else "" + + # Determine active status based on result + active = result_status not in ["skip", "pass"] + verified = result_status in ["fail", "warn"] + + # Create tags + tags = [category, source] + if scope_kind := service_name.split("/")[1] if "/" in service_name else "": + tags.append(scope_kind) + + finding = Finding( + test=test, + title=title, + description=description, + severity=severity_normalized, + references=references, + mitigation=mitigation, + component_name=pkg_name, + component_version=installed_version, + service=service_name, + active=active, + verified=verified, + static_finding=True, + dynamic_finding=False, + fix_available=fix_available, + tags=tags, + ) + + # Add vulnerability ID if it's a CVE + if policy.startswith("CVE-"): + finding.unsaved_vulnerability_ids = [policy] + + return finding + + except KeyError as exc: + logger.warning("Failed to parse OpenReports result due to missing key: %r", exc) + return None + except Exception as exc: + logger.warning("Failed to parse OpenReports result: %r", exc) + return None diff --git a/openreports.json b/openreports.json new file mode 100644 index 00000000000..0fc35b49ea9 --- /dev/null +++ b/openreports.json @@ -0,0 +1,9323 @@ +{ + "apiVersion": "v1", + "items": [ + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:09Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-aks-istio-ingressgateway-external-asm-1-27-istio-proxy-1baf4", + "namespace": "aks-istio-ingress", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-aks-istio-ingressgateway-external-asm-1-27-istio-proxy-1baf4", + "uid": "7e1b2064-4fb2-48fe-b85b-823fad65a75c" + } + ], + "resourceVersion": "4269324", + "uid": "ae0fd799-6703-470f-8c6c-c159cce09fbc" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "policy": "CVE-2025-4802", + "properties": { + "fixedVersion": "2.38-13.azl3", + "installedVersion": "2.38-11.azl3", + "pkgName": "glibc", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "aks-istio-ingressgateway-external-asm-1-27", + "uid": "2b792469-162b-42f6-805a-1f6136b1205a" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 2 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-28T15:04:47Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-istiod-asm-1-27-discovery-78feb", + "namespace": "aks-istio-system", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-istiod-asm-1-27-discovery-78feb", + "uid": "764555b7-4b4a-46ef-8c9e-01aca54352c9" + } + ], + "resourceVersion": "5113337", + "uid": "9e2604c4-27dd-4f0a-8fb7-8aa832024d87" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "policy": "CVE-2025-4802", + "properties": { + "fixedVersion": "2.38-13.azl3", + "installedVersion": "2.38-11.azl3", + "pkgName": "glibc", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.3.5-1.azl3", + "installedVersion": "3.3.3-2.azl3", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "istiod-asm-1-27", + "uid": "d2f99f17-4405-44e0-a516-f89beb4c1b6b" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 2 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:22Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-kiali-kiali-774cc", + "namespace": "aks-istio-system", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-kiali-kiali-774cc", + "uid": "5815ee53-460e-42a1-8187-238f246562da" + } + ], + "resourceVersion": "4269493", + "uid": "3a38bbf1-0942-4277-a8cb-aec2d7bb0e89" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "policy": "CVE-2022-27943", + "properties": { + "installedVersion": "11.5.0-5.el9_5", + "pkgName": "libgcc", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.2-10.20210508.el9_6.2", + "pkgName": "ncurses-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.2-10.20210508.el9_6.2", + "pkgName": "ncurses-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in ECDSA signature computation", + "policy": "CVE-2024-13176", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-13176" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in ECDSA signature computation", + "policy": "CVE-2024-13176", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-13176" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop", + "policy": "CVE-2022-41409", + "properties": { + "installedVersion": "10.40-6.el9", + "pkgName": "pcre2", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41409" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop", + "policy": "CVE-2022-41409", + "properties": { + "installedVersion": "10.40-6.el9", + "pkgName": "pcre2-syntax", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41409" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", + "policy": "CVE-2025-5278", + "properties": { + "installedVersion": "8.32-39.el9", + "pkgName": "coreutils-single", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "installedVersion": "1:3.2.2-6.el9_5.1", + "pkgName": "openssl-libs", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "policy": "CVE-2025-22874", + "properties": { + "fixedVersion": "1.24.4", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "kiali", + "uid": "f0bfdac3-d811-468a-a919-f074bb4d3291" + }, + "summary": { + "fail": 2, + "skip": 0, + "warn": 17 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:25:41Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-argocd-applicationset-controller-applicationset-controller-bd026", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-argocd-applicationset-controller-applicationset-controller-bd026", + "uid": "9b1e4cef-40d6-468a-8e90-6cb2936faac0" + } + ], + "resourceVersion": "4269003", + "uid": "e120e493-9fc3-43ad-928d-a25046d64846" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "coreutils: Non-privileged session can escape to the parent session in chroot", + "policy": "CVE-2016-2781", + "properties": { + "installedVersion": "9.4-3ubuntu6.1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "dirmngr", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", + "policy": "CVE-2025-4563", + "properties": { + "fixedVersion": "1.32.6, 1.33.2", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", + "policy": "CVE-2025-0167", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: predictable WebSocket mask", + "policy": "CVE-2025-10148", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: libcurl: Curl out of bounds read for cookie path", + "policy": "CVE-2025-9086", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: vulnerable to Marvin Attack", + "policy": "CVE-2024-2236", + "properties": { + "installedVersion": "1.10.3-2build1", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", + "policy": "CVE-2025-8114", + "properties": { + "installedVersion": "0.10.6-2ubuntu0.1", + "pkgName": "libssh-4", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", + "policy": "CVE-2018-6952", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Invalid Pointer via another_hunk function", + "policy": "CVE-2021-45261", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git-man", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", + "policy": "CVE-2025-5187", + "properties": { + "fixedVersion": "1.31.12, 1.32.8, 1.33.4", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "policy": "CVE-2024-45336", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", + "policy": "CVE-2024-45341", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "policy": "CVE-2025-22866", + "properties": { + "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "policy": "CVE-2025-22871", + "properties": { + "fixedVersion": "1.23.8, 1.24.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "tar: Tar path traversal", + "policy": "CVE-2025-45582", + "properties": { + "installedVersion": "1.35+dfsg-3build1", + "pkgName": "tar", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "argocd-applicationset-controller", + "uid": "40cba690-e41d-4d45-b83c-2db3f7aa79b3" + }, + "summary": { + "fail": 2, + "skip": 0, + "warn": 36 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:27:12Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-argocd-dex-server-dex-server-f6746", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-argocd-dex-server-dex-server-f6746", + "uid": "17eca175-73b1-43f2-b102-512ae93978fa" + } + ], + "resourceVersion": "4270027", + "uid": "4a18aa4f-d3eb-4980-b52a-7698687e6203" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: CrossOriginProtection bypass in net/http", + "policy": "CVE-2025-47910", + "properties": { + "fixedVersion": "1.25.1", + "installedVersion": "v1.25.0", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: CrossOriginProtection bypass in net/http", + "policy": "CVE-2025-47910", + "properties": { + "fixedVersion": "1.25.1", + "installedVersion": "v1.25.0", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "argocd-dex-server", + "uid": "3182cbc5-1d65-4933-be4b-699569f017dc" + }, + "summary": { + "fail": 1, + "skip": 0, + "warn": 9 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:25:43Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-argocd-notifications-controller-notifications-controller-bd026", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-argocd-notifications-controller-notifications-controller-bd026", + "uid": "a94a0e98-64c4-4edb-ab52-a08e06ecd71e" + } + ], + "resourceVersion": "4269032", + "uid": "f2e37b89-2a1a-4dee-b61d-0bf40d0e7bfc" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "coreutils: Non-privileged session can escape to the parent session in chroot", + "policy": "CVE-2016-2781", + "properties": { + "installedVersion": "9.4-3ubuntu6.1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "dirmngr", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", + "policy": "CVE-2025-4563", + "properties": { + "fixedVersion": "1.32.6, 1.33.2", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", + "policy": "CVE-2025-0167", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: predictable WebSocket mask", + "policy": "CVE-2025-10148", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: libcurl: Curl out of bounds read for cookie path", + "policy": "CVE-2025-9086", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: vulnerable to Marvin Attack", + "policy": "CVE-2024-2236", + "properties": { + "installedVersion": "1.10.3-2build1", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", + "policy": "CVE-2025-8114", + "properties": { + "installedVersion": "0.10.6-2ubuntu0.1", + "pkgName": "libssh-4", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", + "policy": "CVE-2018-6952", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Invalid Pointer via another_hunk function", + "policy": "CVE-2021-45261", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git-man", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", + "policy": "CVE-2025-5187", + "properties": { + "fixedVersion": "1.31.12, 1.32.8, 1.33.4", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "policy": "CVE-2024-45336", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", + "policy": "CVE-2024-45341", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "policy": "CVE-2025-22866", + "properties": { + "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "policy": "CVE-2025-22871", + "properties": { + "fixedVersion": "1.23.8, 1.24.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "tar: Tar path traversal", + "policy": "CVE-2025-45582", + "properties": { + "installedVersion": "1.35+dfsg-3build1", + "pkgName": "tar", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "argocd-notifications-controller", + "uid": "69187687-6e71-469e-b417-6eee66481217" + }, + "summary": { + "fail": 2, + "skip": 0, + "warn": 36 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:25:40Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-argocd-redis-redis-17c31", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-argocd-redis-redis-17c31", + "uid": "43bd69c3-36c3-45de-8af7-f97fbecc145d" + } + ], + "resourceVersion": "4268996", + "uid": "bebb81fc-d47d-4b20-85b1-b203fadc368a" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.3.5-r0", + "installedVersion": "3.3.3-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.3.5-r0", + "installedVersion": "3.3.3-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/tls: session tickets lack random ticket_age_add", + "policy": "CVE-2022-30629", + "properties": { + "fixedVersion": "1.17.11, 1.18.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30629" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.3.5-r0", + "installedVersion": "3.3.3-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.3.5-r0", + "installedVersion": "3.3.3-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.3.5-r0", + "installedVersion": "3.3.3-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.3.5-r0", + "installedVersion": "3.3.3-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: improper sanitization of Transfer-Encoding header", + "policy": "CVE-2022-1705", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-1705" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: go/parser: stack exhaustion in all Parse* functions", + "policy": "CVE-2022-1962", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-1962" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", + "policy": "CVE-2022-32148", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-32148" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", + "policy": "CVE-2022-41717", + "properties": { + "fixedVersion": "1.18.9, 1.19.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", + "policy": "CVE-2023-24532", + "properties": { + "fixedVersion": "1.19.7, 1.20.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: insufficient sanitization of Host header", + "policy": "CVE-2023-29406", + "properties": { + "fixedVersion": "1.19.11, 1.20.6", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", + "policy": "CVE-2023-29409", + "properties": { + "fixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: html/template: improper handling of HTML-like comments within script contexts", + "policy": "CVE-2023-39318", + "properties": { + "fixedVersion": "1.20.8, 1.21.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: html/template: improper handling of special tags within script contexts", + "policy": "CVE-2023-39319", + "properties": { + "fixedVersion": "1.20.8, 1.21.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", + "policy": "CVE-2023-39326", + "properties": { + "fixedVersion": "1.20.12, 1.21.5", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "On Windows, The IsLocal function does not correctly detect reserved de ...", + "policy": "CVE-2023-45284", + "properties": { + "fixedVersion": "1.20.11, 1.21.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", + "policy": "CVE-2023-45289", + "properties": { + "fixedVersion": "1.21.8, 1.22.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", + "policy": "CVE-2023-45290", + "properties": { + "fixedVersion": "1.21.8, 1.22.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", + "policy": "CVE-2024-24783", + "properties": { + "fixedVersion": "1.21.8, 1.22.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/mail: comments in display names are incorrectly handled", + "policy": "CVE-2024-24784", + "properties": { + "fixedVersion": "1.21.8, 1.22.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", + "policy": "CVE-2024-24785", + "properties": { + "fixedVersion": "1.21.8, 1.22.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: archive/zip: Incorrect handling of certain ZIP files", + "policy": "CVE-2024-24789", + "properties": { + "fixedVersion": "1.21.11, 1.22.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Denial of service due to improper 100-continue handling in net/http", + "policy": "CVE-2024-24791", + "properties": { + "fixedVersion": "1.21.12, 1.22.5", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", + "policy": "CVE-2024-34155", + "properties": { + "fixedVersion": "1.22.7, 1.23.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", + "policy": "CVE-2024-34158", + "properties": { + "fixedVersion": "1.22.7, 1.23.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "policy": "CVE-2024-45336", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", + "policy": "CVE-2024-45341", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "policy": "CVE-2025-22866", + "properties": { + "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "policy": "CVE-2025-22871", + "properties": { + "fixedVersion": "1.23.8, 1.24.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: handle server errors after sending GOAWAY", + "policy": "CVE-2022-27664", + "properties": { + "fixedVersion": "1.18.6, 1.19.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: encoding/xml: stack exhaustion in Decoder.Skip", + "policy": "CVE-2022-28131", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-28131" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers", + "policy": "CVE-2022-2879", + "properties": { + "fixedVersion": "1.18.7, 1.19.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-2879" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", + "policy": "CVE-2022-2880", + "properties": { + "fixedVersion": "1.18.7, 1.19.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-2880" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", + "policy": "CVE-2022-29804", + "properties": { + "fixedVersion": "1.17.11, 1.18.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-29804" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: os/exec: Code injection in Cmd.Start", + "policy": "CVE-2022-30580", + "properties": { + "fixedVersion": "1.17.11, 1.18.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30580" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: io/fs: stack exhaustion in Glob", + "policy": "CVE-2022-30630", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30630" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: compress/gzip: stack exhaustion in Reader.Read", + "policy": "CVE-2022-30631", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30631" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: path/filepath: stack exhaustion in Glob", + "policy": "CVE-2022-30632", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30632" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: encoding/xml: stack exhaustion in Unmarshal", + "policy": "CVE-2022-30633", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30633" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", + "policy": "CVE-2022-30634", + "properties": { + "fixedVersion": "1.17.11, 1.18.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30634" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: encoding/gob: stack exhaustion in Decoder.Decode", + "policy": "CVE-2022-30635", + "properties": { + "fixedVersion": "1.17.12, 1.18.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30635" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", + "policy": "CVE-2022-32189", + "properties": { + "fixedVersion": "1.17.13, 1.18.5", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-32189" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: regexp/syntax: limit memory used by parsing regexps", + "policy": "CVE-2022-41715", + "properties": { + "fixedVersion": "1.18.7, 1.19.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41715" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Due to unsanitized NUL values, attackers may be able to maliciously se ...", + "policy": "CVE-2022-41716", + "properties": { + "fixedVersion": "1.18.8, 1.19.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41716" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows", + "policy": "CVE-2022-41720", + "properties": { + "fixedVersion": "1.18.9, 1.19.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41720" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: path/filepath: path-filepath filepath.Clean path traversal", + "policy": "CVE-2022-41722", + "properties": { + "fixedVersion": "1.19.6, 1.20.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", + "policy": "CVE-2022-41723", + "properties": { + "fixedVersion": "1.19.6, 1.20.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/tls: large handshake records may cause panics", + "policy": "CVE-2022-41724", + "properties": { + "fixedVersion": "1.19.6, 1.20.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", + "policy": "CVE-2022-41725", + "properties": { + "fixedVersion": "1.19.6, 1.20.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http, net/textproto: denial of service from excessive memory allocation", + "policy": "CVE-2023-24534", + "properties": { + "fixedVersion": "1.19.8, 1.20.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", + "policy": "CVE-2023-24536", + "properties": { + "fixedVersion": "1.19.8, 1.20.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: go/parser: Infinite loop in parsing", + "policy": "CVE-2023-24537", + "properties": { + "fixedVersion": "1.19.8, 1.20.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: html/template: improper sanitization of CSS values", + "policy": "CVE-2023-24539", + "properties": { + "fixedVersion": "1.19.9, 1.20.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: html/template: improper handling of empty HTML attributes", + "policy": "CVE-2023-29400", + "properties": { + "fixedVersion": "1.19.9, 1.20.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: runtime: unexpected behavior of setuid/setgid binaries", + "policy": "CVE-2023-29403", + "properties": { + "fixedVersion": "1.19.10, 1.20.5", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", + "policy": "CVE-2023-39325", + "properties": { + "fixedVersion": "1.20.10, 1.21.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", + "policy": "CVE-2023-45283", + "properties": { + "fixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", + "policy": "CVE-2023-45287", + "properties": { + "fixedVersion": "1.20.0", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", + "policy": "CVE-2023-45288", + "properties": { + "fixedVersion": "1.21.9, 1.22.2", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", + "policy": "CVE-2024-34156", + "properties": { + "fixedVersion": "1.22.7, 1.23.1", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: html/template: backticks not treated as string delimiters", + "policy": "CVE-2023-24538", + "properties": { + "fixedVersion": "1.19.8, 1.20.3", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538" + }, + "result": "fail", + "severity": "critical", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: html/template: improper handling of JavaScript whitespace", + "policy": "CVE-2023-24540", + "properties": { + "fixedVersion": "1.19.9, 1.20.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540" + }, + "result": "fail", + "severity": "critical", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", + "policy": "CVE-2024-24790", + "properties": { + "fixedVersion": "1.21.11, 1.22.4", + "installedVersion": "v1.18.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790" + }, + "result": "fail", + "severity": "critical", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "argocd-redis", + "uid": "8d1623a1-1675-4347-9bc4-e519117c1c02" + }, + "summary": { + "fail": 35, + "skip": 0, + "warn": 34 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-28T14:56:22Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-argocd-repo-server-kargo-cmp-1dc55", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-argocd-repo-server-kargo-cmp-1dc55", + "uid": "bfb59ce0-a430-44a9-8382-d39e331085dd" + } + ], + "resourceVersion": "5109246", + "uid": "662cff19-7651-4023-b6c6-29b9f4c2ff93" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "argocd-repo-server", + "uid": "df889860-ae62-4d65-b257-47527dfef994" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:27:23Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-argocd-repo-server-repo-server-bd026", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-argocd-repo-server-repo-server-bd026", + "uid": "eb2849bc-982d-4b6a-8e92-c9ace3281be7" + } + ], + "resourceVersion": "4270147", + "uid": "a91b33f9-b58c-4de4-a091-48b062e3b948" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "coreutils: Non-privileged session can escape to the parent session in chroot", + "policy": "CVE-2016-2781", + "properties": { + "installedVersion": "9.4-3ubuntu6.1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "dirmngr", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", + "policy": "CVE-2025-4563", + "properties": { + "fixedVersion": "1.32.6, 1.33.2", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", + "policy": "CVE-2025-0167", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: predictable WebSocket mask", + "policy": "CVE-2025-10148", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: libcurl: Curl out of bounds read for cookie path", + "policy": "CVE-2025-9086", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: vulnerable to Marvin Attack", + "policy": "CVE-2024-2236", + "properties": { + "installedVersion": "1.10.3-2build1", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", + "policy": "CVE-2025-8114", + "properties": { + "installedVersion": "0.10.6-2ubuntu0.1", + "pkgName": "libssh-4", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", + "policy": "CVE-2018-6952", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Invalid Pointer via another_hunk function", + "policy": "CVE-2021-45261", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git-man", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", + "policy": "CVE-2025-5187", + "properties": { + "fixedVersion": "1.31.12, 1.32.8, 1.33.4", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "policy": "CVE-2024-45336", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", + "policy": "CVE-2024-45341", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "policy": "CVE-2025-22866", + "properties": { + "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "policy": "CVE-2025-22871", + "properties": { + "fixedVersion": "1.23.8, 1.24.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "tar: Tar path traversal", + "policy": "CVE-2025-45582", + "properties": { + "installedVersion": "1.35+dfsg-3build1", + "pkgName": "tar", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "argocd-repo-server", + "uid": "df889860-ae62-4d65-b257-47527dfef994" + }, + "summary": { + "fail": 2, + "skip": 0, + "warn": 36 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:27:13Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-argocd-server-server-bd026", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-argocd-server-server-bd026", + "uid": "3afcad5b-f824-4c73-94ac-ffb31fe9c814" + } + ], + "resourceVersion": "4270036", + "uid": "ef838ec7-bcd3-46de-be87-bd7911fff773" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "coreutils: Non-privileged session can escape to the parent session in chroot", + "policy": "CVE-2016-2781", + "properties": { + "installedVersion": "9.4-3ubuntu6.1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "dirmngr", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", + "policy": "CVE-2025-4563", + "properties": { + "fixedVersion": "1.32.6, 1.33.2", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", + "policy": "CVE-2025-0167", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: predictable WebSocket mask", + "policy": "CVE-2025-10148", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: libcurl: Curl out of bounds read for cookie path", + "policy": "CVE-2025-9086", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: vulnerable to Marvin Attack", + "policy": "CVE-2024-2236", + "properties": { + "installedVersion": "1.10.3-2build1", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", + "policy": "CVE-2025-8114", + "properties": { + "installedVersion": "0.10.6-2ubuntu0.1", + "pkgName": "libssh-4", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", + "policy": "CVE-2018-6952", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Invalid Pointer via another_hunk function", + "policy": "CVE-2021-45261", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git-man", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", + "policy": "CVE-2025-5187", + "properties": { + "fixedVersion": "1.31.12, 1.32.8, 1.33.4", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "policy": "CVE-2024-45336", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", + "policy": "CVE-2024-45341", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "policy": "CVE-2025-22866", + "properties": { + "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "policy": "CVE-2025-22871", + "properties": { + "fixedVersion": "1.23.8, 1.24.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "tar: Tar path traversal", + "policy": "CVE-2025-45582", + "properties": { + "installedVersion": "1.35+dfsg-3build1", + "pkgName": "tar", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "argocd-server", + "uid": "949e71b1-8a62-4252-b723-38fa503c7db8" + }, + "summary": { + "fail": 2, + "skip": 0, + "warn": 36 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:27:12Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "statefulset-argocd-application-controller-application-controller-bd026", + "namespace": "argocd", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "statefulset-argocd-application-controller-application-controller-bd026", + "uid": "9c600130-ac11-4710-bd2b-b2a6526e4190" + } + ], + "resourceVersion": "4270021", + "uid": "b6c3e8e5-bd2b-45b6-b07b-f61f52a89fa9" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "coreutils: Non-privileged session can escape to the parent session in chroot", + "policy": "CVE-2016-2781", + "properties": { + "installedVersion": "9.4-3ubuntu6.1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "dirmngr", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.4.4-2ubuntu17.3", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", + "policy": "CVE-2025-4563", + "properties": { + "fixedVersion": "1.32.6, 1.33.2", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", + "policy": "CVE-2025-0167", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: predictable WebSocket mask", + "policy": "CVE-2025-10148", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "curl: libcurl: Curl out of bounds read for cookie path", + "policy": "CVE-2025-9086", + "properties": { + "installedVersion": "8.5.0-2ubuntu10.6", + "pkgName": "libcurl3t64-gnutls", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: vulnerable to Marvin Attack", + "policy": "CVE-2024-2236", + "properties": { + "installedVersion": "1.10.3-2build1", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", + "policy": "CVE-2025-8114", + "properties": { + "installedVersion": "0.10.6-2ubuntu0.1", + "pkgName": "libssh-4", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", + "policy": "CVE-2024-41996", + "properties": { + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", + "policy": "CVE-2018-6952", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "patch: Invalid Pointer via another_hunk function", + "policy": "CVE-2021-45261", + "properties": { + "installedVersion": "2.7.6-7build3", + "pkgName": "patch", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "git: The sideband payload is passed unfiltered to the terminal in git", + "policy": "CVE-2024-52005", + "properties": { + "installedVersion": "1:2.43.0-1ubuntu7.3", + "pkgName": "git-man", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", + "policy": "CVE-2025-5187", + "properties": { + "fixedVersion": "1.31.12, 1.32.8, 1.33.4", + "installedVersion": "v1.33.1", + "pkgName": "k8s.io/kubernetes", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Incomplete fix for CVE-2025-6020", + "policy": "CVE-2025-8941", + "properties": { + "installedVersion": "1.5.3-5ubuntu5.5", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "libssl3t64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.13-0ubuntu3.6", + "installedVersion": "3.0.13-0ubuntu3.5", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", + "policy": "CVE-2024-45336", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", + "policy": "CVE-2024-45341", + "properties": { + "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", + "policy": "CVE-2025-22866", + "properties": { + "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", + "policy": "CVE-2025-22871", + "properties": { + "fixedVersion": "1.23.8, 1.24.2", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "tar: Tar path traversal", + "policy": "CVE-2025-45582", + "properties": { + "installedVersion": "1.35+dfsg-3build1", + "pkgName": "tar", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.22.7", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "StatefulSet", + "name": "argocd-application-controller", + "uid": "05bba599-d15f-4f80-abb5-643e6c454491" + }, + "summary": { + "fail": 2, + "skip": 0, + "warn": 36 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:45Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-cert-manager-cainjector-cert-manager-cainjector-25020", + "namespace": "cert-manager", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-cert-manager-cainjector-cert-manager-cainjector-25020", + "uid": "ff3fb4c5-452f-4308-bb48-74faf6f08be2" + } + ], + "resourceVersion": "4270948", + "uid": "899b0852-2d75-40fd-b46d-aa83d01ebe1d" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "cert-manager-cainjector", + "uid": "803e195f-d433-4814-a65a-58794956f996" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:27:20Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-cert-manager-cert-manager-controller-72748", + "namespace": "cert-manager", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-cert-manager-cert-manager-controller-72748", + "uid": "5cb847e1-4238-46e8-97b4-6edd217ff67d" + } + ], + "resourceVersion": "4270116", + "uid": "533eb30f-4fc5-47bf-a063-3854abbf107b" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "cert-manager", + "uid": "004965a3-159f-4fb3-975f-dbbc23d6a7e4" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:21Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-cert-manager-webhook-cert-manager-webhook-73281", + "namespace": "cert-manager", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-cert-manager-webhook-cert-manager-webhook-73281", + "uid": "d2839e56-8c92-4a03-aa59-370e8cdf14ec" + } + ], + "resourceVersion": "4269477", + "uid": "5f2e398d-302f-404f-a821-51c1cbd9fedb" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "cert-manager-webhook", + "uid": "956d1be8-57e3-47ae-a45c-8577b15cba5c" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:30Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-external-dns-external-dns-e15dc", + "namespace": "external-dns", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-external-dns-external-dns-e15dc", + "uid": "464d4c0a-af1c-42c4-9ce8-a495a1a0e2fe" + } + ], + "resourceVersion": "4270780", + "uid": "5d59ecc8-5fb8-4315-b96c-ca18a6c7c0ff" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "policy": "CVE-2011-3374", + "properties": { + "installedVersion": "2.6.1", + "pkgName": "apt", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[Privilege escalation possible to other user than root]", + "policy": "TEMP-0841856-B18BAF", + "properties": { + "installedVersion": "5.2.15-2+b8", + "pkgName": "bash", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "1:2.38.1-5+deb12u3", + "pkgName": "bsdutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "coreutils: Non-privileged session can escape to the parent session in chroot", + "policy": "CVE-2016-2781", + "properties": { + "installedVersion": "9.1-1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "coreutils: race condition vulnerability in chown and chgrp", + "policy": "CVE-2017-18018", + "properties": { + "installedVersion": "9.1-1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", + "policy": "CVE-2025-5278", + "properties": { + "installedVersion": "9.1-1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "It was discovered that dpkg-deb does not properly sanitize directory p ...", + "policy": "CVE-2025-6297", + "properties": { + "installedVersion": "1.21.22", + "pkgName": "dpkg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6297" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "policy": "CVE-2022-27943", + "properties": { + "installedVersion": "12.2.0-14+deb12u1", + "pkgName": "gcc-12-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.2.40-1.1", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "policy": "CVE-2011-3374", + "properties": { + "installedVersion": "2.6.1", + "pkgName": "libapt-pkg6.0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libblkid1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "policy": "CVE-2010-4756", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2018-20796", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: stack guard protection bypass", + "policy": "CVE-2019-1010022", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "policy": "CVE-2019-1010023", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: ASLR bypass using cache of thread stack and heap", + "policy": "CVE-2019-1010024", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: information disclosure of heap addresses of pthread_created thread", + "policy": "CVE-2019-1010025", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2019-9192", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "policy": "CVE-2010-4756", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2018-20796", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: stack guard protection bypass", + "policy": "CVE-2019-1010022", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "policy": "CVE-2019-1010023", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: ASLR bypass using cache of thread stack and heap", + "policy": "CVE-2019-1010024", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: information disclosure of heap addresses of pthread_created thread", + "policy": "CVE-2019-1010025", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2019-9192", + "properties": { + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "policy": "CVE-2022-27943", + "properties": { + "installedVersion": "12.2.0-14+deb12u1", + "pkgName": "libgcc-s1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", + "policy": "CVE-2018-6829", + "properties": { + "installedVersion": "1.10.1-3", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: vulnerable to Marvin Attack", + "policy": "CVE-2024-2236", + "properties": { + "installedVersion": "1.10.1-3", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "policy": "CVE-2011-3389", + "properties": { + "installedVersion": "3.7.9-2+deb12u5", + "pkgName": "libgnutls30", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libmount1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnu-ncurses: ncurses Stack Buffer Overflow", + "policy": "CVE-2025-6141", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "libncursesw6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: File:: Temp insecure temporary file handling", + "policy": "CVE-2011-4116", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "libperl5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "http-tiny: insecure TLS cert default", + "policy": "CVE-2023-31486", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "libperl5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "procps: ps buffer overflow", + "policy": "CVE-2023-4016", + "properties": { + "installedVersion": "2:4.0.2-3", + "pkgName": "libproc2-0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-4016" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libsmartcols1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", + "policy": "CVE-2025-27587", + "properties": { + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "policy": "CVE-2022-27943", + "properties": { + "installedVersion": "12.2.0-14+deb12u1", + "pkgName": "libstdc++6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "policy": "CVE-2013-4392", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", + "policy": "CVE-2023-31437", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", + "policy": "CVE-2023-31438", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", + "policy": "CVE-2023-31439", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnu-ncurses: ncurses Stack Buffer Overflow", + "policy": "CVE-2025-6141", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "libtinfo6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "policy": "CVE-2013-4392", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", + "policy": "CVE-2023-31437", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", + "policy": "CVE-2023-31438", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", + "policy": "CVE-2023-31439", + "properties": { + "installedVersion": "252.38-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libuuid1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", + "policy": "CVE-2007-5686", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[more related to CVE-2005-4890]", + "policy": "TEMP-0628843-DBAD28", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "login", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "mount", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnu-ncurses: ncurses Stack Buffer Overflow", + "policy": "CVE-2025-6141", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "ncurses-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", + "policy": "CVE-2025-27587", + "properties": { + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", + "policy": "CVE-2007-5686", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[more related to CVE-2005-4890]", + "policy": "TEMP-0628843-DBAD28", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "passwd", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: File:: Temp insecure temporary file handling", + "policy": "CVE-2011-4116", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "http-tiny: insecure TLS cert default", + "policy": "CVE-2023-31486", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: File:: Temp insecure temporary file handling", + "policy": "CVE-2011-4116", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "http-tiny: insecure TLS cert default", + "policy": "CVE-2023-31486", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: File:: Temp insecure temporary file handling", + "policy": "CVE-2011-4116", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-modules-5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "http-tiny: insecure TLS cert default", + "policy": "CVE-2023-31486", + "properties": { + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-modules-5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "procps: ps buffer overflow", + "policy": "CVE-2023-4016", + "properties": { + "installedVersion": "2:4.0.2-3", + "pkgName": "procps", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-4016" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", + "policy": "TEMP-0517018-A83CE6", + "properties": { + "installedVersion": "3.06-4", + "pkgName": "sysv-rc", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", + "policy": "TEMP-0517018-A83CE6", + "properties": { + "installedVersion": "3.06-4", + "pkgName": "sysvinit-utils", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "tar: does not properly warn the user when extracting setuid or setgid files", + "policy": "CVE-2005-2541", + "properties": { + "installedVersion": "1.34+dfsg-1.2+deb12u1", + "pkgName": "tar", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[tar's rmt command may have undesired side effects]", + "policy": "TEMP-0290435-0B57B5", + "properties": { + "installedVersion": "1.34+dfsg-1.2+deb12u1", + "pkgName": "tar", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "util-linux", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "util-linux-extra", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "installedVersion": "2.2.40-1.1", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: Double free in glibc", + "policy": "CVE-2025-8058", + "properties": { + "fixedVersion": "2.36-9+deb12u13", + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8058" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: Double free in glibc", + "policy": "CVE-2025-8058", + "properties": { + "fixedVersion": "2.36-9+deb12u13", + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8058" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "lz4: LZ4 null handling error", + "policy": "CVE-2025-62813", + "properties": { + "installedVersion": "1.9.4-1", + "pkgName": "liblz4-1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-62813" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "libncursesw6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", + "policy": "CVE-2025-40909", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "libperl5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "libtinfo6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "ncurses-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", + "policy": "CVE-2025-40909", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", + "policy": "CVE-2025-40909", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", + "policy": "CVE-2025-40909", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-modules-5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: CrossOriginProtection bypass in net/http", + "policy": "CVE-2025-47910", + "properties": { + "fixedVersion": "1.25.1", + "installedVersion": "v1.25.0", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: CrossOriginProtection bypass in net/http", + "policy": "CVE-2025-47910", + "properties": { + "fixedVersion": "1.25.1", + "installedVersion": "v1.25.0", + "pkgName": "stdlib", + "pkgPath": "opt/bitnami/external-dns", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "policy": "CVE-2025-4802", + "properties": { + "fixedVersion": "2.36-9+deb12u11", + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", + "policy": "CVE-2025-4802", + "properties": { + "fixedVersion": "2.36-9+deb12u11", + "installedVersion": "2.36-9+deb12u10", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "policy": "CVE-2023-31484", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "libperl5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "policy": "CVE-2023-31484", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "policy": "CVE-2023-31484", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", + "policy": "CVE-2023-31484", + "properties": { + "fixedVersion": "5.36.0-7+deb12u3", + "installedVersion": "5.36.0-7+deb12u2", + "pkgName": "perl-modules-5.36", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6", + "policy": "CVE-2023-45853", + "properties": { + "installedVersion": "1:1.2.13.dfsg-1", + "pkgName": "zlib1g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45853" + }, + "result": "fail", + "severity": "critical", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "external-dns", + "uid": "41760462-9454-446a-8b1b-e3e97fe00c39" + }, + "summary": { + "fail": 11, + "skip": 0, + "warn": 94 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:25:43Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-app-app-400ae", + "namespace": "fyr-dev-platform-playground", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-app-app-400ae", + "uid": "392220d0-dc72-48d6-b9af-e41b2f28d951" + } + ], + "resourceVersion": "4269028", + "uid": "f5b8be1f-745d-435e-a138-d1385b01686b" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "app", + "uid": "2ab9e6c8-3b69-405f-b7fe-76c6ff7c8deb" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:31:13Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-image-scanner-controller-manager-manager-ae61d", + "namespace": "image-scanner", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-image-scanner-controller-manager-manager-ae61d", + "uid": "8f09d0c0-8d76-4821-8250-79c90c729aab" + } + ], + "resourceVersion": "4272104", + "uid": "58268777-d0ae-46d3-afee-1f120fa3ed64" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "image-scanner-controller-manager", + "uid": "c39b6b7b-bb02-45b4-9dcd-ff26345f2122" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:25:49Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "statefulset-trivy-server-f5c86", + "namespace": "image-scanner", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "statefulset-trivy-server-f5c86", + "uid": "20bffb35-8fb5-4f48-8c5a-b4d8eb54e9ae" + } + ], + "resourceVersion": "4269108", + "uid": "77da8f77-f73f-4dde-9d07-5107044d392f" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.1-r0", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pcre2: PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS", + "policy": "CVE-2025-58050", + "properties": { + "fixedVersion": "10.46-r0", + "installedVersion": "10.43-r1", + "pkgName": "pcre2", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-58050" + }, + "result": "fail", + "severity": "critical", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "StatefulSet", + "name": "trivy", + "uid": "197ade84-8d8f-43d7-8774-8ac83c1e7ba4" + }, + "summary": { + "fail": 1, + "skip": 0, + "warn": 6 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-29T11:00:11Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "cronjob-kargo-garbage-collector-garbage-collector-630fc", + "namespace": "kargo", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "cronjob-kargo-garbage-collector-garbage-collector-630fc", + "uid": "083e4eef-f561-47c8-9004-1387873bf458" + } + ], + "resourceVersion": "5684933", + "uid": "9f84340b-1ceb-44bf-b428-05fa943435cb" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gnupg-gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", + "policy": "CVE-2025-55198", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", + "policy": "CVE-2025-55199", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "batch/v1", + "kind": "CronJob", + "name": "kargo-garbage-collector", + "uid": "0b69b7d0-398a-48b4-9c5b-89084c8f7dde" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 14 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:24Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-imagepusher-imagepusher-a9c1f", + "namespace": "kargo", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-imagepusher-imagepusher-a9c1f", + "uid": "4fb0ed0c-b87b-4e16-bedc-c834391c71b7" + } + ], + "resourceVersion": "4269517", + "uid": "36c37d99-cfa9-4df5-8a36-e6f95452b814" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "imagepusher", + "uid": "1ebd5847-9d1f-4386-bcd1-cc089f6630a6" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:25:52Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-kargo-api-api-630fc", + "namespace": "kargo", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-kargo-api-api-630fc", + "uid": "3bc1c1c7-4e50-4a1f-a7eb-921cad1a4f2f" + } + ], + "resourceVersion": "4269142", + "uid": "48e850dc-54ec-413b-b9d3-6337cbeeb182" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gnupg-gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", + "policy": "CVE-2025-55198", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", + "policy": "CVE-2025-55199", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "kargo-api", + "uid": "0c94c1a5-6acc-43f2-9676-fea9552dc930" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 14 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:18Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-kargo-controller-controller-630fc", + "namespace": "kargo", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-kargo-controller-controller-630fc", + "uid": "9a8cf60f-00fe-4f51-96ee-26d7669624c3" + } + ], + "resourceVersion": "4269440", + "uid": "ef15eaa7-07f6-4d65-afa6-ac838ba07678" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gnupg-gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", + "policy": "CVE-2025-55198", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", + "policy": "CVE-2025-55199", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "kargo-controller", + "uid": "a36abea7-ec05-4281-8f2d-3ca9427ebc4c" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 14 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:47Z", + "generation": 3, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-kargo-external-webhooks-server-webhooks-server-630fc", + "namespace": "kargo", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-kargo-external-webhooks-server-webhooks-server-630fc", + "uid": "b6f84206-df7f-47d2-95c8-8d71128e5b71" + } + ], + "resourceVersion": "5595163", + "uid": "e91260c9-2373-4fc4-8ee4-a963e93ce518" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gnupg-gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", + "policy": "CVE-2025-55198", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", + "policy": "CVE-2025-55199", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "kargo-external-webhooks-server", + "uid": "eb1779c9-658a-401b-bbf9-76e353734223" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 14 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:32Z", + "generation": 3, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-kargo-management-controller-management-controller-630fc", + "namespace": "kargo", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-kargo-management-controller-management-controller-630fc", + "uid": "1bd065b0-4272-4a1b-9596-8010e256f3c6" + } + ], + "resourceVersion": "4932284", + "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gnupg-gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", + "policy": "CVE-2025-55198", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", + "policy": "CVE-2025-55199", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "kargo-management-controller", + "uid": "d0cbd625-d495-415e-bf39-b4e3c4f4366e" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 14 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:35Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-kargo-webhooks-server-webhooks-server-630fc", + "namespace": "kargo", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-kargo-webhooks-server-webhooks-server-630fc", + "uid": "fe6e485f-cf48-4274-b4ef-b6405b791646" + } + ], + "resourceVersion": "4269625", + "uid": "f6d3c38b-f36c-4853-a21a-c08955371c64" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gnupg-gpgconf", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "fixedVersion": "2.4.8-r1", + "installedVersion": "2.2.41-r52", + "pkgName": "gpg-agent", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", + "policy": "CVE-2025-55198", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", + "policy": "CVE-2025-55199", + "properties": { + "fixedVersion": "3.18.5", + "installedVersion": "v3.18.4", + "pkgName": "helm.sh/helm/v3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", + "policy": "CVE-2025-9231", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "kargo-webhooks-server", + "uid": "71331981-7efa-4a56-925c-e7c861731ae6" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 14 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:16Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-opentelemetry-operator-kube-rbac-proxy-e2b6a", + "namespace": "observability", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-opentelemetry-operator-kube-rbac-proxy-e2b6a", + "uid": "86b654fc-643a-4f94-bc43-c727c9a26765" + } + ], + "resourceVersion": "4269400", + "uid": "4ec1cc25-29ef-4a1e-b6a8-11f45bf93e14" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "go-jose: Go JOSE's Parsing Vulnerable to Denial of Service", + "policy": "CVE-2025-27144", + "properties": { + "fixedVersion": "3.0.4", + "installedVersion": "v2.6.3+incompatible", + "pkgName": "github.com/go-jose/go-jose", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27144" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", + "policy": "CVE-2025-0913", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", + "policy": "CVE-2025-4673", + "properties": { + "fixedVersion": "1.23.10, 1.24.4", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "os/exec: Unexpected paths returned from LookPath in os/exec", + "policy": "CVE-2025-47906", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", + "policy": "CVE-2025-22868", + "properties": { + "fixedVersion": "0.27.0", + "installedVersion": "v0.23.0", + "pkgName": "golang.org/x/oauth2", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", + "policy": "CVE-2025-22874", + "properties": { + "fixedVersion": "1.24.4", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.2", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "opentelemetry-operator", + "uid": "f9ca3c43-302e-46ba-a19e-d2651c8d941b" + }, + "summary": { + "fail": 3, + "skip": 0, + "warn": 4 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:27Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-opentelemetry-operator-manager-b2131", + "namespace": "observability", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-opentelemetry-operator-manager-b2131", + "uid": "cdc1999a-2e70-4917-b606-e137be3c2aad" + } + ], + "resourceVersion": "4269547", + "uid": "f06c27ce-9ef6-418b-8049-3a5be737da35" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "opentelemetry-operator", + "uid": "f9ca3c43-302e-46ba-a19e-d2651c8d941b" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:27:13Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "pod-opentelemetry-operator-cert-manager-wget-c4d93", + "namespace": "observability", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "pod-opentelemetry-operator-cert-manager-wget-c4d93", + "uid": "01593984-cd60-4553-ba18-b26814c2ed90" + } + ], + "resourceVersion": "4270043", + "uid": "d2e21b80-2963-4c0a-b668-65fecfedeb13" + }, + "scope": { + "apiVersion": "v1", + "kind": "Pod", + "name": "opentelemetry-operator-cert-manager", + "uid": "87cfa89f-003e-41ac-8551-97cb5713e959" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:32Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "pod-opentelemetry-operator-metrics-wget-c4d93", + "namespace": "observability", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "pod-opentelemetry-operator-metrics-wget-c4d93", + "uid": "8618eb32-23a0-4567-856a-6f6128fb85b4" + } + ], + "resourceVersion": "4270816", + "uid": "a0727fd2-bf11-44d3-8f9c-79ef73160273" + }, + "scope": { + "apiVersion": "v1", + "kind": "Pod", + "name": "opentelemetry-operator-metrics", + "uid": "64294bb9-feea-470a-9339-387e85f78d8d" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:27:12Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "pod-opentelemetry-operator-webhook-wget-c4d93", + "namespace": "observability", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "pod-opentelemetry-operator-webhook-wget-c4d93", + "uid": "c8770bba-72b4-448b-a8c6-56a818f66a16" + } + ], + "resourceVersion": "4270024", + "uid": "68d9a868-e0ab-487c-a8b2-3ff54579d2a4" + }, + "scope": { + "apiVersion": "v1", + "kind": "Pod", + "name": "opentelemetry-operator-webhook", + "uid": "86252216-08d9-4d52-93da-d8edc9b65886" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:48Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-reflector-reflector-3f8b3", + "namespace": "reflector", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-reflector-reflector-3f8b3", + "uid": "5c0cc414-9d89-442f-b4ba-a201a46b601c" + } + ], + "resourceVersion": "4270985", + "uid": "7479a61f-a825-4b4f-9b19-16bc6c2b105e" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "policy": "CVE-2011-3374", + "properties": { + "installedVersion": "2.6.1", + "pkgName": "apt", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[Privilege escalation possible to other user than root]", + "policy": "TEMP-0841856-B18BAF", + "properties": { + "installedVersion": "5.2.15-2+b9", + "pkgName": "bash", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "1:2.38.1-5+deb12u3", + "pkgName": "bsdutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "coreutils: Non-privileged session can escape to the parent session in chroot", + "policy": "CVE-2016-2781", + "properties": { + "installedVersion": "9.1-1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "coreutils: race condition vulnerability in chown and chgrp", + "policy": "CVE-2017-18018", + "properties": { + "installedVersion": "9.1-1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", + "policy": "CVE-2025-5278", + "properties": { + "installedVersion": "9.1-1", + "pkgName": "coreutils", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "It was discovered that dpkg-deb does not properly sanitize directory p ...", + "policy": "CVE-2025-6297", + "properties": { + "installedVersion": "1.21.22", + "pkgName": "dpkg", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6297" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "policy": "CVE-2022-27943", + "properties": { + "installedVersion": "12.2.0-14+deb12u1", + "pkgName": "gcc-12-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: denial of service issue (resource consumption) using compressed packets", + "policy": "CVE-2022-3219", + "properties": { + "installedVersion": "2.2.40-1.1+deb12u1", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", + "policy": "CVE-2011-3374", + "properties": { + "installedVersion": "2.6.1", + "pkgName": "libapt-pkg6.0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libblkid1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "policy": "CVE-2010-4756", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2018-20796", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: stack guard protection bypass", + "policy": "CVE-2019-1010022", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "policy": "CVE-2019-1010023", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: ASLR bypass using cache of thread stack and heap", + "policy": "CVE-2019-1010024", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: information disclosure of heap addresses of pthread_created thread", + "policy": "CVE-2019-1010025", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2019-9192", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", + "policy": "CVE-2010-4756", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2018-20796", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: stack guard protection bypass", + "policy": "CVE-2019-1010022", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", + "policy": "CVE-2019-1010023", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: ASLR bypass using cache of thread stack and heap", + "policy": "CVE-2019-1010024", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: information disclosure of heap addresses of pthread_created thread", + "policy": "CVE-2019-1010025", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", + "policy": "CVE-2019-9192", + "properties": { + "installedVersion": "2.36-9+deb12u13", + "pkgName": "libc6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "policy": "CVE-2022-27943", + "properties": { + "installedVersion": "12.2.0-14+deb12u1", + "pkgName": "libgcc-s1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", + "policy": "CVE-2018-6829", + "properties": { + "installedVersion": "1.10.1-3", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "libgcrypt: vulnerable to Marvin Attack", + "policy": "CVE-2024-2236", + "properties": { + "installedVersion": "1.10.1-3", + "pkgName": "libgcrypt20", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", + "policy": "CVE-2011-3389", + "properties": { + "installedVersion": "3.7.9-2+deb12u5", + "pkgName": "libgnutls30", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libmount1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libsmartcols1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", + "policy": "CVE-2025-27587", + "properties": { + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", + "policy": "CVE-2022-27943", + "properties": { + "installedVersion": "12.2.0-14+deb12u1", + "pkgName": "libstdc++6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "policy": "CVE-2013-4392", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", + "policy": "CVE-2023-31437", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", + "policy": "CVE-2023-31438", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", + "policy": "CVE-2023-31439", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libsystemd0", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnu-ncurses: ncurses Stack Buffer Overflow", + "policy": "CVE-2025-6141", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "libtinfo6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", + "policy": "CVE-2013-4392", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", + "policy": "CVE-2023-31437", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", + "policy": "CVE-2023-31438", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", + "policy": "CVE-2023-31439", + "properties": { + "installedVersion": "252.39-1~deb12u1", + "pkgName": "libudev1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "libuuid1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", + "policy": "CVE-2007-5686", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "login", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[more related to CVE-2005-4890]", + "policy": "TEMP-0628843-DBAD28", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "login", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "mount", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnu-ncurses: ncurses Stack Buffer Overflow", + "policy": "CVE-2025-6141", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "ncurses-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnu-ncurses: ncurses Stack Buffer Overflow", + "policy": "CVE-2025-6141", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "ncurses-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", + "policy": "CVE-2025-27587", + "properties": { + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", + "policy": "CVE-2007-5686", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", + "policy": "CVE-2024-56433", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "passwd", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[more related to CVE-2005-4890]", + "policy": "TEMP-0628843-DBAD28", + "properties": { + "installedVersion": "1:4.13+dfsg1-1+deb12u1", + "pkgName": "passwd", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "perl: File:: Temp insecure temporary file handling", + "policy": "CVE-2011-4116", + "properties": { + "installedVersion": "5.36.0-7+deb12u3", + "pkgName": "perl-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "http-tiny: insecure TLS cert default", + "policy": "CVE-2023-31486", + "properties": { + "installedVersion": "5.36.0-7+deb12u3", + "pkgName": "perl-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", + "policy": "TEMP-0517018-A83CE6", + "properties": { + "installedVersion": "3.06-4", + "pkgName": "sysvinit-utils", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "tar: does not properly warn the user when extracting setuid or setgid files", + "policy": "CVE-2005-2541", + "properties": { + "installedVersion": "1.34+dfsg-1.2+deb12u1", + "pkgName": "tar", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "[tar's rmt command may have undesired side effects]", + "policy": "TEMP-0290435-0B57B5", + "properties": { + "installedVersion": "1.34+dfsg-1.2+deb12u1", + "pkgName": "tar", + "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "util-linux", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", + "policy": "CVE-2022-0563", + "properties": { + "installedVersion": "2.38.1-5+deb12u3", + "pkgName": "util-linux-extra", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain", + "policy": "CVE-2025-9708", + "properties": { + "fixedVersion": "17.0.14", + "installedVersion": "17.0.4", + "pkgName": "KubernetesClient", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9708" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "dotnet: .NET Information Disclosure Vulnerability", + "policy": "CVE-2025-55248", + "properties": { + "fixedVersion": "9.0.10, 8.0.21", + "installedVersion": "9.0.9", + "pkgName": "Microsoft.NETCore.App.Runtime.linux-x64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55248" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "gnupg: verification DoS due to a malicious subkey in the keyring", + "policy": "CVE-2025-30258", + "properties": { + "installedVersion": "2.2.40-1.1+deb12u1", + "pkgName": "gpgv", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "lz4: LZ4 null handling error", + "policy": "CVE-2025-62813", + "properties": { + "installedVersion": "1.9.4-1", + "pkgName": "liblz4-1", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-62813" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: libpam: Libpam vulnerable to read hashed password", + "policy": "CVE-2024-10041", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "pam: allowing unprivileged user to block another user namespace", + "policy": "CVE-2024-22365", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "libssl3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "libtinfo6", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "ncurses-base", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "ncurses: segmentation fault via _nc_wrap_entry()", + "policy": "CVE-2023-50495", + "properties": { + "installedVersion": "6.4-4", + "pkgName": "ncurses-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", + "policy": "CVE-2025-9230", + "properties": { + "fixedVersion": "3.0.17-1~deb12u3", + "installedVersion": "3.0.17-1~deb12u2", + "pkgName": "openssl", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" + }, + "result": "warn", + "severity": "medium", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-modules-bin", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam-runtime", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "linux-pam: Linux-pam directory Traversal", + "policy": "CVE-2025-6020", + "properties": { + "installedVersion": "1.5.2-6+deb12u1", + "pkgName": "libpam0g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "dotnet: .NET Security Feature Bypass Vulnerability", + "policy": "CVE-2025-55315", + "properties": { + "fixedVersion": "10.0.0-rc.2.25502.107, 9.0.10, 8.0.21", + "installedVersion": "9.0.9", + "pkgName": "Microsoft.AspNetCore.App.Runtime.linux-x64", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55315" + }, + "result": "fail", + "severity": "critical", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6", + "policy": "CVE-2023-45853", + "properties": { + "installedVersion": "1:1.2.13.dfsg-1", + "pkgName": "zlib1g", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45853" + }, + "result": "fail", + "severity": "critical", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "reflector", + "uid": "f02aa1c7-969d-4e7a-bcb7-c3de73958614" + }, + "summary": { + "fail": 6, + "skip": 0, + "warn": 79 + } + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} diff --git a/unittests/scans/openreports/openreports_list_format.json b/unittests/scans/openreports/openreports_list_format.json new file mode 100644 index 00000000000..0499696cc2f --- /dev/null +++ b/unittests/scans/openreports/openreports_list_format.json @@ -0,0 +1,113 @@ +{ + "apiVersion": "v1", + "items": [ + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:32Z", + "generation": 3, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-app1-630fc", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-app1-630fc", + "uid": "1bd065b0-4272-4a1b-9596-8010e256f3c6" + } + ], + "resourceVersion": "4932284", + "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "app1", + "uid": "d0cbd625-d495-415e-bf39-b4e3c4f4366e" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 1 + } + }, + { + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:35Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-app2-630fc", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-app2-630fc", + "uid": "fe6e485f-cf48-4274-b4ef-b6405b791646" + } + ], + "resourceVersion": "4269625", + "uid": "f6d3c38b-f36c-4853-a21a-c08955371c64" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.5", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "app2", + "uid": "71331981-7efa-4a56-925c-e7c861731ae6" + }, + "summary": { + "fail": 1, + "skip": 0, + "warn": 0 + } + } + ], + "kind": "List", + "metadata": { + "resourceVersion": "" + } +} \ No newline at end of file diff --git a/unittests/scans/openreports/openreports_no_results.json b/unittests/scans/openreports/openreports_no_results.json new file mode 100644 index 00000000000..ebebb36afc8 --- /dev/null +++ b/unittests/scans/openreports/openreports_no_results.json @@ -0,0 +1,36 @@ +{ + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:26:27Z", + "generation": 1, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-clean-app-b2131", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-clean-app-b2131", + "uid": "cdc1999a-2e70-4917-b606-e137be3c2aad" + } + ], + "resourceVersion": "4269547", + "uid": "f06c27ce-9ef6-418b-8049-3a5be737da35" + }, + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "clean-app", + "uid": "f9ca3c43-302e-46ba-a19e-d2651c8d941b" + }, + "summary": { + "fail": 0, + "skip": 0, + "warn": 0 + } +} \ No newline at end of file diff --git a/unittests/scans/openreports/openreports_single_report.json b/unittests/scans/openreports/openreports_single_report.json new file mode 100644 index 00000000000..df23ed2e3e8 --- /dev/null +++ b/unittests/scans/openreports/openreports_single_report.json @@ -0,0 +1,66 @@ +{ + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "creationTimestamp": "2025-10-27T08:28:32Z", + "generation": 3, + "labels": { + "app.kubernetes.io/managed-by": "image-scanner" + }, + "name": "deployment-test-app-630fc", + "namespace": "test", + "ownerReferences": [ + { + "apiVersion": "stas.statnett.no/v1alpha1", + "blockOwnerDeletion": true, + "controller": true, + "kind": "ContainerImageScan", + "name": "deployment-test-app-630fc", + "uid": "1bd065b0-4272-4a1b-9596-8010e256f3c6" + } + ], + "resourceVersion": "4932284", + "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + }, + { + "category": "vulnerability scan", + "message": "database/sql: Postgres Scan Race Condition", + "policy": "CVE-2025-47907", + "properties": { + "fixedVersion": "1.23.12, 1.24.6", + "installedVersion": "v1.24.4", + "pkgName": "stdlib", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" + }, + "result": "fail", + "severity": "high", + "source": "image-scanner" + } + ], + "scope": { + "apiVersion": "apps/v1", + "kind": "Deployment", + "name": "test-app", + "uid": "d0cbd625-d495-415e-bf39-b4e3c4f4366e" + }, + "summary": { + "fail": 1, + "skip": 0, + "warn": 1 + } +} \ No newline at end of file diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py new file mode 100644 index 00000000000..3daa588064e --- /dev/null +++ b/unittests/tools/test_openreports_parser.py @@ -0,0 +1,83 @@ +from dojo.models import Test +from dojo.tools.openreports.parser import OpenreportsParser +from unittests.dojo_test_case import DojoTestCase, get_unit_tests_scans_path + + +def sample_path(file_name): + return get_unit_tests_scans_path("openreports") / file_name + + +class TestOpenreportsParser(DojoTestCase): + + def test_no_results(self): + with sample_path("openreports_no_results.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 0) + + def test_single_report(self): + with sample_path("openreports_single_report.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 2) + + # Test first finding (warn/low severity) + finding1 = findings[0] + self.assertEqual("CVE-2025-9232 in libcrypto3", finding1.title) + self.assertEqual("Low", finding1.severity) + self.assertEqual("libcrypto3", finding1.component_name) + self.assertEqual("3.5.2-r1", finding1.component_version) + self.assertEqual("Upgrade to version: 3.5.4-r0", finding1.mitigation) + self.assertEqual("https://avd.aquasec.com/nvd/cve-2025-9232", finding1.references) + self.assertEqual("test/Deployment/test-app", finding1.service) + self.assertTrue(finding1.active) + self.assertTrue(finding1.verified) + self.assertTrue(finding1.fix_available) + self.assertEqual(1, len(finding1.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0]) + self.assertIn("vulnerability scan", finding1.tags) + self.assertIn("image-scanner", finding1.tags) + self.assertIn("Deployment", finding1.tags) + + # Test second finding (fail/high severity) + finding2 = findings[1] + self.assertEqual("CVE-2025-47907 in stdlib", finding2.title) + self.assertEqual("High", finding2.severity) + self.assertEqual("stdlib", finding2.component_name) + self.assertEqual("v1.24.4", finding2.component_version) + self.assertEqual("Upgrade to version: 1.23.12, 1.24.6", finding2.mitigation) + self.assertEqual("https://avd.aquasec.com/nvd/cve-2025-47907", finding2.references) + self.assertEqual("test/Deployment/test-app", finding2.service) + self.assertTrue(finding2.active) + self.assertTrue(finding2.verified) + self.assertTrue(finding2.fix_available) + self.assertEqual(1, len(finding2.unsaved_vulnerability_ids)) + self.assertEqual("CVE-2025-47907", finding2.unsaved_vulnerability_ids[0]) + + def test_list_format(self): + with sample_path("openreports_list_format.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + findings = parser.get_findings(test_file, Test()) + self.assertEqual(len(findings), 2) + + # Verify findings from different reports have different services + services = {finding.service for finding in findings} + self.assertEqual(len(services), 2) + self.assertIn("test/Deployment/app1", services) + self.assertIn("test/Deployment/app2", services) + + # Verify CVE IDs + cve_ids = [finding.unsaved_vulnerability_ids[0] for finding in findings] + self.assertIn("CVE-2025-9232", cve_ids) + self.assertIn("CVE-2025-47907", cve_ids) + + def test_parser_metadata(self): + parser = OpenreportsParser() + scan_types = parser.get_scan_types() + self.assertEqual(["OpenReports Scan"], scan_types) + + label = parser.get_label_for_scan_types("OpenReports Scan") + self.assertEqual("OpenReports Scan", label) + + description = parser.get_description_for_scan_types("OpenReports Scan") + self.assertEqual("Import OpenReports JSON scan report.", description) \ No newline at end of file From 19bd14b150e6e3b08fc768386ff7ca83fb724333 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Wed, 29 Oct 2025 13:38:36 +0100 Subject: [PATCH 02/12] OpenReports: cleanup --- openreports.json | 9323 ---------------------------------------------- 1 file changed, 9323 deletions(-) delete mode 100644 openreports.json diff --git a/openreports.json b/openreports.json deleted file mode 100644 index 0fc35b49ea9..00000000000 --- a/openreports.json +++ /dev/null @@ -1,9323 +0,0 @@ -{ - "apiVersion": "v1", - "items": [ - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:09Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-aks-istio-ingressgateway-external-asm-1-27-istio-proxy-1baf4", - "namespace": "aks-istio-ingress", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-aks-istio-ingressgateway-external-asm-1-27-istio-proxy-1baf4", - "uid": "7e1b2064-4fb2-48fe-b85b-823fad65a75c" - } - ], - "resourceVersion": "4269324", - "uid": "ae0fd799-6703-470f-8c6c-c159cce09fbc" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", - "policy": "CVE-2025-4802", - "properties": { - "fixedVersion": "2.38-13.azl3", - "installedVersion": "2.38-11.azl3", - "pkgName": "glibc", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "aks-istio-ingressgateway-external-asm-1-27", - "uid": "2b792469-162b-42f6-805a-1f6136b1205a" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 2 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-28T15:04:47Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-istiod-asm-1-27-discovery-78feb", - "namespace": "aks-istio-system", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-istiod-asm-1-27-discovery-78feb", - "uid": "764555b7-4b4a-46ef-8c9e-01aca54352c9" - } - ], - "resourceVersion": "5113337", - "uid": "9e2604c4-27dd-4f0a-8fb7-8aa832024d87" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", - "policy": "CVE-2025-4802", - "properties": { - "fixedVersion": "2.38-13.azl3", - "installedVersion": "2.38-11.azl3", - "pkgName": "glibc", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.3.5-1.azl3", - "installedVersion": "3.3.3-2.azl3", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "istiod-asm-1-27", - "uid": "d2f99f17-4405-44e0-a516-f89beb4c1b6b" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 2 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:22Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-kiali-kiali-774cc", - "namespace": "aks-istio-system", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-kiali-kiali-774cc", - "uid": "5815ee53-460e-42a1-8187-238f246562da" - } - ], - "resourceVersion": "4269493", - "uid": "3a38bbf1-0942-4277-a8cb-aec2d7bb0e89" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", - "policy": "CVE-2022-27943", - "properties": { - "installedVersion": "11.5.0-5.el9_5", - "pkgName": "libgcc", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.2-10.20210508.el9_6.2", - "pkgName": "ncurses-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.2-10.20210508.el9_6.2", - "pkgName": "ncurses-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in ECDSA signature computation", - "policy": "CVE-2024-13176", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-13176" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in ECDSA signature computation", - "policy": "CVE-2024-13176", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-13176" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop", - "policy": "CVE-2022-41409", - "properties": { - "installedVersion": "10.40-6.el9", - "pkgName": "pcre2", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41409" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pcre2: negative repeat value in a pcre2test subject line leads to inifinite loop", - "policy": "CVE-2022-41409", - "properties": { - "installedVersion": "10.40-6.el9", - "pkgName": "pcre2-syntax", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41409" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", - "policy": "CVE-2025-5278", - "properties": { - "installedVersion": "8.32-39.el9", - "pkgName": "coreutils-single", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "installedVersion": "1:3.2.2-6.el9_5.1", - "pkgName": "openssl-libs", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", - "policy": "CVE-2025-22874", - "properties": { - "fixedVersion": "1.24.4", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "kiali", - "uid": "f0bfdac3-d811-468a-a919-f074bb4d3291" - }, - "summary": { - "fail": 2, - "skip": 0, - "warn": 17 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:25:41Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-argocd-applicationset-controller-applicationset-controller-bd026", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-argocd-applicationset-controller-applicationset-controller-bd026", - "uid": "9b1e4cef-40d6-468a-8e90-6cb2936faac0" - } - ], - "resourceVersion": "4269003", - "uid": "e120e493-9fc3-43ad-928d-a25046d64846" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "coreutils: Non-privileged session can escape to the parent session in chroot", - "policy": "CVE-2016-2781", - "properties": { - "installedVersion": "9.4-3ubuntu6.1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "dirmngr", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", - "policy": "CVE-2025-4563", - "properties": { - "fixedVersion": "1.32.6, 1.33.2", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", - "policy": "CVE-2025-0167", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: predictable WebSocket mask", - "policy": "CVE-2025-10148", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: libcurl: Curl out of bounds read for cookie path", - "policy": "CVE-2025-9086", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: vulnerable to Marvin Attack", - "policy": "CVE-2024-2236", - "properties": { - "installedVersion": "1.10.3-2build1", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", - "policy": "CVE-2025-8114", - "properties": { - "installedVersion": "0.10.6-2ubuntu0.1", - "pkgName": "libssh-4", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", - "policy": "CVE-2018-6952", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Invalid Pointer via another_hunk function", - "policy": "CVE-2021-45261", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git-man", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", - "policy": "CVE-2025-5187", - "properties": { - "fixedVersion": "1.31.12, 1.32.8, 1.33.4", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", - "policy": "CVE-2024-45336", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", - "policy": "CVE-2024-45341", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", - "policy": "CVE-2025-22866", - "properties": { - "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", - "policy": "CVE-2025-22871", - "properties": { - "fixedVersion": "1.23.8, 1.24.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "tar: Tar path traversal", - "policy": "CVE-2025-45582", - "properties": { - "installedVersion": "1.35+dfsg-3build1", - "pkgName": "tar", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "argocd-applicationset-controller", - "uid": "40cba690-e41d-4d45-b83c-2db3f7aa79b3" - }, - "summary": { - "fail": 2, - "skip": 0, - "warn": 36 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:27:12Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-argocd-dex-server-dex-server-f6746", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-argocd-dex-server-dex-server-f6746", - "uid": "17eca175-73b1-43f2-b102-512ae93978fa" - } - ], - "resourceVersion": "4270027", - "uid": "4a18aa4f-d3eb-4980-b52a-7698687e6203" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: CrossOriginProtection bypass in net/http", - "policy": "CVE-2025-47910", - "properties": { - "fixedVersion": "1.25.1", - "installedVersion": "v1.25.0", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: CrossOriginProtection bypass in net/http", - "policy": "CVE-2025-47910", - "properties": { - "fixedVersion": "1.25.1", - "installedVersion": "v1.25.0", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "argocd-dex-server", - "uid": "3182cbc5-1d65-4933-be4b-699569f017dc" - }, - "summary": { - "fail": 1, - "skip": 0, - "warn": 9 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:25:43Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-argocd-notifications-controller-notifications-controller-bd026", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-argocd-notifications-controller-notifications-controller-bd026", - "uid": "a94a0e98-64c4-4edb-ab52-a08e06ecd71e" - } - ], - "resourceVersion": "4269032", - "uid": "f2e37b89-2a1a-4dee-b61d-0bf40d0e7bfc" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "coreutils: Non-privileged session can escape to the parent session in chroot", - "policy": "CVE-2016-2781", - "properties": { - "installedVersion": "9.4-3ubuntu6.1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "dirmngr", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", - "policy": "CVE-2025-4563", - "properties": { - "fixedVersion": "1.32.6, 1.33.2", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", - "policy": "CVE-2025-0167", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: predictable WebSocket mask", - "policy": "CVE-2025-10148", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: libcurl: Curl out of bounds read for cookie path", - "policy": "CVE-2025-9086", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: vulnerable to Marvin Attack", - "policy": "CVE-2024-2236", - "properties": { - "installedVersion": "1.10.3-2build1", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", - "policy": "CVE-2025-8114", - "properties": { - "installedVersion": "0.10.6-2ubuntu0.1", - "pkgName": "libssh-4", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", - "policy": "CVE-2018-6952", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Invalid Pointer via another_hunk function", - "policy": "CVE-2021-45261", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git-man", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", - "policy": "CVE-2025-5187", - "properties": { - "fixedVersion": "1.31.12, 1.32.8, 1.33.4", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", - "policy": "CVE-2024-45336", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", - "policy": "CVE-2024-45341", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", - "policy": "CVE-2025-22866", - "properties": { - "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", - "policy": "CVE-2025-22871", - "properties": { - "fixedVersion": "1.23.8, 1.24.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "tar: Tar path traversal", - "policy": "CVE-2025-45582", - "properties": { - "installedVersion": "1.35+dfsg-3build1", - "pkgName": "tar", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "argocd-notifications-controller", - "uid": "69187687-6e71-469e-b417-6eee66481217" - }, - "summary": { - "fail": 2, - "skip": 0, - "warn": 36 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:25:40Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-argocd-redis-redis-17c31", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-argocd-redis-redis-17c31", - "uid": "43bd69c3-36c3-45de-8af7-f97fbecc145d" - } - ], - "resourceVersion": "4268996", - "uid": "bebb81fc-d47d-4b20-85b1-b203fadc368a" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.3.5-r0", - "installedVersion": "3.3.3-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.3.5-r0", - "installedVersion": "3.3.3-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/tls: session tickets lack random ticket_age_add", - "policy": "CVE-2022-30629", - "properties": { - "fixedVersion": "1.17.11, 1.18.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30629" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.3.5-r0", - "installedVersion": "3.3.3-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.3.5-r0", - "installedVersion": "3.3.3-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.3.5-r0", - "installedVersion": "3.3.3-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.3.5-r0", - "installedVersion": "3.3.3-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: improper sanitization of Transfer-Encoding header", - "policy": "CVE-2022-1705", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-1705" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: go/parser: stack exhaustion in all Parse* functions", - "policy": "CVE-2022-1962", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-1962" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http/httputil: NewSingleHostReverseProxy - omit X-Forwarded-For not working", - "policy": "CVE-2022-32148", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-32148" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: excessive memory growth in a Go server accepting HTTP/2 requests", - "policy": "CVE-2022-41717", - "properties": { - "fixedVersion": "1.18.9, 1.19.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41717" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/internal/nistec: specific unreduced P-256 scalars produce incorrect results", - "policy": "CVE-2023-24532", - "properties": { - "fixedVersion": "1.19.7, 1.20.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24532" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: insufficient sanitization of Host header", - "policy": "CVE-2023-29406", - "properties": { - "fixedVersion": "1.19.11, 1.20.6", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29406" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/tls: slow verification of certificate chains containing large RSA keys", - "policy": "CVE-2023-29409", - "properties": { - "fixedVersion": "1.19.12, 1.20.7, 1.21.0-rc.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29409" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: html/template: improper handling of HTML-like comments within script contexts", - "policy": "CVE-2023-39318", - "properties": { - "fixedVersion": "1.20.8, 1.21.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39318" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: html/template: improper handling of special tags within script contexts", - "policy": "CVE-2023-39319", - "properties": { - "fixedVersion": "1.20.8, 1.21.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39319" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http/internal: Denial of Service (DoS) via Resource Consumption via HTTP requests", - "policy": "CVE-2023-39326", - "properties": { - "fixedVersion": "1.20.12, 1.21.5", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39326" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "On Windows, The IsLocal function does not correctly detect reserved de ...", - "policy": "CVE-2023-45284", - "properties": { - "fixedVersion": "1.20.11, 1.21.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45284" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect", - "policy": "CVE-2023-45289", - "properties": { - "fixedVersion": "1.21.8, 1.22.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45289" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm", - "policy": "CVE-2023-45290", - "properties": { - "fixedVersion": "1.21.8, 1.22.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45290" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm", - "policy": "CVE-2024-24783", - "properties": { - "fixedVersion": "1.21.8, 1.22.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24783" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/mail: comments in display names are incorrectly handled", - "policy": "CVE-2024-24784", - "properties": { - "fixedVersion": "1.21.8, 1.22.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24784" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: html/template: errors returned from MarshalJSON methods may break template escaping", - "policy": "CVE-2024-24785", - "properties": { - "fixedVersion": "1.21.8, 1.22.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24785" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: archive/zip: Incorrect handling of certain ZIP files", - "policy": "CVE-2024-24789", - "properties": { - "fixedVersion": "1.21.11, 1.22.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24789" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Denial of service due to improper 100-continue handling in net/http", - "policy": "CVE-2024-24791", - "properties": { - "fixedVersion": "1.21.12, 1.22.5", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24791" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion", - "policy": "CVE-2024-34155", - "properties": { - "fixedVersion": "1.22.7, 1.23.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-34155" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "go/build/constraint: golang: Calling Parse on a \"// +build\" build tag line with deeply nested expressions can cause a panic due to stack exhaustion", - "policy": "CVE-2024-34158", - "properties": { - "fixedVersion": "1.22.7, 1.23.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-34158" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", - "policy": "CVE-2024-45336", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", - "policy": "CVE-2024-45341", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", - "policy": "CVE-2025-22866", - "properties": { - "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", - "policy": "CVE-2025-22871", - "properties": { - "fixedVersion": "1.23.8, 1.24.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: handle server errors after sending GOAWAY", - "policy": "CVE-2022-27664", - "properties": { - "fixedVersion": "1.18.6, 1.19.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27664" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: encoding/xml: stack exhaustion in Decoder.Skip", - "policy": "CVE-2022-28131", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-28131" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: archive/tar: github.com/vbatts/tar-split: unbounded memory consumption when reading headers", - "policy": "CVE-2022-2879", - "properties": { - "fixedVersion": "1.18.7, 1.19.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-2879" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http/httputil: ReverseProxy should not forward unparseable query parameters", - "policy": "CVE-2022-2880", - "properties": { - "fixedVersion": "1.18.7, 1.19.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-2880" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", - "policy": "CVE-2022-29804", - "properties": { - "fixedVersion": "1.17.11, 1.18.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-29804" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: os/exec: Code injection in Cmd.Start", - "policy": "CVE-2022-30580", - "properties": { - "fixedVersion": "1.17.11, 1.18.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30580" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: io/fs: stack exhaustion in Glob", - "policy": "CVE-2022-30630", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30630" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: compress/gzip: stack exhaustion in Reader.Read", - "policy": "CVE-2022-30631", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30631" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: path/filepath: stack exhaustion in Glob", - "policy": "CVE-2022-30632", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30632" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: encoding/xml: stack exhaustion in Unmarshal", - "policy": "CVE-2022-30633", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30633" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ELSA-2022-17957: ol8addon security update (IMPORTANT)", - "policy": "CVE-2022-30634", - "properties": { - "fixedVersion": "1.17.11, 1.18.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30634" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: encoding/gob: stack exhaustion in Decoder.Decode", - "policy": "CVE-2022-30635", - "properties": { - "fixedVersion": "1.17.12, 1.18.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-30635" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: math/big: decoding big.Float and big.Rat types can panic if the encoded message is too short, potentially allowing a denial of service", - "policy": "CVE-2022-32189", - "properties": { - "fixedVersion": "1.17.13, 1.18.5", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-32189" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: regexp/syntax: limit memory used by parsing regexps", - "policy": "CVE-2022-41715", - "properties": { - "fixedVersion": "1.18.7, 1.19.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41715" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Due to unsanitized NUL values, attackers may be able to maliciously se ...", - "policy": "CVE-2022-41716", - "properties": { - "fixedVersion": "1.18.8, 1.19.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41716" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: os, net/http: avoid escapes from os.DirFS and http.Dir on Windows", - "policy": "CVE-2022-41720", - "properties": { - "fixedVersion": "1.18.9, 1.19.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41720" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: path/filepath: path-filepath filepath.Clean path traversal", - "policy": "CVE-2022-41722", - "properties": { - "fixedVersion": "1.19.6, 1.20.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41722" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang.org/x/net/http2: avoid quadratic complexity in HPACK decoding", - "policy": "CVE-2022-41723", - "properties": { - "fixedVersion": "1.19.6, 1.20.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41723" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/tls: large handshake records may cause panics", - "policy": "CVE-2022-41724", - "properties": { - "fixedVersion": "1.19.6, 1.20.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41724" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http, mime/multipart: denial of service from excessive resource consumption", - "policy": "CVE-2022-41725", - "properties": { - "fixedVersion": "1.19.6, 1.20.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-41725" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http, net/textproto: denial of service from excessive memory allocation", - "policy": "CVE-2023-24534", - "properties": { - "fixedVersion": "1.19.8, 1.20.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24534" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http, net/textproto, mime/multipart: denial of service from excessive resource consumption", - "policy": "CVE-2023-24536", - "properties": { - "fixedVersion": "1.19.8, 1.20.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24536" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: go/parser: Infinite loop in parsing", - "policy": "CVE-2023-24537", - "properties": { - "fixedVersion": "1.19.8, 1.20.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24537" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: html/template: improper sanitization of CSS values", - "policy": "CVE-2023-24539", - "properties": { - "fixedVersion": "1.19.9, 1.20.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24539" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: html/template: improper handling of empty HTML attributes", - "policy": "CVE-2023-29400", - "properties": { - "fixedVersion": "1.19.9, 1.20.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29400" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: runtime: unexpected behavior of setuid/setgid binaries", - "policy": "CVE-2023-29403", - "properties": { - "fixedVersion": "1.19.10, 1.20.5", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-29403" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http, x/net/http2: rapid stream resets can cause excessive work (CVE-2023-44487)", - "policy": "CVE-2023-39325", - "properties": { - "fixedVersion": "1.20.10, 1.21.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-39325" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "The filepath package does not recognize paths with a \\??\\ prefix as sp ...", - "policy": "CVE-2023-45283", - "properties": { - "fixedVersion": "1.20.11, 1.21.4, 1.20.12, 1.21.5", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45283" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/tls: Timing Side Channel attack in RSA based TLS key exchanges.", - "policy": "CVE-2023-45287", - "properties": { - "fixedVersion": "1.20.0", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45287" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS", - "policy": "CVE-2023-45288", - "properties": { - "fixedVersion": "1.21.9, 1.22.2", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45288" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion", - "policy": "CVE-2024-34156", - "properties": { - "fixedVersion": "1.22.7, 1.23.1", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-34156" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: html/template: backticks not treated as string delimiters", - "policy": "CVE-2023-24538", - "properties": { - "fixedVersion": "1.19.8, 1.20.3", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24538" - }, - "result": "fail", - "severity": "critical", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: html/template: improper handling of JavaScript whitespace", - "policy": "CVE-2023-24540", - "properties": { - "fixedVersion": "1.19.9, 1.20.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-24540" - }, - "result": "fail", - "severity": "critical", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses", - "policy": "CVE-2024-24790", - "properties": { - "fixedVersion": "1.21.11, 1.22.4", - "installedVersion": "v1.18.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-24790" - }, - "result": "fail", - "severity": "critical", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "argocd-redis", - "uid": "8d1623a1-1675-4347-9bc4-e519117c1c02" - }, - "summary": { - "fail": 35, - "skip": 0, - "warn": 34 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-28T14:56:22Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-argocd-repo-server-kargo-cmp-1dc55", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-argocd-repo-server-kargo-cmp-1dc55", - "uid": "bfb59ce0-a430-44a9-8382-d39e331085dd" - } - ], - "resourceVersion": "5109246", - "uid": "662cff19-7651-4023-b6c6-29b9f4c2ff93" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "argocd-repo-server", - "uid": "df889860-ae62-4d65-b257-47527dfef994" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:27:23Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-argocd-repo-server-repo-server-bd026", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-argocd-repo-server-repo-server-bd026", - "uid": "eb2849bc-982d-4b6a-8e92-c9ace3281be7" - } - ], - "resourceVersion": "4270147", - "uid": "a91b33f9-b58c-4de4-a091-48b062e3b948" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "coreutils: Non-privileged session can escape to the parent session in chroot", - "policy": "CVE-2016-2781", - "properties": { - "installedVersion": "9.4-3ubuntu6.1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "dirmngr", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", - "policy": "CVE-2025-4563", - "properties": { - "fixedVersion": "1.32.6, 1.33.2", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", - "policy": "CVE-2025-0167", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: predictable WebSocket mask", - "policy": "CVE-2025-10148", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: libcurl: Curl out of bounds read for cookie path", - "policy": "CVE-2025-9086", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: vulnerable to Marvin Attack", - "policy": "CVE-2024-2236", - "properties": { - "installedVersion": "1.10.3-2build1", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", - "policy": "CVE-2025-8114", - "properties": { - "installedVersion": "0.10.6-2ubuntu0.1", - "pkgName": "libssh-4", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", - "policy": "CVE-2018-6952", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Invalid Pointer via another_hunk function", - "policy": "CVE-2021-45261", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git-man", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", - "policy": "CVE-2025-5187", - "properties": { - "fixedVersion": "1.31.12, 1.32.8, 1.33.4", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", - "policy": "CVE-2024-45336", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", - "policy": "CVE-2024-45341", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", - "policy": "CVE-2025-22866", - "properties": { - "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", - "policy": "CVE-2025-22871", - "properties": { - "fixedVersion": "1.23.8, 1.24.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "tar: Tar path traversal", - "policy": "CVE-2025-45582", - "properties": { - "installedVersion": "1.35+dfsg-3build1", - "pkgName": "tar", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "argocd-repo-server", - "uid": "df889860-ae62-4d65-b257-47527dfef994" - }, - "summary": { - "fail": 2, - "skip": 0, - "warn": 36 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:27:13Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-argocd-server-server-bd026", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-argocd-server-server-bd026", - "uid": "3afcad5b-f824-4c73-94ac-ffb31fe9c814" - } - ], - "resourceVersion": "4270036", - "uid": "ef838ec7-bcd3-46de-be87-bd7911fff773" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "coreutils: Non-privileged session can escape to the parent session in chroot", - "policy": "CVE-2016-2781", - "properties": { - "installedVersion": "9.4-3ubuntu6.1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "dirmngr", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", - "policy": "CVE-2025-4563", - "properties": { - "fixedVersion": "1.32.6, 1.33.2", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", - "policy": "CVE-2025-0167", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: predictable WebSocket mask", - "policy": "CVE-2025-10148", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: libcurl: Curl out of bounds read for cookie path", - "policy": "CVE-2025-9086", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: vulnerable to Marvin Attack", - "policy": "CVE-2024-2236", - "properties": { - "installedVersion": "1.10.3-2build1", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", - "policy": "CVE-2025-8114", - "properties": { - "installedVersion": "0.10.6-2ubuntu0.1", - "pkgName": "libssh-4", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", - "policy": "CVE-2018-6952", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Invalid Pointer via another_hunk function", - "policy": "CVE-2021-45261", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git-man", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", - "policy": "CVE-2025-5187", - "properties": { - "fixedVersion": "1.31.12, 1.32.8, 1.33.4", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", - "policy": "CVE-2024-45336", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", - "policy": "CVE-2024-45341", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", - "policy": "CVE-2025-22866", - "properties": { - "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", - "policy": "CVE-2025-22871", - "properties": { - "fixedVersion": "1.23.8, 1.24.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "tar: Tar path traversal", - "policy": "CVE-2025-45582", - "properties": { - "installedVersion": "1.35+dfsg-3build1", - "pkgName": "tar", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "argocd-server", - "uid": "949e71b1-8a62-4252-b723-38fa503c7db8" - }, - "summary": { - "fail": 2, - "skip": 0, - "warn": 36 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:27:12Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "statefulset-argocd-application-controller-application-controller-bd026", - "namespace": "argocd", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "statefulset-argocd-application-controller-application-controller-bd026", - "uid": "9c600130-ac11-4710-bd2b-b2a6526e4190" - } - ], - "resourceVersion": "4270021", - "uid": "b6c3e8e5-bd2b-45b6-b07b-f61f52a89fa9" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "coreutils: Non-privileged session can escape to the parent session in chroot", - "policy": "CVE-2016-2781", - "properties": { - "installedVersion": "9.4-3ubuntu6.1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "dirmngr", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.4.4-2ubuntu17.3", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kube-apiserver: NodeRestriction Admission Controller Dynamic Resource Allocation Bypass", - "policy": "CVE-2025-4563", - "properties": { - "fixedVersion": "1.32.6, 1.33.2", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "When asked to use a `.netrc` file for credentials **and** to follow HT ...", - "policy": "CVE-2025-0167", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0167" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: predictable WebSocket mask", - "policy": "CVE-2025-10148", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-10148" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "curl: libcurl: Curl out of bounds read for cookie path", - "policy": "CVE-2025-9086", - "properties": { - "installedVersion": "8.5.0-2ubuntu10.6", - "pkgName": "libcurl3t64-gnutls", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9086" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: vulnerable to Marvin Attack", - "policy": "CVE-2024-2236", - "properties": { - "installedVersion": "1.10.3-2build1", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": ": NULL Pointer Dereference in libssh KEX Session ID Calculation", - "policy": "CVE-2025-8114", - "properties": { - "installedVersion": "0.10.6-2ubuntu0.1", - "pkgName": "libssh-4", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8114" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: remote attackers (from the client side) to trigger unnecessarily expensive server-side DHE modular-exponentiation calculations", - "policy": "CVE-2024-41996", - "properties": { - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-41996" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-4ubuntu3.2", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Double free of memory in pch.c:another_hunk() causes a crash", - "policy": "CVE-2018-6952", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6952" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "patch: Invalid Pointer via another_hunk function", - "policy": "CVE-2021-45261", - "properties": { - "installedVersion": "2.7.6-7build3", - "pkgName": "patch", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2021-45261" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "git: The sideband payload is passed unfiltered to the terminal in git", - "policy": "CVE-2024-52005", - "properties": { - "installedVersion": "1:2.43.0-1ubuntu7.3", - "pkgName": "git-man", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-52005" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "kubernetes: kube-apiserver: Nodes can delete themselves by adding an OwnerReference", - "policy": "CVE-2025-5187", - "properties": { - "fixedVersion": "1.31.12, 1.32.8, 1.33.4", - "installedVersion": "v1.33.1", - "pkgName": "k8s.io/kubernetes", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5187" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Incomplete fix for CVE-2025-6020", - "policy": "CVE-2025-8941", - "properties": { - "installedVersion": "1.5.3-5ubuntu5.5", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8941" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "libssl3t64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.13-0ubuntu3.6", - "installedVersion": "3.0.13-0ubuntu3.5", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: net/http: net/http: sensitive headers incorrectly sent after cross-domain redirect", - "policy": "CVE-2024-45336", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45336" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang: crypto/x509: crypto/x509: usage of IPv6 zone IDs can bypass URI name constraints", - "policy": "CVE-2024-45341", - "properties": { - "fixedVersion": "1.22.11, 1.23.5, 1.24.0-rc.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-45341" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/internal/nistec: golang: Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec", - "policy": "CVE-2025-22866", - "properties": { - "fixedVersion": "1.22.12, 1.23.6, 1.24.0-rc.3", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22866" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Request smuggling due to acceptance of invalid chunked data in net/http", - "policy": "CVE-2025-22871", - "properties": { - "fixedVersion": "1.23.8, 1.24.2", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22871" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "tar: Tar path traversal", - "policy": "CVE-2025-45582", - "properties": { - "installedVersion": "1.35+dfsg-3build1", - "pkgName": "tar", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-45582" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.22.7", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "StatefulSet", - "name": "argocd-application-controller", - "uid": "05bba599-d15f-4f80-abb5-643e6c454491" - }, - "summary": { - "fail": 2, - "skip": 0, - "warn": 36 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:28:45Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-cert-manager-cainjector-cert-manager-cainjector-25020", - "namespace": "cert-manager", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-cert-manager-cainjector-cert-manager-cainjector-25020", - "uid": "ff3fb4c5-452f-4308-bb48-74faf6f08be2" - } - ], - "resourceVersion": "4270948", - "uid": "899b0852-2d75-40fd-b46d-aa83d01ebe1d" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "cert-manager-cainjector", - "uid": "803e195f-d433-4814-a65a-58794956f996" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:27:20Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-cert-manager-cert-manager-controller-72748", - "namespace": "cert-manager", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-cert-manager-cert-manager-controller-72748", - "uid": "5cb847e1-4238-46e8-97b4-6edd217ff67d" - } - ], - "resourceVersion": "4270116", - "uid": "533eb30f-4fc5-47bf-a063-3854abbf107b" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "cert-manager", - "uid": "004965a3-159f-4fb3-975f-dbbc23d6a7e4" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:21Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-cert-manager-webhook-cert-manager-webhook-73281", - "namespace": "cert-manager", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-cert-manager-webhook-cert-manager-webhook-73281", - "uid": "d2839e56-8c92-4a03-aa59-370e8cdf14ec" - } - ], - "resourceVersion": "4269477", - "uid": "5f2e398d-302f-404f-a821-51c1cbd9fedb" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "cert-manager-webhook", - "uid": "956d1be8-57e3-47ae-a45c-8577b15cba5c" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:28:30Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-external-dns-external-dns-e15dc", - "namespace": "external-dns", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-external-dns-external-dns-e15dc", - "uid": "464d4c0a-af1c-42c4-9ce8-a495a1a0e2fe" - } - ], - "resourceVersion": "4270780", - "uid": "5d59ecc8-5fb8-4315-b96c-ca18a6c7c0ff" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", - "policy": "CVE-2011-3374", - "properties": { - "installedVersion": "2.6.1", - "pkgName": "apt", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[Privilege escalation possible to other user than root]", - "policy": "TEMP-0841856-B18BAF", - "properties": { - "installedVersion": "5.2.15-2+b8", - "pkgName": "bash", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "1:2.38.1-5+deb12u3", - "pkgName": "bsdutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "coreutils: Non-privileged session can escape to the parent session in chroot", - "policy": "CVE-2016-2781", - "properties": { - "installedVersion": "9.1-1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "coreutils: race condition vulnerability in chown and chgrp", - "policy": "CVE-2017-18018", - "properties": { - "installedVersion": "9.1-1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", - "policy": "CVE-2025-5278", - "properties": { - "installedVersion": "9.1-1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "It was discovered that dpkg-deb does not properly sanitize directory p ...", - "policy": "CVE-2025-6297", - "properties": { - "installedVersion": "1.21.22", - "pkgName": "dpkg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6297" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", - "policy": "CVE-2022-27943", - "properties": { - "installedVersion": "12.2.0-14+deb12u1", - "pkgName": "gcc-12-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.2.40-1.1", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", - "policy": "CVE-2011-3374", - "properties": { - "installedVersion": "2.6.1", - "pkgName": "libapt-pkg6.0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libblkid1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "policy": "CVE-2010-4756", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2018-20796", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: stack guard protection bypass", - "policy": "CVE-2019-1010022", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "policy": "CVE-2019-1010023", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: ASLR bypass using cache of thread stack and heap", - "policy": "CVE-2019-1010024", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: information disclosure of heap addresses of pthread_created thread", - "policy": "CVE-2019-1010025", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2019-9192", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "policy": "CVE-2010-4756", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2018-20796", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: stack guard protection bypass", - "policy": "CVE-2019-1010022", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "policy": "CVE-2019-1010023", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: ASLR bypass using cache of thread stack and heap", - "policy": "CVE-2019-1010024", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: information disclosure of heap addresses of pthread_created thread", - "policy": "CVE-2019-1010025", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2019-9192", - "properties": { - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", - "policy": "CVE-2022-27943", - "properties": { - "installedVersion": "12.2.0-14+deb12u1", - "pkgName": "libgcc-s1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", - "policy": "CVE-2018-6829", - "properties": { - "installedVersion": "1.10.1-3", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: vulnerable to Marvin Attack", - "policy": "CVE-2024-2236", - "properties": { - "installedVersion": "1.10.1-3", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "policy": "CVE-2011-3389", - "properties": { - "installedVersion": "3.7.9-2+deb12u5", - "pkgName": "libgnutls30", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libmount1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnu-ncurses: ncurses Stack Buffer Overflow", - "policy": "CVE-2025-6141", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "libncursesw6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: File:: Temp insecure temporary file handling", - "policy": "CVE-2011-4116", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "libperl5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "http-tiny: insecure TLS cert default", - "policy": "CVE-2023-31486", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "libperl5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "procps: ps buffer overflow", - "policy": "CVE-2023-4016", - "properties": { - "installedVersion": "2:4.0.2-3", - "pkgName": "libproc2-0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-4016" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libsmartcols1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", - "policy": "CVE-2025-27587", - "properties": { - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", - "policy": "CVE-2022-27943", - "properties": { - "installedVersion": "12.2.0-14+deb12u1", - "pkgName": "libstdc++6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "policy": "CVE-2013-4392", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", - "policy": "CVE-2023-31437", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", - "policy": "CVE-2023-31438", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", - "policy": "CVE-2023-31439", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnu-ncurses: ncurses Stack Buffer Overflow", - "policy": "CVE-2025-6141", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "libtinfo6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "policy": "CVE-2013-4392", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", - "policy": "CVE-2023-31437", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", - "policy": "CVE-2023-31438", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", - "policy": "CVE-2023-31439", - "properties": { - "installedVersion": "252.38-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libuuid1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", - "policy": "CVE-2007-5686", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[more related to CVE-2005-4890]", - "policy": "TEMP-0628843-DBAD28", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "login", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "mount", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnu-ncurses: ncurses Stack Buffer Overflow", - "policy": "CVE-2025-6141", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "ncurses-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", - "policy": "CVE-2025-27587", - "properties": { - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", - "policy": "CVE-2007-5686", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[more related to CVE-2005-4890]", - "policy": "TEMP-0628843-DBAD28", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "passwd", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: File:: Temp insecure temporary file handling", - "policy": "CVE-2011-4116", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "http-tiny: insecure TLS cert default", - "policy": "CVE-2023-31486", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: File:: Temp insecure temporary file handling", - "policy": "CVE-2011-4116", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "http-tiny: insecure TLS cert default", - "policy": "CVE-2023-31486", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: File:: Temp insecure temporary file handling", - "policy": "CVE-2011-4116", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-modules-5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "http-tiny: insecure TLS cert default", - "policy": "CVE-2023-31486", - "properties": { - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-modules-5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "procps: ps buffer overflow", - "policy": "CVE-2023-4016", - "properties": { - "installedVersion": "2:4.0.2-3", - "pkgName": "procps", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-4016" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", - "policy": "TEMP-0517018-A83CE6", - "properties": { - "installedVersion": "3.06-4", - "pkgName": "sysv-rc", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", - "policy": "TEMP-0517018-A83CE6", - "properties": { - "installedVersion": "3.06-4", - "pkgName": "sysvinit-utils", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "tar: does not properly warn the user when extracting setuid or setgid files", - "policy": "CVE-2005-2541", - "properties": { - "installedVersion": "1.34+dfsg-1.2+deb12u1", - "pkgName": "tar", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[tar's rmt command may have undesired side effects]", - "policy": "TEMP-0290435-0B57B5", - "properties": { - "installedVersion": "1.34+dfsg-1.2+deb12u1", - "pkgName": "tar", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "util-linux", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "util-linux-extra", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "installedVersion": "2.2.40-1.1", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: Double free in glibc", - "policy": "CVE-2025-8058", - "properties": { - "fixedVersion": "2.36-9+deb12u13", - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8058" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: Double free in glibc", - "policy": "CVE-2025-8058", - "properties": { - "fixedVersion": "2.36-9+deb12u13", - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-8058" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "lz4: LZ4 null handling error", - "policy": "CVE-2025-62813", - "properties": { - "installedVersion": "1.9.4-1", - "pkgName": "liblz4-1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-62813" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "libncursesw6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", - "policy": "CVE-2025-40909", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "libperl5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "libtinfo6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "ncurses-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", - "policy": "CVE-2025-40909", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", - "policy": "CVE-2025-40909", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: Perl threads have a working directory race condition where file operations may target unintended paths", - "policy": "CVE-2025-40909", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-modules-5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-40909" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: CrossOriginProtection bypass in net/http", - "policy": "CVE-2025-47910", - "properties": { - "fixedVersion": "1.25.1", - "installedVersion": "v1.25.0", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: CrossOriginProtection bypass in net/http", - "policy": "CVE-2025-47910", - "properties": { - "fixedVersion": "1.25.1", - "installedVersion": "v1.25.0", - "pkgName": "stdlib", - "pkgPath": "opt/bitnami/external-dns", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47910" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", - "policy": "CVE-2025-4802", - "properties": { - "fixedVersion": "2.36-9+deb12u11", - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: static setuid binary dlopen may incorrectly search LD_LIBRARY_PATH", - "policy": "CVE-2025-4802", - "properties": { - "fixedVersion": "2.36-9+deb12u11", - "installedVersion": "2.36-9+deb12u10", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4802" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", - "policy": "CVE-2023-31484", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "libperl5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", - "policy": "CVE-2023-31484", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", - "policy": "CVE-2023-31484", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: CPAN.pm does not verify TLS certificates when downloading distributions over HTTPS", - "policy": "CVE-2023-31484", - "properties": { - "fixedVersion": "5.36.0-7+deb12u3", - "installedVersion": "5.36.0-7+deb12u2", - "pkgName": "perl-modules-5.36", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31484" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6", - "policy": "CVE-2023-45853", - "properties": { - "installedVersion": "1:1.2.13.dfsg-1", - "pkgName": "zlib1g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45853" - }, - "result": "fail", - "severity": "critical", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "external-dns", - "uid": "41760462-9454-446a-8b1b-e3e97fe00c39" - }, - "summary": { - "fail": 11, - "skip": 0, - "warn": 94 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:25:43Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-app-app-400ae", - "namespace": "fyr-dev-platform-playground", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-app-app-400ae", - "uid": "392220d0-dc72-48d6-b9af-e41b2f28d951" - } - ], - "resourceVersion": "4269028", - "uid": "f5b8be1f-745d-435e-a138-d1385b01686b" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "app", - "uid": "2ab9e6c8-3b69-405f-b7fe-76c6ff7c8deb" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:31:13Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-image-scanner-controller-manager-manager-ae61d", - "namespace": "image-scanner", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-image-scanner-controller-manager-manager-ae61d", - "uid": "8f09d0c0-8d76-4821-8250-79c90c729aab" - } - ], - "resourceVersion": "4272104", - "uid": "58268777-d0ae-46d3-afee-1f120fa3ed64" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "image-scanner-controller-manager", - "uid": "c39b6b7b-bb02-45b4-9dcd-ff26345f2122" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:25:49Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "statefulset-trivy-server-f5c86", - "namespace": "image-scanner", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "statefulset-trivy-server-f5c86", - "uid": "20bffb35-8fb5-4f48-8c5a-b4d8eb54e9ae" - } - ], - "resourceVersion": "4269108", - "uid": "77da8f77-f73f-4dde-9d07-5107044d392f" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.1-r0", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pcre2: PCRE2: heap-buffer-overflow read in match_ref due to missing boundary restoration in SCS", - "policy": "CVE-2025-58050", - "properties": { - "fixedVersion": "10.46-r0", - "installedVersion": "10.43-r1", - "pkgName": "pcre2", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-58050" - }, - "result": "fail", - "severity": "critical", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "StatefulSet", - "name": "trivy", - "uid": "197ade84-8d8f-43d7-8774-8ac83c1e7ba4" - }, - "summary": { - "fail": 1, - "skip": 0, - "warn": 6 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-29T11:00:11Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "cronjob-kargo-garbage-collector-garbage-collector-630fc", - "namespace": "kargo", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "cronjob-kargo-garbage-collector-garbage-collector-630fc", - "uid": "083e4eef-f561-47c8-9004-1387873bf458" - } - ], - "resourceVersion": "5684933", - "uid": "9f84340b-1ceb-44bf-b428-05fa943435cb" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gnupg-gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", - "policy": "CVE-2025-55198", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", - "policy": "CVE-2025-55199", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "batch/v1", - "kind": "CronJob", - "name": "kargo-garbage-collector", - "uid": "0b69b7d0-398a-48b4-9c5b-89084c8f7dde" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 14 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:24Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-imagepusher-imagepusher-a9c1f", - "namespace": "kargo", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-imagepusher-imagepusher-a9c1f", - "uid": "4fb0ed0c-b87b-4e16-bedc-c834391c71b7" - } - ], - "resourceVersion": "4269517", - "uid": "36c37d99-cfa9-4df5-8a36-e6f95452b814" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "imagepusher", - "uid": "1ebd5847-9d1f-4386-bcd1-cc089f6630a6" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:25:52Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-kargo-api-api-630fc", - "namespace": "kargo", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-kargo-api-api-630fc", - "uid": "3bc1c1c7-4e50-4a1f-a7eb-921cad1a4f2f" - } - ], - "resourceVersion": "4269142", - "uid": "48e850dc-54ec-413b-b9d3-6337cbeeb182" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gnupg-gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", - "policy": "CVE-2025-55198", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", - "policy": "CVE-2025-55199", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "kargo-api", - "uid": "0c94c1a5-6acc-43f2-9676-fea9552dc930" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 14 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:18Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-kargo-controller-controller-630fc", - "namespace": "kargo", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-kargo-controller-controller-630fc", - "uid": "9a8cf60f-00fe-4f51-96ee-26d7669624c3" - } - ], - "resourceVersion": "4269440", - "uid": "ef15eaa7-07f6-4d65-afa6-ac838ba07678" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gnupg-gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", - "policy": "CVE-2025-55198", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", - "policy": "CVE-2025-55199", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "kargo-controller", - "uid": "a36abea7-ec05-4281-8f2d-3ca9427ebc4c" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 14 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:28:47Z", - "generation": 3, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-kargo-external-webhooks-server-webhooks-server-630fc", - "namespace": "kargo", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-kargo-external-webhooks-server-webhooks-server-630fc", - "uid": "b6f84206-df7f-47d2-95c8-8d71128e5b71" - } - ], - "resourceVersion": "5595163", - "uid": "e91260c9-2373-4fc4-8ee4-a963e93ce518" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gnupg-gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", - "policy": "CVE-2025-55198", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", - "policy": "CVE-2025-55199", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "kargo-external-webhooks-server", - "uid": "eb1779c9-658a-401b-bbf9-76e353734223" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 14 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:28:32Z", - "generation": 3, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-kargo-management-controller-management-controller-630fc", - "namespace": "kargo", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-kargo-management-controller-management-controller-630fc", - "uid": "1bd065b0-4272-4a1b-9596-8010e256f3c6" - } - ], - "resourceVersion": "4932284", - "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gnupg-gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", - "policy": "CVE-2025-55198", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", - "policy": "CVE-2025-55199", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "kargo-management-controller", - "uid": "d0cbd625-d495-415e-bf39-b4e3c4f4366e" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 14 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:35Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-kargo-webhooks-server-webhooks-server-630fc", - "namespace": "kargo", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-kargo-webhooks-server-webhooks-server-630fc", - "uid": "fe6e485f-cf48-4274-b4ef-b6405b791646" - } - ], - "resourceVersion": "4269625", - "uid": "f6d3c38b-f36c-4853-a21a-c08955371c64" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gnupg-gpgconf", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "fixedVersion": "2.4.8-r1", - "installedVersion": "2.2.41-r52", - "pkgName": "gpg-agent", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability", - "policy": "CVE-2025-55198", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55198" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service", - "policy": "CVE-2025-55199", - "properties": { - "fixedVersion": "3.18.5", - "installedVersion": "v3.18.4", - "pkgName": "helm.sh/helm/v3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55199" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libcrypto3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Timing side-channel in SM2 algorithm on 64 bit ARM", - "policy": "CVE-2025-9231", - "properties": { - "fixedVersion": "3.5.4-r0", - "installedVersion": "3.5.2-r1", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9231" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.4", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.5", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "kargo-webhooks-server", - "uid": "71331981-7efa-4a56-925c-e7c861731ae6" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 14 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:16Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-opentelemetry-operator-kube-rbac-proxy-e2b6a", - "namespace": "observability", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-opentelemetry-operator-kube-rbac-proxy-e2b6a", - "uid": "86b654fc-643a-4f94-bc43-c727c9a26765" - } - ], - "resourceVersion": "4269400", - "uid": "4ec1cc25-29ef-4a1e-b6a8-11f45bf93e14" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "go-jose: Go JOSE's Parsing Vulnerable to Denial of Service", - "policy": "CVE-2025-27144", - "properties": { - "fixedVersion": "3.0.4", - "installedVersion": "v2.6.3+incompatible", - "pkgName": "github.com/go-jose/go-jose", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27144" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Inconsistent handling of O_CREATE|O_EXCL on Unix and Windows in os in syscall", - "policy": "CVE-2025-0913", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-0913" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "net/http: Sensitive headers not cleared on cross-origin redirect in net/http", - "policy": "CVE-2025-4673", - "properties": { - "fixedVersion": "1.23.10, 1.24.4", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-4673" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "os/exec: Unexpected paths returned from LookPath in os/exec", - "policy": "CVE-2025-47906", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47906" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "golang.org/x/oauth2/jws: Unexpected memory consumption during token parsing in golang.org/x/oauth2/jws", - "policy": "CVE-2025-22868", - "properties": { - "fixedVersion": "0.27.0", - "installedVersion": "v0.23.0", - "pkgName": "golang.org/x/oauth2", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22868" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "crypto/x509: Usage of ExtKeyUsageAny disables policy validation in crypto/x509", - "policy": "CVE-2025-22874", - "properties": { - "fixedVersion": "1.24.4", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-22874" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "database/sql: Postgres Scan Race Condition", - "policy": "CVE-2025-47907", - "properties": { - "fixedVersion": "1.23.12, 1.24.6", - "installedVersion": "v1.24.2", - "pkgName": "stdlib", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-47907" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "opentelemetry-operator", - "uid": "f9ca3c43-302e-46ba-a19e-d2651c8d941b" - }, - "summary": { - "fail": 3, - "skip": 0, - "warn": 4 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:26:27Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-opentelemetry-operator-manager-b2131", - "namespace": "observability", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-opentelemetry-operator-manager-b2131", - "uid": "cdc1999a-2e70-4917-b606-e137be3c2aad" - } - ], - "resourceVersion": "4269547", - "uid": "f06c27ce-9ef6-418b-8049-3a5be737da35" - }, - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "opentelemetry-operator", - "uid": "f9ca3c43-302e-46ba-a19e-d2651c8d941b" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:27:13Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "pod-opentelemetry-operator-cert-manager-wget-c4d93", - "namespace": "observability", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "pod-opentelemetry-operator-cert-manager-wget-c4d93", - "uid": "01593984-cd60-4553-ba18-b26814c2ed90" - } - ], - "resourceVersion": "4270043", - "uid": "d2e21b80-2963-4c0a-b668-65fecfedeb13" - }, - "scope": { - "apiVersion": "v1", - "kind": "Pod", - "name": "opentelemetry-operator-cert-manager", - "uid": "87cfa89f-003e-41ac-8551-97cb5713e959" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:28:32Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "pod-opentelemetry-operator-metrics-wget-c4d93", - "namespace": "observability", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "pod-opentelemetry-operator-metrics-wget-c4d93", - "uid": "8618eb32-23a0-4567-856a-6f6128fb85b4" - } - ], - "resourceVersion": "4270816", - "uid": "a0727fd2-bf11-44d3-8f9c-79ef73160273" - }, - "scope": { - "apiVersion": "v1", - "kind": "Pod", - "name": "opentelemetry-operator-metrics", - "uid": "64294bb9-feea-470a-9339-387e85f78d8d" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:27:12Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "pod-opentelemetry-operator-webhook-wget-c4d93", - "namespace": "observability", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "pod-opentelemetry-operator-webhook-wget-c4d93", - "uid": "c8770bba-72b4-448b-a8c6-56a818f66a16" - } - ], - "resourceVersion": "4270024", - "uid": "68d9a868-e0ab-487c-a8b2-3ff54579d2a4" - }, - "scope": { - "apiVersion": "v1", - "kind": "Pod", - "name": "opentelemetry-operator-webhook", - "uid": "86252216-08d9-4d52-93da-d8edc9b65886" - }, - "summary": { - "fail": 0, - "skip": 0, - "warn": 0 - } - }, - { - "apiVersion": "openreports.io/v1alpha1", - "kind": "Report", - "metadata": { - "creationTimestamp": "2025-10-27T08:28:48Z", - "generation": 1, - "labels": { - "app.kubernetes.io/managed-by": "image-scanner" - }, - "name": "deployment-reflector-reflector-3f8b3", - "namespace": "reflector", - "ownerReferences": [ - { - "apiVersion": "stas.statnett.no/v1alpha1", - "blockOwnerDeletion": true, - "controller": true, - "kind": "ContainerImageScan", - "name": "deployment-reflector-reflector-3f8b3", - "uid": "5c0cc414-9d89-442f-b4ba-a201a46b601c" - } - ], - "resourceVersion": "4270985", - "uid": "7479a61f-a825-4b4f-9b19-16bc6c2b105e" - }, - "results": [ - { - "category": "vulnerability scan", - "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", - "policy": "CVE-2011-3374", - "properties": { - "installedVersion": "2.6.1", - "pkgName": "apt", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[Privilege escalation possible to other user than root]", - "policy": "TEMP-0841856-B18BAF", - "properties": { - "installedVersion": "5.2.15-2+b9", - "pkgName": "bash", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0841856-B18BAF" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "1:2.38.1-5+deb12u3", - "pkgName": "bsdutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "coreutils: Non-privileged session can escape to the parent session in chroot", - "policy": "CVE-2016-2781", - "properties": { - "installedVersion": "9.1-1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2016-2781" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "coreutils: race condition vulnerability in chown and chgrp", - "policy": "CVE-2017-18018", - "properties": { - "installedVersion": "9.1-1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2017-18018" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "coreutils: Heap Buffer Under-Read in GNU Coreutils sort via Key Specification", - "policy": "CVE-2025-5278", - "properties": { - "installedVersion": "9.1-1", - "pkgName": "coreutils", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-5278" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "It was discovered that dpkg-deb does not properly sanitize directory p ...", - "policy": "CVE-2025-6297", - "properties": { - "installedVersion": "1.21.22", - "pkgName": "dpkg", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6297" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", - "policy": "CVE-2022-27943", - "properties": { - "installedVersion": "12.2.0-14+deb12u1", - "pkgName": "gcc-12-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: denial of service issue (resource consumption) using compressed packets", - "policy": "CVE-2022-3219", - "properties": { - "installedVersion": "2.2.40-1.1+deb12u1", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-3219" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "It was found that apt-key in apt, all versions, do not correctly valid ...", - "policy": "CVE-2011-3374", - "properties": { - "installedVersion": "2.6.1", - "pkgName": "libapt-pkg6.0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3374" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libblkid1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "policy": "CVE-2010-4756", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2018-20796", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: stack guard protection bypass", - "policy": "CVE-2019-1010022", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "policy": "CVE-2019-1010023", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: ASLR bypass using cache of thread stack and heap", - "policy": "CVE-2019-1010024", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: information disclosure of heap addresses of pthread_created thread", - "policy": "CVE-2019-1010025", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2019-9192", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: glob implementation can cause excessive CPU and memory consumption due to crafted glob expressions", - "policy": "CVE-2010-4756", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2010-4756" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2018-20796", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-20796" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: stack guard protection bypass", - "policy": "CVE-2019-1010022", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010022" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: running ldd on malicious ELF leads to code execution because of wrong size computation", - "policy": "CVE-2019-1010023", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010023" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: ASLR bypass using cache of thread stack and heap", - "policy": "CVE-2019-1010024", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010024" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: information disclosure of heap addresses of pthread_created thread", - "policy": "CVE-2019-1010025", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-1010025" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "glibc: uncontrolled recursion in function check_dst_limits_calc_pos_1 in posix/regexec.c", - "policy": "CVE-2019-9192", - "properties": { - "installedVersion": "2.36-9+deb12u13", - "pkgName": "libc6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2019-9192" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", - "policy": "CVE-2022-27943", - "properties": { - "installedVersion": "12.2.0-14+deb12u1", - "pkgName": "libgcc-s1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: ElGamal implementation doesn't have semantic security due to incorrectly encoded plaintexts possibly allowing to obtain sensitive information", - "policy": "CVE-2018-6829", - "properties": { - "installedVersion": "1.10.1-3", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2018-6829" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "libgcrypt: vulnerable to Marvin Attack", - "policy": "CVE-2024-2236", - "properties": { - "installedVersion": "1.10.1-3", - "pkgName": "libgcrypt20", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-2236" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "HTTPS: block-wise chosen-plaintext attack against SSL/TLS (BEAST)", - "policy": "CVE-2011-3389", - "properties": { - "installedVersion": "3.7.9-2+deb12u5", - "pkgName": "libgnutls30", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-3389" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libmount1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libsmartcols1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", - "policy": "CVE-2025-27587", - "properties": { - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const", - "policy": "CVE-2022-27943", - "properties": { - "installedVersion": "12.2.0-14+deb12u1", - "pkgName": "libstdc++6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-27943" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "policy": "CVE-2013-4392", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", - "policy": "CVE-2023-31437", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", - "policy": "CVE-2023-31438", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", - "policy": "CVE-2023-31439", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libsystemd0", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnu-ncurses: ncurses Stack Buffer Overflow", - "policy": "CVE-2025-6141", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "libtinfo6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "systemd: TOCTOU race condition when updating file permissions and SELinux security contexts", - "policy": "CVE-2013-4392", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2013-4392" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify a seale ...", - "policy": "CVE-2023-31437", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31437" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can truncate a sea ...", - "policy": "CVE-2023-31438", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31438" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "An issue was discovered in systemd 253. An attacker can modify the con ...", - "policy": "CVE-2023-31439", - "properties": { - "installedVersion": "252.39-1~deb12u1", - "pkgName": "libudev1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31439" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "libuuid1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", - "policy": "CVE-2007-5686", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "login", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[more related to CVE-2005-4890]", - "policy": "TEMP-0628843-DBAD28", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "login", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "mount", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnu-ncurses: ncurses Stack Buffer Overflow", - "policy": "CVE-2025-6141", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "ncurses-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnu-ncurses: ncurses Stack Buffer Overflow", - "policy": "CVE-2025-6141", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "ncurses-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6141" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "OpenSSL 3.0.0 through 3.3.2 on the PowerPC architecture is vulnerable ...", - "policy": "CVE-2025-27587", - "properties": { - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-27587" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read in HTTP client no_proxy handling", - "policy": "CVE-2025-9232", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "initscripts in rPath Linux 1 sets insecure permissions for the /var/lo ...", - "policy": "CVE-2007-5686", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2007-5686" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "shadow-utils: Default subordinate ID configuration in /etc/login.defs could lead to compromise", - "policy": "CVE-2024-56433", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "passwd", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-56433" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[more related to CVE-2005-4890]", - "policy": "TEMP-0628843-DBAD28", - "properties": { - "installedVersion": "1:4.13+dfsg1-1+deb12u1", - "pkgName": "passwd", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0628843-DBAD28" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "perl: File:: Temp insecure temporary file handling", - "policy": "CVE-2011-4116", - "properties": { - "installedVersion": "5.36.0-7+deb12u3", - "pkgName": "perl-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2011-4116" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "http-tiny: insecure TLS cert default", - "policy": "CVE-2023-31486", - "properties": { - "installedVersion": "5.36.0-7+deb12u3", - "pkgName": "perl-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-31486" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[sysvinit: no-root option in expert installer exposes locally exploitable security flaw]", - "policy": "TEMP-0517018-A83CE6", - "properties": { - "installedVersion": "3.06-4", - "pkgName": "sysvinit-utils", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0517018-A83CE6" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "tar: does not properly warn the user when extracting setuid or setgid files", - "policy": "CVE-2005-2541", - "properties": { - "installedVersion": "1.34+dfsg-1.2+deb12u1", - "pkgName": "tar", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2005-2541" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "[tar's rmt command may have undesired side effects]", - "policy": "TEMP-0290435-0B57B5", - "properties": { - "installedVersion": "1.34+dfsg-1.2+deb12u1", - "pkgName": "tar", - "primaryURL": "https://security-tracker.debian.org/tracker/TEMP-0290435-0B57B5" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "util-linux", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "util-linux: partial disclosure of arbitrary files in chfn and chsh when compiled with libreadline", - "policy": "CVE-2022-0563", - "properties": { - "installedVersion": "2.38.1-5+deb12u3", - "pkgName": "util-linux-extra", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2022-0563" - }, - "result": "warn", - "severity": "low", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "Kubernetes C# client accepts certificates from any CA without properly verifying the trust chain", - "policy": "CVE-2025-9708", - "properties": { - "fixedVersion": "17.0.14", - "installedVersion": "17.0.4", - "pkgName": "KubernetesClient", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9708" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "dotnet: .NET Information Disclosure Vulnerability", - "policy": "CVE-2025-55248", - "properties": { - "fixedVersion": "9.0.10, 8.0.21", - "installedVersion": "9.0.9", - "pkgName": "Microsoft.NETCore.App.Runtime.linux-x64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55248" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "gnupg: verification DoS due to a malicious subkey in the keyring", - "policy": "CVE-2025-30258", - "properties": { - "installedVersion": "2.2.40-1.1+deb12u1", - "pkgName": "gpgv", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-30258" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "lz4: LZ4 null handling error", - "policy": "CVE-2025-62813", - "properties": { - "installedVersion": "1.9.4-1", - "pkgName": "liblz4-1", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-62813" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: libpam: Libpam vulnerable to read hashed password", - "policy": "CVE-2024-10041", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-10041" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "pam: allowing unprivileged user to block another user namespace", - "policy": "CVE-2024-22365", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2024-22365" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "libssl3", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "libtinfo6", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "ncurses-base", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "ncurses: segmentation fault via _nc_wrap_entry()", - "policy": "CVE-2023-50495", - "properties": { - "installedVersion": "6.4-4", - "pkgName": "ncurses-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-50495" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "openssl: Out-of-bounds read & write in RFC 3211 KEK Unwrap", - "policy": "CVE-2025-9230", - "properties": { - "fixedVersion": "3.0.17-1~deb12u3", - "installedVersion": "3.0.17-1~deb12u2", - "pkgName": "openssl", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9230" - }, - "result": "warn", - "severity": "medium", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-modules-bin", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam-runtime", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "linux-pam: Linux-pam directory Traversal", - "policy": "CVE-2025-6020", - "properties": { - "installedVersion": "1.5.2-6+deb12u1", - "pkgName": "libpam0g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-6020" - }, - "result": "fail", - "severity": "high", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "dotnet: .NET Security Feature Bypass Vulnerability", - "policy": "CVE-2025-55315", - "properties": { - "fixedVersion": "10.0.0-rc.2.25502.107, 9.0.10, 8.0.21", - "installedVersion": "9.0.9", - "pkgName": "Microsoft.AspNetCore.App.Runtime.linux-x64", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-55315" - }, - "result": "fail", - "severity": "critical", - "source": "image-scanner" - }, - { - "category": "vulnerability scan", - "message": "zlib: integer overflow and resultant heap-based buffer overflow in zipOpenNewFileInZip4_6", - "policy": "CVE-2023-45853", - "properties": { - "installedVersion": "1:1.2.13.dfsg-1", - "pkgName": "zlib1g", - "primaryURL": "https://avd.aquasec.com/nvd/cve-2023-45853" - }, - "result": "fail", - "severity": "critical", - "source": "image-scanner" - } - ], - "scope": { - "apiVersion": "apps/v1", - "kind": "Deployment", - "name": "reflector", - "uid": "f02aa1c7-969d-4e7a-bcb7-c3de73958614" - }, - "summary": { - "fail": 6, - "skip": 0, - "warn": 79 - } - } - ], - "kind": "List", - "metadata": { - "resourceVersion": "" - } -} From 53a1aa87d8f5e10782cdeae88ba66cca307a21f4 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Wed, 29 Oct 2025 13:50:48 +0100 Subject: [PATCH 03/12] =?UTF-8?q?=F0=9F=9A=A8fix:=20Lint=20errors?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- dojo/tools/openreports/parser.py | 48 ++++++++++------------ unittests/tools/test_openreports_parser.py | 12 +++--- 2 files changed, 28 insertions(+), 32 deletions(-) diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index b826d2c3add..dbb37e73974 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -74,23 +74,23 @@ def get_findings(self, scan_file, test): def _parse_report(self, test, report): findings = [] - + # Extract metadata metadata = report.get("metadata", {}) report_name = metadata.get("name", "") namespace = metadata.get("namespace", "") - + # Extract scope information scope = report.get("scope", {}) scope_kind = scope.get("kind", "") scope_name = scope.get("name", "") - + # Create service identifier from scope and metadata service_name = f"{namespace}/{scope_kind}/{scope_name}" if namespace else f"{scope_kind}/{scope_name}" - + # Extract results results = report.get("results", []) - + for result in results: if not isinstance(result, dict): continue @@ -110,23 +110,20 @@ def _create_finding_from_result(self, test, result, service_name, report_name): result_status = result.get("result", "") severity = result.get("severity", "info").lower() source = result.get("source", "") - + # Extract properties properties = result.get("properties", {}) pkg_name = properties.get("pkgName", "") installed_version = properties.get("installedVersion", "") fixed_version = properties.get("fixedVersion", "") primary_url = properties.get("primaryURL", "") - + # Convert severity to DefectDojo format severity_normalized = OPENREPORTS_SEVERITIES.get(severity, "Info") - + # Create title - if policy.startswith("CVE-"): - title = f"{policy} in {pkg_name}" - else: - title = f"{policy}: {message}" - + title = f"{policy} in {pkg_name}" if policy.startswith("CVE-") else f"{policy}: {message}" + # Create description description = DESCRIPTION_TEMPLATE.format( message=message, @@ -139,25 +136,24 @@ def _create_finding_from_result(self, test, result, service_name, report_name): fixed_version=fixed_version, primary_url=primary_url, ) - + # Determine if fix is available fix_available = bool(fixed_version and fixed_version.strip()) - + # Set mitigation based on fixed version mitigation = f"Upgrade to version: {fixed_version}" if fixed_version else "" - + # Set references - references = primary_url if primary_url else "" - + references = primary_url or "" + # Determine active status based on result - active = result_status not in ["skip", "pass"] - verified = result_status in ["fail", "warn"] - + active = result_status not in {"skip", "pass"} + verified = result_status in {"fail", "warn"} + # Create tags tags = [category, source] if scope_kind := service_name.split("/")[1] if "/" in service_name else "": tags.append(scope_kind) - finding = Finding( test=test, title=title, @@ -175,13 +171,13 @@ def _create_finding_from_result(self, test, result, service_name, report_name): fix_available=fix_available, tags=tags, ) - + # Add vulnerability ID if it's a CVE if policy.startswith("CVE-"): finding.unsaved_vulnerability_ids = [policy] - - return finding - + else: + return finding + except KeyError as exc: logger.warning("Failed to parse OpenReports result due to missing key: %r", exc) return None diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py index 3daa588064e..9f630ee2eec 100644 --- a/unittests/tools/test_openreports_parser.py +++ b/unittests/tools/test_openreports_parser.py @@ -20,7 +20,7 @@ def test_single_report(self): parser = OpenreportsParser() findings = parser.get_findings(test_file, Test()) self.assertEqual(len(findings), 2) - + # Test first finding (warn/low severity) finding1 = findings[0] self.assertEqual("CVE-2025-9232 in libcrypto3", finding1.title) @@ -59,13 +59,13 @@ def test_list_format(self): parser = OpenreportsParser() findings = parser.get_findings(test_file, Test()) self.assertEqual(len(findings), 2) - + # Verify findings from different reports have different services services = {finding.service for finding in findings} self.assertEqual(len(services), 2) self.assertIn("test/Deployment/app1", services) self.assertIn("test/Deployment/app2", services) - + # Verify CVE IDs cve_ids = [finding.unsaved_vulnerability_ids[0] for finding in findings] self.assertIn("CVE-2025-9232", cve_ids) @@ -75,9 +75,9 @@ def test_parser_metadata(self): parser = OpenreportsParser() scan_types = parser.get_scan_types() self.assertEqual(["OpenReports Scan"], scan_types) - + label = parser.get_label_for_scan_types("OpenReports Scan") self.assertEqual("OpenReports Scan", label) - + description = parser.get_description_for_scan_types("OpenReports Scan") - self.assertEqual("Import OpenReports JSON scan report.", description) \ No newline at end of file + self.assertEqual("Import OpenReports JSON scan report.", description) From 709587eeb7afe22e55974d44336770ad2524e5b9 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Thu, 30 Oct 2025 11:07:39 +0100 Subject: [PATCH 04/12] OpenReports: Add Dedup and non-CVE support --- dojo/settings/settings.dist.py | 3 ++ dojo/tools/openreports/parser.py | 22 +++++--- .../openreports/openreports_list_format.json | 16 +++++- .../openreports_single_report.json | 16 +++++- unittests/tools/test_openreports_parser.py | 52 +++++++++++++++---- 5 files changed, 90 insertions(+), 19 deletions(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 2ca0c60b462..9404e3b3456 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1395,6 +1395,7 @@ def saml2_attrib_map_format(din): "Cycognito Scan": ["title", "severity"], "OpenVAS Parser v2": ["title", "severity", "vuln_id_from_tool", "endpoints"], "Snyk Issue API Scan": ["vuln_id_from_tool", "file_path"], + "OpenReports": ["vulnerability_ids", "component_name", "component_version", "severity"], } # Override the hardcoded settings here via the env var @@ -1467,6 +1468,7 @@ def saml2_attrib_map_format(din): "AWS Inspector2 Scan": True, "Cyberwatch scan (Galeax)": True, "OpenVAS Parser v2": True, + "OpenReports": True, } # List of fields that are known to be usable in hash_code computation) @@ -1657,6 +1659,7 @@ def saml2_attrib_map_format(din): "Cyberwatch scan (Galeax)": DEDUPE_ALGO_HASH_CODE, "OpenVAS Parser v2": DEDUPE_ALGO_HASH_CODE, "Snyk Issue API Scan": DEDUPE_ALGO_HASH_CODE, + "OpenReports": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, } # Override the hardcoded settings here via the env var diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index dbb37e73974..200760e501a 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -31,13 +31,13 @@ class OpenreportsParser: def get_scan_types(self): - return ["OpenReports Scan"] + return ["OpenReports"] def get_label_for_scan_types(self, scan_type): - return "OpenReports Scan" + return "OpenReports" def get_description_for_scan_types(self, scan_type): - return "Import OpenReports JSON scan report." + return "Import OpenReports JSON report." def get_findings(self, scan_file, test): scan_data = scan_file.read() @@ -79,6 +79,7 @@ def _parse_report(self, test, report): metadata = report.get("metadata", {}) report_name = metadata.get("name", "") namespace = metadata.get("namespace", "") + report_uid = metadata.get("uid", "") # Extract scope information scope = report.get("scope", {}) @@ -95,13 +96,13 @@ def _parse_report(self, test, report): if not isinstance(result, dict): continue - finding = self._create_finding_from_result(test, result, service_name, report_name) + finding = self._create_finding_from_result(test, result, service_name, report_name, report_uid) if finding: findings.append(finding) return findings - def _create_finding_from_result(self, test, result, service_name, report_name): + def _create_finding_from_result(self, test, result, service_name, report_name, report_uid): try: # Extract basic fields message = result.get("message", "") @@ -175,8 +176,15 @@ def _create_finding_from_result(self, test, result, service_name, report_name): # Add vulnerability ID if it's a CVE if policy.startswith("CVE-"): finding.unsaved_vulnerability_ids = [policy] - else: - return finding + + # Create unique_id_from_tool for deduplication + # Use the report UID if available (from metadata.uid), otherwise fall back to service_name + # Format: report_uid:policy:package_name (preferred) or policy:package_name:service_name (fallback) + # This uses the stable UID from the OpenReports API that won't change on reimport + unique_id_components = [report_uid, policy, pkg_name] if report_uid else [policy, pkg_name, service_name] + finding.unique_id_from_tool = ":".join(unique_id_components) + + return finding # noqa: TRY300 - This is intentional except KeyError as exc: logger.warning("Failed to parse OpenReports result due to missing key: %r", exc) diff --git a/unittests/scans/openreports/openreports_list_format.json b/unittests/scans/openreports/openreports_list_format.json index 0499696cc2f..957ed4f2d8f 100644 --- a/unittests/scans/openreports/openreports_list_format.json +++ b/unittests/scans/openreports/openreports_list_format.json @@ -91,6 +91,20 @@ "result": "fail", "severity": "high", "source": "image-scanner" + }, + { + "category": "configuration scan", + "message": "Container running as root user", + "policy": "SECURITY-001", + "properties": { + "fixedVersion": "", + "installedVersion": "latest", + "pkgName": "container-config", + "primaryURL": "https://security.example.com/policies/SECURITY-001" + }, + "result": "warn", + "severity": "medium", + "source": "policy-scanner" } ], "scope": { @@ -102,7 +116,7 @@ "summary": { "fail": 1, "skip": 0, - "warn": 0 + "warn": 1 } } ], diff --git a/unittests/scans/openreports/openreports_single_report.json b/unittests/scans/openreports/openreports_single_report.json index df23ed2e3e8..59fd2855db9 100644 --- a/unittests/scans/openreports/openreports_single_report.json +++ b/unittests/scans/openreports/openreports_single_report.json @@ -50,6 +50,20 @@ "result": "fail", "severity": "high", "source": "image-scanner" + }, + { + "category": "compliance check", + "message": "Missing security headers in HTTP response", + "policy": "CIS-BENCH-001", + "properties": { + "fixedVersion": "Configure proper security headers", + "installedVersion": "N/A", + "pkgName": "web-server", + "primaryURL": "https://www.cisecurity.org/benchmark/docker" + }, + "result": "fail", + "severity": "low", + "source": "compliance-scanner" } ], "scope": { @@ -59,7 +73,7 @@ "uid": "d0cbd625-d495-415e-bf39-b4e3c4f4366e" }, "summary": { - "fail": 1, + "fail": 2, "skip": 0, "warn": 1 } diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py index 9f630ee2eec..152b449b38c 100644 --- a/unittests/tools/test_openreports_parser.py +++ b/unittests/tools/test_openreports_parser.py @@ -8,7 +8,6 @@ def sample_path(file_name): class TestOpenreportsParser(DojoTestCase): - def test_no_results(self): with sample_path("openreports_no_results.json").open(encoding="utf-8") as test_file: parser = OpenreportsParser() @@ -19,7 +18,7 @@ def test_single_report(self): with sample_path("openreports_single_report.json").open(encoding="utf-8") as test_file: parser = OpenreportsParser() findings = parser.get_findings(test_file, Test()) - self.assertEqual(len(findings), 2) + self.assertEqual(len(findings), 3) # Test first finding (warn/low severity) finding1 = findings[0] @@ -35,6 +34,9 @@ def test_single_report(self): self.assertTrue(finding1.fix_available) self.assertEqual(1, len(finding1.unsaved_vulnerability_ids)) self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0]) + self.assertEqual( + "b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-9232:libcrypto3", finding1.unique_id_from_tool + ) self.assertIn("vulnerability scan", finding1.tags) self.assertIn("image-scanner", finding1.tags) self.assertIn("Deployment", finding1.tags) @@ -53,12 +55,34 @@ def test_single_report(self): self.assertTrue(finding2.fix_available) self.assertEqual(1, len(finding2.unsaved_vulnerability_ids)) self.assertEqual("CVE-2025-47907", finding2.unsaved_vulnerability_ids[0]) + self.assertEqual("b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-47907:stdlib", finding2.unique_id_from_tool) + + # Test third finding (non-CVE policy, fail/low severity) + finding3 = findings[2] + self.assertEqual("CIS-BENCH-001: Missing security headers in HTTP response", finding3.title) + self.assertEqual("Low", finding3.severity) + self.assertEqual("web-server", finding3.component_name) + self.assertEqual("N/A", finding3.component_version) + self.assertEqual("Upgrade to version: Configure proper security headers", finding3.mitigation) + self.assertEqual("https://www.cisecurity.org/benchmark/docker", finding3.references) + self.assertEqual("test/Deployment/test-app", finding3.service) + self.assertTrue(finding3.active) + self.assertTrue(finding3.verified) + self.assertTrue(finding3.fix_available) + # Non-CVE policies should not have vulnerability IDs + self.assertIsNone(finding3.unsaved_vulnerability_ids) + self.assertEqual( + "b1fcca57-2efd-44d3-89e9-949e29b61936:CIS-BENCH-001:web-server", finding3.unique_id_from_tool + ) + self.assertIn("compliance check", finding3.tags) + self.assertIn("compliance-scanner", finding3.tags) + self.assertIn("Deployment", finding3.tags) def test_list_format(self): with sample_path("openreports_list_format.json").open(encoding="utf-8") as test_file: parser = OpenreportsParser() findings = parser.get_findings(test_file, Test()) - self.assertEqual(len(findings), 2) + self.assertEqual(len(findings), 3) # Verify findings from different reports have different services services = {finding.service for finding in findings} @@ -66,18 +90,26 @@ def test_list_format(self): self.assertIn("test/Deployment/app1", services) self.assertIn("test/Deployment/app2", services) - # Verify CVE IDs - cve_ids = [finding.unsaved_vulnerability_ids[0] for finding in findings] + # Verify CVE IDs - only findings with CVE policies should have vulnerability IDs + cve_findings = [finding for finding in findings if finding.unsaved_vulnerability_ids] + self.assertEqual(len(cve_findings), 2) + cve_ids = [finding.unsaved_vulnerability_ids[0] for finding in cve_findings] self.assertIn("CVE-2025-9232", cve_ids) self.assertIn("CVE-2025-47907", cve_ids) + # Verify there's at least one non-CVE finding + non_cve_findings = [finding for finding in findings if not finding.unsaved_vulnerability_ids] + self.assertEqual(len(non_cve_findings), 1) + non_cve_finding = non_cve_findings[0] + self.assertEqual("SECURITY-001: Container running as root user", non_cve_finding.title) + def test_parser_metadata(self): parser = OpenreportsParser() scan_types = parser.get_scan_types() - self.assertEqual(["OpenReports Scan"], scan_types) + self.assertEqual(["OpenReports"], scan_types) - label = parser.get_label_for_scan_types("OpenReports Scan") - self.assertEqual("OpenReports Scan", label) + label = parser.get_label_for_scan_types("OpenReports") + self.assertEqual("OpenReports", label) - description = parser.get_description_for_scan_types("OpenReports Scan") - self.assertEqual("Import OpenReports JSON scan report.", description) + description = parser.get_description_for_scan_types("OpenReports") + self.assertEqual("Import OpenReports JSON report.", description) From fda154ac627afcb681d05d3341f23fadba0e0d44 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Thu, 30 Oct 2025 11:07:47 +0100 Subject: [PATCH 05/12] docs: Add OpenReports file import docs --- .../parsers/file/openreports.md | 136 ++++++++++++++++++ unittests/tools/test_openreports_parser.py | 4 +- 2 files changed, 138 insertions(+), 2 deletions(-) create mode 100644 docs/content/en/connecting_your_tools/parsers/file/openreports.md diff --git a/docs/content/en/connecting_your_tools/parsers/file/openreports.md b/docs/content/en/connecting_your_tools/parsers/file/openreports.md new file mode 100644 index 00000000000..c3ec62d9a42 --- /dev/null +++ b/docs/content/en/connecting_your_tools/parsers/file/openreports.md @@ -0,0 +1,136 @@ +--- +title: "OpenReports" +toc_hide: true +--- + +Import vulnerability scan reports formatted as [OpenReports](https://github.com/openreports/reports-api). + +OpenReports is a Kubernetes-native reporting framework that aggregates vulnerability scan results and compliance checks from various security tools into a unified format. It provides a standardized API for collecting and reporting security findings across your Kubernetes infrastructure. + +### File Types + +DefectDojo parser accepts a .json file. + +### Exporting Reports from Kubernetes + +To export OpenReports from your Kubernetes cluster, use kubectl: + +```bash +kubectl get reports -A -ojson > reports.json +``` + +This command retrieves all Report objects from all namespaces and saves them in JSON format. You can then import the `reports.json` file into DefectDojo. + +To export reports from a specific namespace: + +```bash +kubectl get reports -n -ojson > reports.json +``` + +### Report Formats + +The parser supports multiple input formats: + +- Single Report object +- Array of Report objects +- Kubernetes List object containing Report items + +### Sample Scan Data + +Sample OpenReports scans can be found in the [unittests/scans/openreports directory](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/openreports). + +### Supported Fields + +The parser extracts the following information from OpenReports JSON: + +- **Metadata**: Report name, namespace, UID for stable deduplication +- **Scope**: Kubernetes resource information (kind, name, namespace) +- **Results**: Individual security findings with: + - Message and description + - Policy ID (e.g., CVE identifiers) + - Severity (critical, high, medium, low, info) + - Category (e.g., "vulnerability scan", "compliance check") + - Source scanner information + - Package details (name, installed version, fixed version) + - References and URLs + +### Severity Mapping + +OpenReports severity levels are mapped to DefectDojo as follows: + +| OpenReports Severity | DefectDojo Severity | +|----------------------|---------------------| +| critical | Critical | +| high | High | +| medium | Medium | +| low | Low | +| info | Info | + +### Result Status Mapping + +The `result` field in OpenReports is mapped to DefectDojo finding status: + +| OpenReports Result | Active | Verified | Description | +|--------------------|--------|----------|------------------------------------------------| +| fail | True | True | Finding requires attention | +| warn | True | True | Warning-level finding | +| pass | False | False | Check passed, no vulnerability found | +| skip | False | False | Check was skipped | + +### Features + +**CVE Tracking**: Findings with CVE policy IDs are automatically tagged with vulnerability identifiers. + +**Fix Availability**: The parser automatically sets the `fix_available` flag when a fixed version is provided. + +**Service Mapping**: Findings are mapped to services based on Kubernetes scope (namespace/kind/name). + +**Stable Deduplication**: Uses report UID from metadata for consistent deduplication across reimports. + +**Tagging**: Findings are automatically tagged with category, source scanner, and Kubernetes resource kind. + +### Example JSON Format + +```json +{ + "apiVersion": "openreports.io/v1alpha1", + "kind": "Report", + "metadata": { + "name": "deployment-test-app-630fc", + "namespace": "test", + "uid": "b1fcca57-2efd-44d3-89e9-949e29b61936" + }, + "scope": { + "kind": "Deployment", + "name": "test-app" + }, + "results": [ + { + "category": "vulnerability scan", + "message": "openssl: Out-of-bounds read in HTTP client", + "policy": "CVE-2025-9232", + "properties": { + "fixedVersion": "3.5.4-r0", + "installedVersion": "3.5.2-r1", + "pkgName": "libcrypto3", + "primaryURL": "https://avd.aquasec.com/nvd/cve-2025-9232" + }, + "result": "warn", + "severity": "low", + "source": "image-scanner" + } + ] +} +``` + +### Default Deduplication Hashcode Fields + +By default, DefectDojo identifies duplicate Findings using these [hashcode fields](https://docs.defectdojo.com/en/working_with_findings/finding_deduplication/about_deduplication/): + +- unique_id_from_tool (format: `report_uid:policy:package_name`) +- title +- severity +- vulnerability ids (for CVE findings) +- description + +The parser uses the report UID from metadata to create a stable `unique_id_from_tool` that persists across reimports. diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py index 152b449b38c..dac15fa2d85 100644 --- a/unittests/tools/test_openreports_parser.py +++ b/unittests/tools/test_openreports_parser.py @@ -35,7 +35,7 @@ def test_single_report(self): self.assertEqual(1, len(finding1.unsaved_vulnerability_ids)) self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0]) self.assertEqual( - "b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-9232:libcrypto3", finding1.unique_id_from_tool + "b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-9232:libcrypto3", finding1.unique_id_from_tool, ) self.assertIn("vulnerability scan", finding1.tags) self.assertIn("image-scanner", finding1.tags) @@ -72,7 +72,7 @@ def test_single_report(self): # Non-CVE policies should not have vulnerability IDs self.assertIsNone(finding3.unsaved_vulnerability_ids) self.assertEqual( - "b1fcca57-2efd-44d3-89e9-949e29b61936:CIS-BENCH-001:web-server", finding3.unique_id_from_tool + "b1fcca57-2efd-44d3-89e9-949e29b61936:CIS-BENCH-001:web-server", finding3.unique_id_from_tool, ) self.assertIn("compliance check", finding3.tags) self.assertIn("compliance-scanner", finding3.tags) From 53ef8bbaa672023ad8a0e026cbdca7cc96ab2b27 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Fri, 31 Oct 2025 08:45:18 +0100 Subject: [PATCH 06/12] Add scanner name to Test name --- dojo/tools/openreports/parser.py | 91 ++++++++++++++++++++++ unittests/tools/test_openreports_parser.py | 59 +++++++++++++- 2 files changed, 148 insertions(+), 2 deletions(-) diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index 200760e501a..01ce40e5829 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -4,6 +4,7 @@ import logging from dojo.models import Finding +from dojo.tools.parser_test import ParserTest logger = logging.getLogger(__name__) @@ -72,6 +73,61 @@ def get_findings(self, scan_file, test): return findings + def get_tests(self, scan_type, handle): + try: + data = json.load(handle) + except Exception: + handle.seek(0) + scan_data = handle.read() + try: + data = json.loads(str(scan_data, "utf-8")) + except Exception: + data = json.loads(scan_data) + + if data is None: + return [] + + # Handle both single report and list of reports + reports = [] + if isinstance(data, dict): + if data.get("kind") == "List" and "items" in data: + reports = data["items"] + elif data.get("kind") == "Report": + reports = [data] + elif isinstance(data, list): + reports = data + + # Find all unique sources across all reports + sources_found = set() + for report in reports: + if not isinstance(report, dict) or report.get("kind") != "Report": + continue + for result in report.get("results", []): + source = result.get("source", "OpenReports") + sources_found.add(source) + + # Create a ParserTest for each source + tests = [] + for source in sorted(sources_found): + test = ParserTest( + name=source, + parser_type=source, + version=None, + ) + test.findings = [] + + # Parse all reports and filter findings by source + for report in reports: + if not isinstance(report, dict) or report.get("kind") != "Report": + continue + + findings = self._parse_report_for_source(test, report, source) + test.findings.extend(findings) + + tests.append(test) + + return tests + def _parse_report(self, test, report): findings = [] @@ -102,6 +158,41 @@ def _parse_report(self, test, report): return findings + def _parse_report_for_source(self, test, report, source_filter): + findings = [] + + # Extract metadata + metadata = report.get("metadata", {}) + report_name = metadata.get("name", "") + namespace = metadata.get("namespace", "") + report_uid = metadata.get("uid", "") + + # Extract scope information + scope = report.get("scope", {}) + scope_kind = scope.get("kind", "") + scope_name = scope.get("name", "") + + # Create service identifier from scope and metadata + service_name = f"{namespace}/{scope_kind}/{scope_name}" if namespace else f"{scope_kind}/{scope_name}" + + # Extract results + results = report.get("results", []) + + for result in results: + if not isinstance(result, dict): + continue + + # Filter by source + result_source = result.get("source", "OpenReports") + if result_source != source_filter: + continue + + finding = self._create_finding_from_result(None, result, service_name, report_name, report_uid) + if finding: + findings.append(finding) + + return findings + def _create_finding_from_result(self, test, result, service_name, report_name, report_uid): try: # Extract basic fields diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py index dac15fa2d85..90f2514f7e2 100644 --- a/unittests/tools/test_openreports_parser.py +++ b/unittests/tools/test_openreports_parser.py @@ -35,7 +35,8 @@ def test_single_report(self): self.assertEqual(1, len(finding1.unsaved_vulnerability_ids)) self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0]) self.assertEqual( - "b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-9232:libcrypto3", finding1.unique_id_from_tool, + "b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-9232:libcrypto3", + finding1.unique_id_from_tool, ) self.assertIn("vulnerability scan", finding1.tags) self.assertIn("image-scanner", finding1.tags) @@ -72,7 +73,8 @@ def test_single_report(self): # Non-CVE policies should not have vulnerability IDs self.assertIsNone(finding3.unsaved_vulnerability_ids) self.assertEqual( - "b1fcca57-2efd-44d3-89e9-949e29b61936:CIS-BENCH-001:web-server", finding3.unique_id_from_tool, + "b1fcca57-2efd-44d3-89e9-949e29b61936:CIS-BENCH-001:web-server", + finding3.unique_id_from_tool, ) self.assertIn("compliance check", finding3.tags) self.assertIn("compliance-scanner", finding3.tags) @@ -113,3 +115,56 @@ def test_parser_metadata(self): description = parser.get_description_for_scan_types("OpenReports") self.assertEqual("Import OpenReports JSON report.", description) + + def test_get_tests_single_source(self): + with sample_path("openreports_single_report.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + tests = parser.get_tests("OpenReports", test_file) + + # Should have two tests for the two sources + self.assertEqual(len(tests), 2) + + # Verify test names + test_names = {test.name for test in tests} + self.assertIn("image-scanner", test_names) + self.assertIn("compliance-scanner", test_names) + + # Find the image-scanner test + image_scanner_test = next(t for t in tests if t.name == "image-scanner") + self.assertEqual("image-scanner", image_scanner_test.type) + self.assertIsNone(image_scanner_test.version) + self.assertEqual(2, len(image_scanner_test.findings)) + + # Verify findings are properly created + finding1 = image_scanner_test.findings[0] + self.assertEqual("CVE-2025-9232 in libcrypto3", finding1.title) + self.assertEqual("Low", finding1.severity) + # Verify test is not set - check using hasattr to avoid RelatedObjectDoesNotExist + self.assertFalse(hasattr(finding1, "test") and finding1.test is not None) + + def test_get_tests_multiple_sources(self): + with sample_path("openreports_list_format.json").open(encoding="utf-8") as test_file: + parser = OpenreportsParser() + tests = parser.get_tests("OpenReports", test_file) + + # Should have two tests for the two different sources + self.assertEqual(len(tests), 2) + + # Verify test names + test_names = {test.name for test in tests} + self.assertIn("policy-scanner", test_names) + self.assertIn("image-scanner", test_names) + + # Find the image-scanner test + image_scanner_test = next(t for t in tests if t.name == "image-scanner") + self.assertEqual(2, len(image_scanner_test.findings)) + + # Find the policy-scanner test + policy_scanner_test = next(t for t in tests if t.name == "policy-scanner") + self.assertEqual(1, len(policy_scanner_test.findings)) + + # Verify findings have no test set + for test in tests: + for finding in test.findings: + # Check using hasattr to avoid RelatedObjectDoesNotExist + self.assertFalse(hasattr(finding, "test") and finding.test is not None) From b7c429c57e7cf56d91744d5887e0911ab334536a Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Mon, 3 Nov 2025 09:07:16 +0100 Subject: [PATCH 07/12] Switch dedup method --- dojo/settings/settings.dist.py | 2 +- dojo/tools/openreports/parser.py | 9 +++------ unittests/tools/test_openreports_parser.py | 12 +++--------- 3 files changed, 7 insertions(+), 16 deletions(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 9404e3b3456..52c182d0ce3 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1659,7 +1659,7 @@ def saml2_attrib_map_format(din): "Cyberwatch scan (Galeax)": DEDUPE_ALGO_HASH_CODE, "OpenVAS Parser v2": DEDUPE_ALGO_HASH_CODE, "Snyk Issue API Scan": DEDUPE_ALGO_HASH_CODE, - "OpenReports": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL, + "OpenReports": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, } # Override the hardcoded settings here via the env var diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index 01ce40e5829..18f19d104be 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -268,12 +268,9 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r if policy.startswith("CVE-"): finding.unsaved_vulnerability_ids = [policy] - # Create unique_id_from_tool for deduplication - # Use the report UID if available (from metadata.uid), otherwise fall back to service_name - # Format: report_uid:policy:package_name (preferred) or policy:package_name:service_name (fallback) - # This uses the stable UID from the OpenReports API that won't change on reimport - unique_id_components = [report_uid, policy, pkg_name] if report_uid else [policy, pkg_name, service_name] - finding.unique_id_from_tool = ":".join(unique_id_components) + # Set vuln_id_from_tool to the policy field for deduplication + # This allows using DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE + finding.vuln_id_from_tool = policy return finding # noqa: TRY300 - This is intentional diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py index 90f2514f7e2..573e0493372 100644 --- a/unittests/tools/test_openreports_parser.py +++ b/unittests/tools/test_openreports_parser.py @@ -34,10 +34,7 @@ def test_single_report(self): self.assertTrue(finding1.fix_available) self.assertEqual(1, len(finding1.unsaved_vulnerability_ids)) self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0]) - self.assertEqual( - "b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-9232:libcrypto3", - finding1.unique_id_from_tool, - ) + self.assertEqual("CVE-2025-9232", finding1.vuln_id_from_tool) self.assertIn("vulnerability scan", finding1.tags) self.assertIn("image-scanner", finding1.tags) self.assertIn("Deployment", finding1.tags) @@ -56,7 +53,7 @@ def test_single_report(self): self.assertTrue(finding2.fix_available) self.assertEqual(1, len(finding2.unsaved_vulnerability_ids)) self.assertEqual("CVE-2025-47907", finding2.unsaved_vulnerability_ids[0]) - self.assertEqual("b1fcca57-2efd-44d3-89e9-949e29b61936:CVE-2025-47907:stdlib", finding2.unique_id_from_tool) + self.assertEqual("CVE-2025-47907", finding2.vuln_id_from_tool) # Test third finding (non-CVE policy, fail/low severity) finding3 = findings[2] @@ -72,10 +69,7 @@ def test_single_report(self): self.assertTrue(finding3.fix_available) # Non-CVE policies should not have vulnerability IDs self.assertIsNone(finding3.unsaved_vulnerability_ids) - self.assertEqual( - "b1fcca57-2efd-44d3-89e9-949e29b61936:CIS-BENCH-001:web-server", - finding3.unique_id_from_tool, - ) + self.assertEqual("CIS-BENCH-001", finding3.vuln_id_from_tool) self.assertIn("compliance check", finding3.tags) self.assertIn("compliance-scanner", finding3.tags) self.assertIn("Deployment", finding3.tags) From 22aa7951d3820806061cee4b4fb0e225743d8537 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Mon, 3 Nov 2025 09:10:03 +0100 Subject: [PATCH 08/12] Move tags to unsaved_tags --- dojo/tools/openreports/parser.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index 18f19d104be..9723cb0dcda 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -261,7 +261,7 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r static_finding=True, dynamic_finding=False, fix_available=fix_available, - tags=tags, + unsaved_tags=tags, ) # Add vulnerability ID if it's a CVE From 91340dea94302d019b2eba7eb2622b76877029b9 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Mon, 3 Nov 2025 10:53:48 +0100 Subject: [PATCH 09/12] Use DEDUPE_ALGO_HASH_CODE --- dojo/settings/settings.dist.py | 2 +- dojo/tools/openreports/parser.py | 3 +-- 2 files changed, 2 insertions(+), 3 deletions(-) diff --git a/dojo/settings/settings.dist.py b/dojo/settings/settings.dist.py index 52c182d0ce3..4b3499dce81 100644 --- a/dojo/settings/settings.dist.py +++ b/dojo/settings/settings.dist.py @@ -1659,7 +1659,7 @@ def saml2_attrib_map_format(din): "Cyberwatch scan (Galeax)": DEDUPE_ALGO_HASH_CODE, "OpenVAS Parser v2": DEDUPE_ALGO_HASH_CODE, "Snyk Issue API Scan": DEDUPE_ALGO_HASH_CODE, - "OpenReports": DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE, + "OpenReports": DEDUPE_ALGO_HASH_CODE, } # Override the hardcoded settings here via the env var diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index 9723cb0dcda..b761e7c4bfd 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -268,8 +268,7 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r if policy.startswith("CVE-"): finding.unsaved_vulnerability_ids = [policy] - # Set vuln_id_from_tool to the policy field for deduplication - # This allows using DEDUPE_ALGO_UNIQUE_ID_FROM_TOOL_OR_HASH_CODE + # Set vuln_id_from_tool to policy field for display finding.vuln_id_from_tool = policy return finding # noqa: TRY300 - This is intentional From 57c68bbf110f5acbceef109cff699caf62c4ebb9 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Tue, 18 Nov 2025 09:56:42 +0100 Subject: [PATCH 10/12] Fix unit tests and move to fix_version in finding --- dojo/tools/openreports/parser.py | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index b761e7c4bfd..a19f2e94227 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -25,7 +25,6 @@ **Source:** {source} **Package Name:** {pkg_name} **Installed Version:** {installed_version} -**Fixed Version:** {fixed_version} **Primary URL:** {primary_url} """ @@ -225,7 +224,6 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r source=source, pkg_name=pkg_name, installed_version=installed_version, - fixed_version=fixed_version, primary_url=primary_url, ) @@ -244,7 +242,8 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r # Create tags tags = [category, source] - if scope_kind := service_name.split("/")[1] if "/" in service_name else "": + scope_kind = service_name.split("/")[1] if "/" in service_name else "" + if scope_kind: tags.append(scope_kind) finding = Finding( test=test, @@ -261,6 +260,7 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r static_finding=True, dynamic_finding=False, fix_available=fix_available, + fix_version=fixed_version or None, unsaved_tags=tags, ) From 27a3665cbfeb9f0b06ed15f71b51f5a6e4609ba9 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Wed, 19 Nov 2025 10:25:18 +0100 Subject: [PATCH 11/12] Fix failing tests --- unittests/tools/test_openreports_parser.py | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/unittests/tools/test_openreports_parser.py b/unittests/tools/test_openreports_parser.py index 573e0493372..480722b9152 100644 --- a/unittests/tools/test_openreports_parser.py +++ b/unittests/tools/test_openreports_parser.py @@ -35,9 +35,9 @@ def test_single_report(self): self.assertEqual(1, len(finding1.unsaved_vulnerability_ids)) self.assertEqual("CVE-2025-9232", finding1.unsaved_vulnerability_ids[0]) self.assertEqual("CVE-2025-9232", finding1.vuln_id_from_tool) - self.assertIn("vulnerability scan", finding1.tags) - self.assertIn("image-scanner", finding1.tags) - self.assertIn("Deployment", finding1.tags) + self.assertIn("vulnerability scan", finding1.unsaved_tags) + self.assertIn("image-scanner", finding1.unsaved_tags) + self.assertIn("Deployment", finding1.unsaved_tags) # Test second finding (fail/high severity) finding2 = findings[1] @@ -70,9 +70,9 @@ def test_single_report(self): # Non-CVE policies should not have vulnerability IDs self.assertIsNone(finding3.unsaved_vulnerability_ids) self.assertEqual("CIS-BENCH-001", finding3.vuln_id_from_tool) - self.assertIn("compliance check", finding3.tags) - self.assertIn("compliance-scanner", finding3.tags) - self.assertIn("Deployment", finding3.tags) + self.assertIn("compliance check", finding3.unsaved_tags) + self.assertIn("compliance-scanner", finding3.unsaved_tags) + self.assertIn("Deployment", finding3.unsaved_tags) def test_list_format(self): with sample_path("openreports_list_format.json").open(encoding="utf-8") as test_file: From 3df94fea8f20a2c9d89d150b6a709b3d11d14668 Mon Sep 17 00:00:00 2001 From: Marius Fylling Date: Thu, 20 Nov 2025 10:06:29 +0100 Subject: [PATCH 12/12] Fix tests --- .../parsers/file/openreports.md | 21 +++++++++++++++++++ dojo/tools/openreports/parser.py | 16 ++++++++------ 2 files changed, 31 insertions(+), 6 deletions(-) create mode 100644 docs/content/supported_tools/parsers/file/openreports.md diff --git a/docs/content/supported_tools/parsers/file/openreports.md b/docs/content/supported_tools/parsers/file/openreports.md new file mode 100644 index 00000000000..d19f81c1d4e --- /dev/null +++ b/docs/content/supported_tools/parsers/file/openreports.md @@ -0,0 +1,21 @@ +--- +title: "OpenReports" +toc_hide: true +--- +Import JSON reports from [OpenReports](https://github.com/openreports/reports-api). + +### File Types + +DefectDojo parser accepts a .json file. + +OpenReports JSON files can be exported from Kubernetes clusters using kubectl: + +```bash +kubectl get reports -A -ojson > reports.json +``` + +The parser supports single Report objects, arrays of Reports, or Kubernetes List objects. + +### Sample Scan Data + +Sample OpenReports scans can be found in the [unittests/scans/openreports directory](https://github.com/DefectDojo/django-DefectDojo/tree/master/unittests/scans/openreports). diff --git a/dojo/tools/openreports/parser.py b/dojo/tools/openreports/parser.py index a19f2e94227..e222676fcea 100644 --- a/dojo/tools/openreports/parser.py +++ b/dojo/tools/openreports/parser.py @@ -240,11 +240,7 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r active = result_status not in {"skip", "pass"} verified = result_status in {"fail", "warn"} - # Create tags - tags = [category, source] - scope_kind = service_name.split("/")[1] if "/" in service_name else "" - if scope_kind: - tags.append(scope_kind) + # Create finding finding = Finding( test=test, title=title, @@ -261,9 +257,17 @@ def _create_finding_from_result(self, test, result, service_name, report_name, r dynamic_finding=False, fix_available=fix_available, fix_version=fixed_version or None, - unsaved_tags=tags, ) + # Create tags + tags = [category, source] + scope_kind = service_name.split("/")[1] if "/" in service_name else "" + if scope_kind: + tags.append(scope_kind) + + # Set unsaved_tags attribute + finding.unsaved_tags = tags + # Add vulnerability ID if it's a CVE if policy.startswith("CVE-"): finding.unsaved_vulnerability_ids = [policy]