From a66f2599f873f0b02700b28d9f9ba7923e015fba Mon Sep 17 00:00:00 2001 From: CI Date: Sun, 28 Apr 2024 00:26:34 +0000 Subject: [PATCH] [Bot] docs: Update Snyk reports Signed-off-by: CI --- docs/snyk/index.md | 58 +- docs/snyk/master/argocd-iac-install.html | 80 +- .../master/argocd-iac-namespace-install.html | 4 +- docs/snyk/master/argocd-test.html | 4 +- .../master/ghcr.io_dexidp_dex_v2.38.0.html | 34 +- docs/snyk/master/haproxy_2.6.14-alpine.html | 34 +- .../quay.io_argoproj_argocd_latest.html | 83 +- docs/snyk/master/redis_7.0.15-alpine.html | 2 +- docs/snyk/v2.10.7/redis_7.0.14-alpine.html | 1165 --------- .../argocd-iac-install.html | 4 +- .../argocd-iac-namespace-install.html | 4 +- .../{v2.10.7 => v2.10.8}/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.37.0.html | 34 +- .../haproxy_2.6.14-alpine.html | 34 +- .../quay.io_argoproj_argocd_v2.10.8.html} | 1227 +++------ docs/snyk/v2.10.8/redis_7.0.15-alpine.html | 657 +++++ docs/snyk/v2.11.0-rc2/argocd-iac-install.html | 2 +- .../argocd-iac-namespace-install.html | 2 +- docs/snyk/v2.11.0-rc2/argocd-test.html | 2 +- .../ghcr.io_dexidp_dex_v2.38.0.html | 34 +- .../v2.11.0-rc2/haproxy_2.6.14-alpine.html | 34 +- .../quay.io_argoproj_argocd_v2.11.0-rc2.html | 160 +- .../snyk/v2.11.0-rc2/redis_7.0.14-alpine.html | 34 +- docs/snyk/v2.8.16/redis_7.0.11-alpine.html | 2204 ----------------- .../argocd-iac-install.html | 4 +- .../argocd-iac-namespace-install.html | 4 +- .../{v2.8.16 => v2.8.17}/argocd-test.html | 223 +- .../ghcr.io_dexidp_dex_v2.37.0.html | 34 +- .../haproxy_2.6.14-alpine.html | 34 +- .../quay.io_argoproj_argocd_v2.8.17.html} | 1139 ++++----- docs/snyk/v2.8.17/redis_7.0.15-alpine.html | 657 +++++ docs/snyk/v2.9.12/redis_7.0.11-alpine.html | 2204 ----------------- .../argocd-iac-install.html | 4 +- .../argocd-iac-namespace-install.html | 4 +- .../{v2.9.12 => v2.9.13}/argocd-test.html | 223 +- .../ghcr.io_dexidp_dex_v2.37.0.html | 34 +- .../haproxy_2.6.14-alpine.html | 34 +- .../quay.io_argoproj_argocd_v2.9.13.html} | 964 +++---- docs/snyk/v2.9.13/redis_7.0.15-alpine.html | 657 +++++ 39 files changed, 4318 insertions(+), 7799 deletions(-) delete mode 100644 docs/snyk/v2.10.7/redis_7.0.14-alpine.html rename docs/snyk/{v2.10.7 => v2.10.8}/argocd-iac-install.html (99%) rename docs/snyk/{v2.10.7 => v2.10.8}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.10.7 => v2.10.8}/argocd-test.html (99%) rename docs/snyk/{v2.8.16 => v2.10.8}/ghcr.io_dexidp_dex_v2.37.0.html (98%) rename docs/snyk/{v2.8.16 => v2.10.8}/haproxy_2.6.14-alpine.html (96%) rename docs/snyk/{v2.8.16/quay.io_argoproj_argocd_v2.8.16.html => v2.10.8/quay.io_argoproj_argocd_v2.10.8.html} (83%) create mode 100644 docs/snyk/v2.10.8/redis_7.0.15-alpine.html delete mode 100644 docs/snyk/v2.8.16/redis_7.0.11-alpine.html rename docs/snyk/{v2.8.16 => v2.8.17}/argocd-iac-install.html (99%) rename docs/snyk/{v2.8.16 => v2.8.17}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.8.16 => v2.8.17}/argocd-test.html (96%) rename docs/snyk/{v2.9.12 => v2.8.17}/ghcr.io_dexidp_dex_v2.37.0.html (98%) rename docs/snyk/{v2.10.7 => v2.8.17}/haproxy_2.6.14-alpine.html (96%) rename docs/snyk/{v2.9.12/quay.io_argoproj_argocd_v2.9.12.html => v2.8.17/quay.io_argoproj_argocd_v2.8.17.html} (91%) create mode 100644 docs/snyk/v2.8.17/redis_7.0.15-alpine.html delete mode 100644 docs/snyk/v2.9.12/redis_7.0.11-alpine.html rename docs/snyk/{v2.9.12 => v2.9.13}/argocd-iac-install.html (99%) rename docs/snyk/{v2.9.12 => v2.9.13}/argocd-iac-namespace-install.html (99%) rename docs/snyk/{v2.9.12 => v2.9.13}/argocd-test.html (96%) rename docs/snyk/{v2.10.7 => v2.9.13}/ghcr.io_dexidp_dex_v2.37.0.html (98%) rename docs/snyk/{v2.9.12 => v2.9.13}/haproxy_2.6.14-alpine.html (96%) rename docs/snyk/{v2.10.7/quay.io_argoproj_argocd_v2.10.7.html => v2.9.13/quay.io_argoproj_argocd_v2.9.13.html} (90%) create mode 100644 docs/snyk/v2.9.13/redis_7.0.15-alpine.html diff --git a/docs/snyk/index.md b/docs/snyk/index.md index 8076ff1cda8ef..66daffb7bd393 100644 --- a/docs/snyk/index.md +++ b/docs/snyk/index.md @@ -17,7 +17,7 @@ recent minor releases. | [ui/yarn.lock](master/argocd-test.html) | 0 | 0 | 1 | 0 | | [dex:v2.38.0](master/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | | [haproxy:2.6.14-alpine](master/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 6 | 14 | +| [argocd:latest](master/quay.io_argoproj_argocd_latest.html) | 0 | 0 | 7 | 14 | | [redis:7.0.15-alpine](master/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | | [install.yaml](master/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](master/argocd-iac-namespace-install.html) | - | - | - | - | @@ -30,46 +30,46 @@ recent minor releases. | [ui/yarn.lock](v2.11.0-rc2/argocd-test.html) | 0 | 0 | 1 | 0 | | [dex:v2.38.0](v2.11.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html) | 0 | 0 | 2 | 2 | | [haproxy:2.6.14-alpine](v2.11.0-rc2/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.11.0-rc2](v2.11.0-rc2/quay.io_argoproj_argocd_v2.11.0-rc2.html) | 0 | 0 | 7 | 14 | +| [argocd:v2.11.0-rc2](v2.11.0-rc2/quay.io_argoproj_argocd_v2.11.0-rc2.html) | 0 | 0 | 9 | 14 | | [redis:7.0.14-alpine](v2.11.0-rc2/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 | | [install.yaml](v2.11.0-rc2/argocd-iac-install.html) | - | - | - | - | | [namespace-install.yaml](v2.11.0-rc2/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.10.7 +### v2.10.8 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.10.7/argocd-test.html) | 0 | 1 | 12 | 0 | -| [ui/yarn.lock](v2.10.7/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.10.7/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.10.7/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.10.7](v2.10.7/quay.io_argoproj_argocd_v2.10.7.html) | 0 | 0 | 9 | 14 | -| [redis:7.0.14-alpine](v2.10.7/redis_7.0.14-alpine.html) | 0 | 0 | 2 | 2 | -| [install.yaml](v2.10.7/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.10.7/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.10.8/argocd-test.html) | 0 | 1 | 12 | 0 | +| [ui/yarn.lock](v2.10.8/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.37.0](v2.10.8/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | +| [haproxy:2.6.14-alpine](v2.10.8/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | +| [argocd:v2.10.8](v2.10.8/quay.io_argoproj_argocd_v2.10.8.html) | 0 | 0 | 7 | 14 | +| [redis:7.0.15-alpine](v2.10.8/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.10.8/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.10.8/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.9.12 +### v2.9.13 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.9.12/argocd-test.html) | 0 | 2 | 11 | 0 | -| [ui/yarn.lock](v2.9.12/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.9.12/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.9.12/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.9.12](v2.9.12/quay.io_argoproj_argocd_v2.9.12.html) | 0 | 0 | 9 | 14 | -| [redis:7.0.11-alpine](v2.9.12/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 2 | -| [install.yaml](v2.9.12/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.9.12/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.9.13/argocd-test.html) | 0 | 2 | 12 | 0 | +| [ui/yarn.lock](v2.9.13/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.37.0](v2.9.13/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | +| [haproxy:2.6.14-alpine](v2.9.13/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | +| [argocd:v2.9.13](v2.9.13/quay.io_argoproj_argocd_v2.9.13.html) | 0 | 0 | 7 | 14 | +| [redis:7.0.15-alpine](v2.9.13/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.9.13/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.9.13/argocd-iac-namespace-install.html) | - | - | - | - | -### v2.8.16 +### v2.8.17 | | Critical | High | Medium | Low | |---:|:--------:|:----:|:------:|:---:| -| [go.mod](v2.8.16/argocd-test.html) | 0 | 2 | 11 | 0 | -| [ui/yarn.lock](v2.8.16/argocd-test.html) | 0 | 0 | 1 | 0 | -| [dex:v2.37.0](v2.8.16/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | -| [haproxy:2.6.14-alpine](v2.8.16/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | -| [argocd:v2.8.16](v2.8.16/quay.io_argoproj_argocd_v2.8.16.html) | 0 | 0 | 9 | 14 | -| [redis:7.0.11-alpine](v2.8.16/redis_7.0.11-alpine.html) | 1 | 1 | 6 | 2 | -| [install.yaml](v2.8.16/argocd-iac-install.html) | - | - | - | - | -| [namespace-install.yaml](v2.8.16/argocd-iac-namespace-install.html) | - | - | - | - | +| [go.mod](v2.8.17/argocd-test.html) | 0 | 2 | 12 | 0 | +| [ui/yarn.lock](v2.8.17/argocd-test.html) | 0 | 0 | 1 | 0 | +| [dex:v2.37.0](v2.8.17/ghcr.io_dexidp_dex_v2.37.0.html) | 1 | 1 | 6 | 2 | +| [haproxy:2.6.14-alpine](v2.8.17/haproxy_2.6.14-alpine.html) | 0 | 1 | 3 | 2 | +| [argocd:v2.8.17](v2.8.17/quay.io_argoproj_argocd_v2.8.17.html) | 0 | 0 | 7 | 14 | +| [redis:7.0.15-alpine](v2.8.17/redis_7.0.15-alpine.html) | 0 | 0 | 0 | 1 | +| [install.yaml](v2.8.17/argocd-iac-install.html) | - | - | - | - | +| [namespace-install.yaml](v2.8.17/argocd-iac-namespace-install.html) | - | - | - | - | diff --git a/docs/snyk/master/argocd-iac-install.html b/docs/snyk/master/argocd-iac-install.html index 722a0a591a4e8..fd04604d4cad3 100644 --- a/docs/snyk/master/argocd-iac-install.html +++ b/docs/snyk/master/argocd-iac-install.html @@ -456,7 +456,7 @@

Snyk test report

-

April 21st 2024, 12:17:41 am (UTC+00:00)

+

April 28th 2024, 12:17:57 am (UTC+00:00)

Scanned the following path: @@ -507,7 +507,7 @@

Role or ClusterRole with dangerous permissions

  • - Line number: 21039 + Line number: 21070
    • @@ -553,7 +553,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20748 + Line number: 20779
    • @@ -599,7 +599,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20833 + Line number: 20864
    • @@ -645,7 +645,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20861 + Line number: 20892
    • @@ -691,7 +691,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20891 + Line number: 20922
    • @@ -737,7 +737,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20909 + Line number: 20940
    • @@ -783,7 +783,7 @@

    Role or ClusterRole with dangerous permissions

  • - Line number: 20925 + Line number: 20956
    • @@ -835,7 +835,7 @@

    Container could be running with outdated image

  • - Line number: 22219 + Line number: 22250
    • @@ -893,7 +893,7 @@

    Container has no CPU limit

  • - Line number: 21516 + Line number: 21547
    • @@ -951,7 +951,7 @@

    Container has no CPU limit

  • - Line number: 21767 + Line number: 21798
    • @@ -1009,7 +1009,7 @@

    Container has no CPU limit

  • - Line number: 21733 + Line number: 21764
    • @@ -1067,7 +1067,7 @@

    Container has no CPU limit

  • - Line number: 21827 + Line number: 21858
    • @@ -1125,7 +1125,7 @@

    Container has no CPU limit

  • - Line number: 21926 + Line number: 21957
    • @@ -1183,7 +1183,7 @@

    Container has no CPU limit

  • - Line number: 22219 + Line number: 22250
    • @@ -1241,7 +1241,7 @@

    Container has no CPU limit

  • - Line number: 21983 + Line number: 22014
    • @@ -1299,7 +1299,7 @@

    Container has no CPU limit

  • - Line number: 22304 + Line number: 22335
    • @@ -1357,7 +1357,7 @@

    Container has no CPU limit

  • - Line number: 22650 + Line number: 22681
    • @@ -1409,7 +1409,7 @@

    Container is running with multiple open ports

  • - Line number: 21747 + Line number: 21778
    • @@ -1461,7 +1461,7 @@

    Container is running without liveness probe

  • - Line number: 21516 + Line number: 21547
    • @@ -1513,7 +1513,7 @@

    Container is running without liveness probe

  • - Line number: 21733 + Line number: 21764
    • @@ -1565,7 +1565,7 @@

    Container is running without liveness probe

  • - Line number: 21926 + Line number: 21957
    • @@ -1623,7 +1623,7 @@

    Container is running without memory limit

  • - Line number: 21516 + Line number: 21547
    • @@ -1681,7 +1681,7 @@

    Container is running without memory limit

  • - Line number: 21733 + Line number: 21764
    • @@ -1739,7 +1739,7 @@

    Container is running without memory limit

  • - Line number: 21767 + Line number: 21798
    • @@ -1797,7 +1797,7 @@

    Container is running without memory limit

  • - Line number: 21827 + Line number: 21858
    • @@ -1855,7 +1855,7 @@

    Container is running without memory limit

  • - Line number: 21926 + Line number: 21957
    • @@ -1913,7 +1913,7 @@

    Container is running without memory limit

  • - Line number: 22219 + Line number: 22250
    • @@ -1971,7 +1971,7 @@

    Container is running without memory limit

  • - Line number: 21983 + Line number: 22014
    • @@ -2029,7 +2029,7 @@

    Container is running without memory limit

  • - Line number: 22304 + Line number: 22335
    • @@ -2087,7 +2087,7 @@

    Container is running without memory limit

  • - Line number: 22650 + Line number: 22681
    • @@ -2143,7 +2143,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21657 + Line number: 21688
    • @@ -2199,7 +2199,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21775 + Line number: 21806
    • @@ -2255,7 +2255,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21750 + Line number: 21781
    • @@ -2311,7 +2311,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21860 + Line number: 21891
    • @@ -2367,7 +2367,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 21936 + Line number: 21967
    • @@ -2423,7 +2423,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22226 + Line number: 22257
    • @@ -2479,7 +2479,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22192 + Line number: 22223
    • @@ -2535,7 +2535,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22560 + Line number: 22591
    • @@ -2591,7 +2591,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22840 + Line number: 22877
    • diff --git a/docs/snyk/master/argocd-iac-namespace-install.html b/docs/snyk/master/argocd-iac-namespace-install.html index aaba566ec489b..34f68f21d1209 100644 --- a/docs/snyk/master/argocd-iac-namespace-install.html +++ b/docs/snyk/master/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:17:50 am (UTC+00:00)

    +

    April 28th 2024, 12:18:05 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1957 + Line number: 1963
    • diff --git a/docs/snyk/master/argocd-test.html b/docs/snyk/master/argocd-test.html index 767993c021d68..1bd1432ba6134 100644 --- a/docs/snyk/master/argocd-test.html +++ b/docs/snyk/master/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:15:40 am (UTC+00:00)

    +

    April 28th 2024, 12:16:04 am (UTC+00:00)

    Scanned the following paths: @@ -469,7 +469,7 @@

    Snyk test report

    8 known vulnerabilities
    31 vulnerable dependency paths
    -
    2043 dependencies
    +
    2044 dependencies
    diff --git a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html index ed8c2460a3b06..d985ce03c90da 100644 --- a/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/master/ghcr.io_dexidp_dex_v2.38.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:15:50 am (UTC+00:00)

    +

    April 28th 2024, 12:16:12 am (UTC+00:00)

    Scanned the following paths: @@ -713,6 +713,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -2622,9 +2624,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/master/haproxy_2.6.14-alpine.html b/docs/snyk/master/haproxy_2.6.14-alpine.html index ea7a7364ba882..dfea5e7acd528 100644 --- a/docs/snyk/master/haproxy_2.6.14-alpine.html +++ b/docs/snyk/master/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:15:57 am (UTC+00:00)

    +

    April 28th 2024, 12:16:17 am (UTC+00:00)

    Scanned the following path: @@ -1036,6 +1036,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -1357,9 +1359,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/master/quay.io_argoproj_argocd_latest.html b/docs/snyk/master/quay.io_argoproj_argocd_latest.html index 4c3fc071322f4..19b922d2bb5df 100644 --- a/docs/snyk/master/quay.io_argoproj_argocd_latest.html +++ b/docs/snyk/master/quay.io_argoproj_argocd_latest.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:16:16 am (UTC+00:00)

    +

    April 28th 2024, 12:16:35 am (UTC+00:00)

    Scanned the following paths: @@ -470,9 +470,9 @@

    Snyk test report

    -
    28 known vulnerabilities
    -
    161 vulnerable dependency paths
    -
    2281 dependencies
    +
    29 known vulnerabilities
    +
    162 vulnerable dependency paths
    +
    2282 dependencies
    @@ -906,6 +906,7 @@

    References

  • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
  • https://access.redhat.com/security/cve/CVE-2024-2236
  • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
    • +
  • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    • @@ -914,6 +915,78 @@

    References

    More about this vulnerability

    +

    +
    +

    CVE-2024-32487

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:latest/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + less +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@latest and less@590-1ubuntu0.22.04.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@latest + + less@590-1ubuntu0.22.04.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 less.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2024-26461

    diff --git a/docs/snyk/master/redis_7.0.15-alpine.html b/docs/snyk/master/redis_7.0.15-alpine.html index 667ef5636c50b..8f3a59a0fb30c 100644 --- a/docs/snyk/master/redis_7.0.15-alpine.html +++ b/docs/snyk/master/redis_7.0.15-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:16:23 am (UTC+00:00)

    +

    April 28th 2024, 12:16:41 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.10.7/redis_7.0.14-alpine.html b/docs/snyk/v2.10.7/redis_7.0.14-alpine.html deleted file mode 100644 index 2f7c053c86148..0000000000000 --- a/docs/snyk/v2.10.7/redis_7.0.14-alpine.html +++ /dev/null @@ -1,1165 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 21st 2024, 12:20:37 am (UTC+00:00)

    -
    -
    - Scanned the following paths: -
      -
    • redis:7.0.14-alpine (apk)
      • -
    • redis:7.0.14-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
      • -
    -
    - -
    -
    4 known vulnerabilities
    -
    36 vulnerable dependency paths
    -
    19 dependencies
    -
    -
    -
    -
    - -
    -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.19 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.14-alpine and openssl/libcrypto3@3.1.4-r2 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - openssl/libcrypto3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - .redis-rundeps@20231208.201137 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - apk-tools/apk-tools@2.14.0-r5 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.14-alpine - - busybox/ssl_client@1.36.1-r15 - - openssl/libssl3@3.1.4-r2 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.19 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.10.7/argocd-iac-install.html b/docs/snyk/v2.10.8/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.10.7/argocd-iac-install.html rename to docs/snyk/v2.10.8/argocd-iac-install.html index 0c86141ea839d..363ede40d19d0 100644 --- a/docs/snyk/v2.10.7/argocd-iac-install.html +++ b/docs/snyk/v2.10.8/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:21:55 am (UTC+00:00)

    +

    April 28th 2024, 12:22:10 am (UTC+00:00)

    Scanned the following path: @@ -2591,7 +2591,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 22660 + Line number: 22666
    • diff --git a/docs/snyk/v2.10.7/argocd-iac-namespace-install.html b/docs/snyk/v2.10.8/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.10.7/argocd-iac-namespace-install.html rename to docs/snyk/v2.10.8/argocd-iac-namespace-install.html index 5b28482f76e70..1c2419138eaa7 100644 --- a/docs/snyk/v2.10.7/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.10.8/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:22:04 am (UTC+00:00)

    +

    April 28th 2024, 12:22:20 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1945 + Line number: 1951
    • diff --git a/docs/snyk/v2.10.7/argocd-test.html b/docs/snyk/v2.10.8/argocd-test.html similarity index 99% rename from docs/snyk/v2.10.7/argocd-test.html rename to docs/snyk/v2.10.8/argocd-test.html index 2007d3c149d19..223eb189dee63 100644 --- a/docs/snyk/v2.10.7/argocd-test.html +++ b/docs/snyk/v2.10.8/argocd-test.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:20:07 am (UTC+00:00)

    +

    April 28th 2024, 12:20:22 am (UTC+00:00)

    Scanned the following paths: diff --git a/docs/snyk/v2.8.16/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.10.8/ghcr.io_dexidp_dex_v2.37.0.html similarity index 98% rename from docs/snyk/v2.8.16/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.10.8/ghcr.io_dexidp_dex_v2.37.0.html index aef6e795cbcff..339452ac27e19 100644 --- a/docs/snyk/v2.8.16/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.10.8/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:24:36 am (UTC+00:00)

    +

    April 28th 2024, 12:20:28 am (UTC+00:00)

    Scanned the following paths: @@ -2045,6 +2045,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -4406,9 +4408,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/v2.8.16/haproxy_2.6.14-alpine.html b/docs/snyk/v2.10.8/haproxy_2.6.14-alpine.html similarity index 96% rename from docs/snyk/v2.8.16/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.10.8/haproxy_2.6.14-alpine.html index be84d8b7f6e06..6d858518bfd53 100644 --- a/docs/snyk/v2.8.16/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.10.8/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:24:39 am (UTC+00:00)

    +

    April 28th 2024, 12:20:32 am (UTC+00:00)

    Scanned the following path: @@ -1036,6 +1036,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -1357,9 +1359,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/v2.8.16/quay.io_argoproj_argocd_v2.8.16.html b/docs/snyk/v2.10.8/quay.io_argoproj_argocd_v2.10.8.html similarity index 83% rename from docs/snyk/v2.8.16/quay.io_argoproj_argocd_v2.8.16.html rename to docs/snyk/v2.10.8/quay.io_argoproj_argocd_v2.10.8.html index ba55018506817..0b24853fce6d5 100644 --- a/docs/snyk/v2.8.16/quay.io_argoproj_argocd_v2.8.16.html +++ b/docs/snyk/v2.10.8/quay.io_argoproj_argocd_v2.10.8.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    April 21st 2024, 12:24:56 am (UTC+00:00)

    +

    April 28th 2024, 12:20:49 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.8.16/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.16/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.16/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.8.16/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.8/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.8//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.8/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.10.8/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    40 known vulnerabilities
    -
    185 vulnerable dependency paths
    -
    2120 dependencies
    +
    34 known vulnerabilities
    +
    168 vulnerable dependency paths
    +
    2275 dependencies
    @@ -492,7 +492,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -529,7 +529,7 @@

    Detailed paths

    Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.8.0 + golang.org/x/net/http2@v0.17.0 @@ -559,259 +559,6 @@

    References

    More about this vulnerability

    • -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/helm/v3 /usr/local/bin/helm -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/net/http2 -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - golang.org/x/net/http2@v0.8.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    -

    Remediation

    -

    Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Denial of Service (DoS)

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/go-jose/go-jose/v3 -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - github.com/go-jose/go-jose/v3@v3.0.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    -

    Details

    -

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    -

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    -

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    -

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    -

    Two common types of DoS vulnerabilities:

    -
      -

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      -
      • -

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      -
      • -
    -

    Remediation

    -

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Directory Traversal

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/helm/v3 /usr/local/bin/helm -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - github.com/cyphar/filepath-securejoin -
      • - -
    • Introduced through: - - helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - helm.sh/helm/v3@* - - github.com/cyphar/filepath-securejoin@v0.2.3 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

    -

    Note: - This vulnerability is only exploitable on Windows OS.

    -

    Details

    -

    A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

    -

    Directory Traversal vulnerabilities can be generally divided into two types:

    -
      -
    • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
      • -
    -

    st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

    -

    If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

    - 
    curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
-
    -

    Note %2e is the URL encoded version of . (dot).

    -
      -
    • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
      • -
    -

    One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

    -

    The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

    - 
    2018-04-15 22:04:29 .....           19           19  good.txt
-        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
-
    -

    Remediation

    -

    Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    CVE-2020-22916

    @@ -825,7 +572,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -838,7 +585,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.10.8 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -851,7 +598,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -901,7 +648,7 @@

      CVE-2023-51767

      • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -914,7 +661,7 @@

        CVE-2023-51767

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + docker-image|quay.io/argoproj/argocd@v2.10.8 and openssh/openssh-client@1:8.9p1-3ubuntu0.7
      @@ -927,9 +674,9 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 @@ -977,7 +724,7 @@

        Information Exposure

        • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -990,7 +737,7 @@

          Information Exposure

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.10.8 and libgcrypt20@1.9.4-3ubuntu3
        @@ -1003,7 +750,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 libgcrypt20@1.9.4-3ubuntu3 @@ -1012,7 +759,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -1023,7 +770,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1034,7 +781,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -1047,7 +794,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -1060,7 +807,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -1073,7 +820,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1086,7 +833,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1099,7 +846,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1112,7 +859,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1125,7 +872,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -1138,7 +885,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -1168,6 +915,7 @@

          References

        • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
        • https://access.redhat.com/security/cve/CVE-2024-2236
        • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
          • +
        • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
        @@ -1176,6 +924,78 @@

        References

        More about this vulnerability

    +

    +
    +

    CVE-2024-32487

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + less +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.10.8 and less@590-1ubuntu0.22.04.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.10.8 + + less@590-1ubuntu0.22.04.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 less.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2024-26461

    @@ -1189,7 +1009,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1202,7 +1022,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.10.8 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1215,7 +1035,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1224,7 +1044,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1245,7 +1065,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1268,7 +1088,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1277,7 +1097,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1298,7 +1118,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1307,9 +1127,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1318,7 +1138,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -1331,7 +1151,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -1346,7 +1166,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1365,7 +1185,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1409,7 +1229,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1422,7 +1242,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.10.8 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1435,7 +1255,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1444,7 +1264,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1465,7 +1285,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1488,7 +1308,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1497,7 +1317,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1518,7 +1338,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1527,9 +1347,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1538,7 +1358,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -1551,7 +1371,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -1566,7 +1386,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1585,7 +1405,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1629,7 +1449,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1642,7 +1462,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.10.8 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1655,7 +1475,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1664,7 +1484,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1685,7 +1505,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1708,7 +1528,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1717,7 +1537,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1738,7 +1558,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1747,9 +1567,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1758,7 +1578,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -1771,7 +1591,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -1786,7 +1606,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -1805,7 +1625,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1849,7 +1669,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1909,7 +1729,7 @@

            Infinite loop

            • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1980,7 +1800,7 @@

              Stack-based Buffer Overflow

              • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -2048,7 +1868,7 @@

                Infinite loop

                • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2108,7 +1928,7 @@

                  References

    -

    Allocation of Resources Without Limits or Throttling

    +

    Authentication Bypass by Capture-replay

    @@ -2119,7 +1939,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.8.16/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -2127,12 +1947,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + golang.org/x/crypto/ssh
  • Introduced through: - helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0
    • @@ -2145,9 +1965,9 @@

    Detailed paths

    • Introduced through: - helm.sh/helm/v3@* + github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.8.0 + golang.org/x/crypto/ssh@v0.16.0 @@ -2159,80 +1979,8 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

      -

      Note:

      -

      This issue is related to CVE-2023-44487

      -

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      -

      References

      - - -
      - -
      -

      More about this vulnerability

      -
      - -
    -
    -

    Authentication Bypass by Capture-replay

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd -
      • -
    • - Package Manager: golang -
      • -
    • - Vulnerable module: - - golang.org/x/crypto/ssh -
      • - -
    • Introduced through: - - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - github.com/argoproj/argo-cd/v2@* - - golang.org/x/crypto/ssh@v0.16.0 - - - -
      • -
    - -
    - -
    - -

    Overview

    -

    golang.org/x/crypto/ssh is a SSH client and server

    -

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    +

    golang.org/x/crypto/ssh is a SSH client and server

    +

    Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

    Note:

    1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

      @@ -2276,367 +2024,6 @@

      References

      More about this vulnerability

    -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.16 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncaught Exception

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.16 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2961

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - glibc/libc-bin -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.8.16 and glibc/libc-bin@2.35-0ubuntu3.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - glibc/libc-bin@2.35-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 - - glibc/libc6@2.35-0ubuntu3.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -2650,7 +2037,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2710,7 +2097,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -2770,7 +2157,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -2830,7 +2217,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.8.16/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.10.8/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -2890,7 +2277,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2950,7 +2337,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -3010,7 +2397,7 @@

                Improper Handling of Highly Compressed Data (Data Amplif
                • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -3023,7 +2410,7 @@

                  Improper Handling of Highly Compressed Data (Data Amplif
                • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1

                @@ -3038,7 +2425,7 @@

                Detailed paths

                Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/go-jose/go-jose/v3@v3.0.0 + github.com/go-jose/go-jose/v3@v3.0.1 @@ -3079,7 +2466,7 @@

                CVE-2023-7008

                • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -3092,7 +2479,7 @@

                  CVE-2023-7008

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.10.8 and systemd/libsystemd0@249.11-0ubuntu3.12
                @@ -3105,7 +2492,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -3114,7 +2501,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -3125,7 +2512,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -3136,7 +2523,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 util-linux@2.37.2-4ubuntu3.4 @@ -3147,7 +2534,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 util-linux/bsdutils@1:2.37.2-4ubuntu3.4 @@ -3158,7 +2545,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -3171,7 +2558,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 systemd/libudev1@249.11-0ubuntu3.12 @@ -3180,7 +2567,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 libfido2/libfido2-1@1.10.0-1 @@ -3191,7 +2578,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 util-linux@2.37.2-4ubuntu3.4 @@ -3202,7 +2589,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -3255,7 +2642,7 @@

                  Arbitrary Code Injection

                  • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -3268,7 +2655,7 @@

                    Arbitrary Code Injection

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.10.8 and shadow/passwd@1:4.8.1-2ubuntu2.2
                  @@ -3281,7 +2668,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -3290,7 +2677,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -3301,9 +2688,9 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -3312,7 +2699,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 shadow/login@1:4.8.1-2ubuntu2.2 @@ -3359,7 +2746,7 @@

                    Uncontrolled Recursion

                    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -3372,7 +2759,7 @@

                      Uncontrolled Recursion

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.10.8 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
                    @@ -3385,7 +2772,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -3394,7 +2781,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 grep@3.7-1build1 @@ -3447,7 +2834,7 @@

                      Release of Invalid Pointer or Reference

                      • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -3460,7 +2847,7 @@

                        Release of Invalid Pointer or Reference

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.10.8 and patch@2.7.6-7build2
                      @@ -3473,7 +2860,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 patch@2.7.6-7build2 @@ -3517,7 +2904,7 @@

                        Double Free

                        • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -3530,7 +2917,7 @@

                          Double Free

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.10.8 and patch@2.7.6-7build2
                        @@ -3543,7 +2930,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 patch@2.7.6-7build2 @@ -3592,7 +2979,7 @@

                          CVE-2023-50495

                          • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -3605,7 +2992,7 @@

                            CVE-2023-50495

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.10.8 and ncurses/libtinfo6@6.3-2ubuntu0.1
                          @@ -3618,7 +3005,7 @@

                          Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3627,7 +3014,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 bash@5.1-6ubuntu1.1 @@ -3638,7 +3025,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3649,7 +3036,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 less@590-1ubuntu0.22.04.2 @@ -3660,7 +3047,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 libedit/libedit2@3.1-20210910-1build1 @@ -3671,7 +3058,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3682,7 +3069,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3693,7 +3080,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 procps@2:3.3.17-6ubuntu2.1 @@ -3704,7 +3091,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 util-linux@2.37.2-4ubuntu3.4 @@ -3715,7 +3102,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3730,7 +3117,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3745,7 +3132,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3754,7 +3141,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 procps@2:3.3.17-6ubuntu2.1 @@ -3765,7 +3152,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3780,7 +3167,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3789,7 +3176,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 procps@2:3.3.17-6ubuntu2.1 @@ -3800,7 +3187,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3809,7 +3196,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3856,7 +3243,7 @@

                            CVE-2023-45918

                            • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                            • Package Manager: ubuntu:22.04 @@ -3869,7 +3256,7 @@

                              CVE-2023-45918

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.10.8 and ncurses/libtinfo6@6.3-2ubuntu0.1
                            @@ -3882,7 +3269,7 @@

                            Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3891,7 +3278,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 bash@5.1-6ubuntu1.1 @@ -3902,7 +3289,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3913,7 +3300,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 less@590-1ubuntu0.22.04.2 @@ -3924,7 +3311,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 libedit/libedit2@3.1-20210910-1build1 @@ -3935,7 +3322,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3946,7 +3333,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3957,7 +3344,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 procps@2:3.3.17-6ubuntu2.1 @@ -3968,7 +3355,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 util-linux@2.37.2-4ubuntu3.4 @@ -3979,7 +3366,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3994,7 +3381,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4009,7 +3396,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -4018,7 +3405,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 procps@2:3.3.17-6ubuntu2.1 @@ -4029,7 +3416,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4044,7 +3431,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -4053,7 +3440,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 procps@2:3.3.17-6ubuntu2.1 @@ -4064,7 +3451,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -4073,7 +3460,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -4118,7 +3505,7 @@

                              Resource Exhaustion

                              • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                              • Package Manager: ubuntu:22.04 @@ -4131,7 +3518,7 @@

                                Resource Exhaustion

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.10.8 and libzstd/libzstd1@1.4.8+dfsg-3build1
                              @@ -4144,7 +3531,7 @@

                              Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -4195,7 +3582,7 @@

                                Integer Overflow or Wraparound

                                • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                                • Package Manager: ubuntu:22.04 @@ -4208,7 +3595,7 @@

                                  Integer Overflow or Wraparound

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.10.8 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
                                @@ -4221,7 +3608,7 @@

                                Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -4230,7 +3617,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -4251,7 +3638,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -4274,7 +3661,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -4283,7 +3670,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -4304,7 +3691,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4313,9 +3700,9 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4324,7 +3711,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -4337,7 +3724,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -4352,7 +3739,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 adduser@3.118ubuntu5 @@ -4371,7 +3758,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -4419,7 +3806,7 @@

                                  Out-of-bounds Write

                                  • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                                  • Package Manager: ubuntu:22.04 @@ -4432,7 +3819,7 @@

                                    Out-of-bounds Write

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.10.8 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                                  @@ -4445,7 +3832,7 @@

                                  Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4454,7 +3841,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -4465,7 +3852,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4476,7 +3863,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4487,7 +3874,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4498,7 +3885,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4511,7 +3898,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4524,7 +3911,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4533,7 +3920,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4544,7 +3931,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4557,7 +3944,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4566,7 +3953,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4577,7 +3964,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4586,7 +3973,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4597,7 +3984,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4606,7 +3993,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4617,7 +4004,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4630,7 +4017,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4643,7 +4030,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4652,7 +4039,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4663,7 +4050,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4676,7 +4063,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4689,7 +4076,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4698,7 +4085,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4709,7 +4096,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4718,7 +4105,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4729,7 +4116,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4738,7 +4125,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4749,7 +4136,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4798,7 +4185,7 @@

                                    Allocation of Resources Without Limits or Throttling

                                  • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                                  • Package Manager: ubuntu:22.04 @@ -4811,7 +4198,7 @@

                                    Allocation of Resources Without Limits or Throttling

                                    Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and glibc/libc-bin@2.35-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.10.8 and glibc/libc-bin@2.35-0ubuntu3.7
                                  @@ -4824,18 +4211,18 @@

                                  Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - glibc/libc-bin@2.35-0ubuntu3.6 + glibc/libc-bin@2.35-0ubuntu3.7
                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 - glibc/libc6@2.35-0ubuntu3.6 + glibc/libc6@2.35-0ubuntu3.7 @@ -4879,7 +4266,7 @@

                                    Improper Input Validation

                                    • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                                    • Package Manager: ubuntu:22.04 @@ -4893,7 +4280,7 @@

                                      Improper Input Validation

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.10.8, git@1:2.34.1-1ubuntu1.10 and others
                                    @@ -4905,7 +4292,7 @@

                                    Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -4916,7 +4303,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git@1:2.34.1-1ubuntu1.10 @@ -4925,7 +4312,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 git-lfs@3.0.2-1ubuntu0.2 @@ -4972,7 +4359,7 @@

                                      Uncontrolled Recursion

                                      • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                                      • Package Manager: ubuntu:22.04 @@ -4985,7 +4372,7 @@

                                        Uncontrolled Recursion

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.10.8 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                                      @@ -4998,7 +4385,7 @@

                                      Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -5007,7 +4394,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -5018,7 +4405,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 apt@2.4.12 @@ -5031,7 +4418,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -5040,7 +4427,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -5087,7 +4474,7 @@

                                        Improper Input Validation

                                        • - Manifest file: quay.io/argoproj/argocd:v2.8.16/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.10.8/argoproj/argocd Dockerfile
                                        • Package Manager: ubuntu:22.04 @@ -5100,7 +4487,7 @@

                                          Improper Input Validation

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.10.8 and coreutils@8.32-4.1ubuntu1.2
                                        @@ -5113,7 +4500,7 @@

                                        Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.8.16 + docker-image|quay.io/argoproj/argocd@v2.10.8 coreutils@8.32-4.1ubuntu1.2 diff --git a/docs/snyk/v2.10.8/redis_7.0.15-alpine.html b/docs/snyk/v2.10.8/redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..c10b8fb04e70b --- /dev/null +++ b/docs/snyk/v2.10.8/redis_7.0.15-alpine.html @@ -0,0 +1,657 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                          +
                                          +
                                          +
                                          + + + Snyk - Open Source Security + + + + + + + +
                                          +

                                          Snyk test report

                                          + +

                                          April 28th 2024, 12:20:54 am (UTC+00:00)

                                          +
                                          +
                                          + Scanned the following paths: +
                                            +
                                          • redis:7.0.15-alpine (apk)
                                            • +
                                          • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
                                            • +
                                          +
                                          + +
                                          +
                                          1 known vulnerabilities
                                          +
                                          9 vulnerable dependency paths
                                          +
                                          19 dependencies
                                          +
                                          +
                                          +
                                          +
                                          + +
                                          +
                                          +
                                          +

                                          CVE-2024-2511

                                          +
                                          + +
                                          + low severity +
                                          + +
                                          + +
                                            +
                                          • + Package Manager: alpine:3.19 +
                                            • +
                                          • + Vulnerable module: + + openssl/libcrypto3 +
                                            • + +
                                          • Introduced through: + + docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 + +
                                            • +
                                          + +
                                          + + +

                                          Detailed paths

                                          + +
                                            +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libssl3@3.1.4-r5 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          + +
                                          + +
                                          + +

                                          NVD Description

                                          +

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                                          +

                                          Issue summary: Some non-default TLS server configurations can cause unbounded + memory growth when processing TLSv1.3 sessions

                                          +

                                          Impact summary: An attacker may exploit certain server configurations to trigger + unbounded memory growth that would lead to a Denial of Service

                                          +

                                          This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is + being used (but not if early_data support is also configured and the default + anti-replay protection is in use). In this case, under certain conditions, the + session cache can get into an incorrect state and it will fail to flush properly + as it fills. The session cache will continue to grow in an unbounded manner. A + malicious client could deliberately create the scenario for this failure to + force a Denial of Service. It may also happen by accident in normal operation.

                                          +

                                          This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS + clients.

                                          +

                                          The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL + 1.0.2 is also not affected by this issue.

                                          +

                                          Remediation

                                          +

                                          Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

                                          +

                                          References

                                          + + +
                                          + +
                                          +

                                          More about this vulnerability

                                          +
                                          + +
                                          +
                                          +
                                          +
                                          + + + diff --git a/docs/snyk/v2.11.0-rc2/argocd-iac-install.html b/docs/snyk/v2.11.0-rc2/argocd-iac-install.html index 787399c8e9f6f..85b1abab5bdf4 100644 --- a/docs/snyk/v2.11.0-rc2/argocd-iac-install.html +++ b/docs/snyk/v2.11.0-rc2/argocd-iac-install.html @@ -456,7 +456,7 @@

                                          Snyk test report

                                          -

                                          April 21st 2024, 12:19:48 am (UTC+00:00)

                                          +

                                          April 28th 2024, 12:20:03 am (UTC+00:00)

                                          Scanned the following path: diff --git a/docs/snyk/v2.11.0-rc2/argocd-iac-namespace-install.html b/docs/snyk/v2.11.0-rc2/argocd-iac-namespace-install.html index c4e90bafd0756..47b02ad37cf03 100644 --- a/docs/snyk/v2.11.0-rc2/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.11.0-rc2/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

                                          Snyk test report

                                          -

                                          April 21st 2024, 12:19:56 am (UTC+00:00)

                                          +

                                          April 28th 2024, 12:20:13 am (UTC+00:00)

                                          Scanned the following path: diff --git a/docs/snyk/v2.11.0-rc2/argocd-test.html b/docs/snyk/v2.11.0-rc2/argocd-test.html index 3810bb4f8b72d..294013c30117c 100644 --- a/docs/snyk/v2.11.0-rc2/argocd-test.html +++ b/docs/snyk/v2.11.0-rc2/argocd-test.html @@ -456,7 +456,7 @@

                                          Snyk test report

                                          -

                                          April 21st 2024, 12:17:59 am (UTC+00:00)

                                          +

                                          April 28th 2024, 12:18:15 am (UTC+00:00)

                                          Scanned the following paths: diff --git a/docs/snyk/v2.11.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html b/docs/snyk/v2.11.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html index 61831ad5c5035..2f991543459d0 100644 --- a/docs/snyk/v2.11.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html +++ b/docs/snyk/v2.11.0-rc2/ghcr.io_dexidp_dex_v2.38.0.html @@ -456,7 +456,7 @@

                                          Snyk test report

                                          -

                                          April 21st 2024, 12:18:04 am (UTC+00:00)

                                          +

                                          April 28th 2024, 12:18:20 am (UTC+00:00)

                                          Scanned the following paths: @@ -713,6 +713,8 @@

                                          References

                                        • https://www.openssl.org/news/secadv/20240109.txt
                                        • http://www.openwall.com/lists/oss-security/2024/01/09/1
                                        • https://security.netapp.com/advisory/ntap-20240216-0009/
                                          • +
                                        • https://security.netapp.com/advisory/ntap-20240426-0008/
                                          • +
                                        • https://security.netapp.com/advisory/ntap-20240426-0013/
                                        @@ -2622,9 +2624,37 @@

                                        Detailed paths

                                        NVD Description

                                        -

                                        This vulnerability has not been analyzed by NVD yet.

                                        +

                                        Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                                        +

                                        Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

                                        +

                                        Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

                                        +

                                        When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

                                        +

                                        An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

                                        +

                                        The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

                                        +

                                        The OpenSSL SSL/TLS implementation is not affected by this issue.

                                        +

                                        The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

                                        Remediation

                                        Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

                                        +

                                        References

                                        +
                                        diff --git a/docs/snyk/v2.11.0-rc2/haproxy_2.6.14-alpine.html b/docs/snyk/v2.11.0-rc2/haproxy_2.6.14-alpine.html index ec0fde3db6177..fea8477a51f0a 100644 --- a/docs/snyk/v2.11.0-rc2/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.11.0-rc2/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

                                        Snyk test report

                                        -

                                        April 21st 2024, 12:18:08 am (UTC+00:00)

                                        +

                                        April 28th 2024, 12:18:25 am (UTC+00:00)

                                        Scanned the following path: @@ -1036,6 +1036,8 @@

                                        References

                                      • https://www.openssl.org/news/secadv/20240109.txt
                                      • http://www.openwall.com/lists/oss-security/2024/01/09/1
                                      • https://security.netapp.com/advisory/ntap-20240216-0009/
                                        • +
                                      • https://security.netapp.com/advisory/ntap-20240426-0008/
                                        • +
                                      • https://security.netapp.com/advisory/ntap-20240426-0013/
                                      @@ -1357,9 +1359,37 @@

                                      Detailed paths

                                      NVD Description

                                      -

                                      This vulnerability has not been analyzed by NVD yet.

                                      +

                                      Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                      +

                                      Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

                                      +

                                      Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

                                      +

                                      When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

                                      +

                                      An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

                                      +

                                      The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

                                      +

                                      The OpenSSL SSL/TLS implementation is not affected by this issue.

                                      +

                                      The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

                                      Remediation

                                      Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

                                      +

                                      References

                                      +
                                      diff --git a/docs/snyk/v2.11.0-rc2/quay.io_argoproj_argocd_v2.11.0-rc2.html b/docs/snyk/v2.11.0-rc2/quay.io_argoproj_argocd_v2.11.0-rc2.html index 8be03cfd4bcab..6f676b0935df4 100644 --- a/docs/snyk/v2.11.0-rc2/quay.io_argoproj_argocd_v2.11.0-rc2.html +++ b/docs/snyk/v2.11.0-rc2/quay.io_argoproj_argocd_v2.11.0-rc2.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

                                      Snyk test report

                                      -

                                      April 21st 2024, 12:18:25 am (UTC+00:00)

                                      +

                                      April 28th 2024, 12:18:41 am (UTC+00:00)

                                      Scanned the following paths: @@ -470,8 +470,8 @@

                                      Snyk test report

                                      -
                                      32 known vulnerabilities
                                      -
                                      167 vulnerable dependency paths
                                      +
                                      34 known vulnerabilities
                                      +
                                      169 vulnerable dependency paths
                                      2276 dependencies
    @@ -711,6 +711,85 @@

    References

    More about this vulnerability

    +

    +
    +

    CVE-2024-28182

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.0-rc2/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + nghttp2/libnghttp2-14 +
      • + +
    • Introduced through: + + + docker-image|quay.io/argoproj/argocd@v2.11.0-rc2, git@1:2.34.1-1ubuntu1.10 and others +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.0-rc2 + + git@1:2.34.1-1ubuntu1.10 + + curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 + + nghttp2/libnghttp2-14@1.43.0-1ubuntu0.1 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream nghttp2 package and not the nghttp2 package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 in C. The nghttp2 library prior to version 1.61.0 keeps reading the unbounded number of HTTP/2 CONTINUATION frames even after a stream is reset to keep HPACK context in sync. This causes excessive CPU usage to decode HPACK stream. nghttp2 v1.61.0 mitigates this vulnerability by limiting the number of CONTINUATION frames it accepts per stream. There is no workaround for this vulnerability.

    +

    Remediation

    +

    Upgrade Ubuntu:22.04 nghttp2 to version 1.43.0-1ubuntu0.2 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    Information Exposure

    @@ -915,6 +994,7 @@

    References

  • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
  • https://access.redhat.com/security/cve/CVE-2024-2236
  • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
    • +
  • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
    • @@ -923,6 +1003,78 @@

    References

    More about this vulnerability

    +
    +
    +

    CVE-2024-32487

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.11.0-rc2/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + less +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.11.0-rc2 and less@590-1ubuntu0.22.04.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.11.0-rc2 + + less@590-1ubuntu0.22.04.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 less.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2024-26461

    diff --git a/docs/snyk/v2.11.0-rc2/redis_7.0.14-alpine.html b/docs/snyk/v2.11.0-rc2/redis_7.0.14-alpine.html index 226f64188d30d..de6ed18290d85 100644 --- a/docs/snyk/v2.11.0-rc2/redis_7.0.14-alpine.html +++ b/docs/snyk/v2.11.0-rc2/redis_7.0.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:18:30 am (UTC+00:00)

    +

    April 28th 2024, 12:18:47 am (UTC+00:00)

    Scanned the following paths: @@ -653,6 +653,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -974,9 +976,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.19 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/v2.8.16/redis_7.0.11-alpine.html b/docs/snyk/v2.8.16/redis_7.0.11-alpine.html deleted file mode 100644 index 0128e35c967d4..0000000000000 --- a/docs/snyk/v2.8.16/redis_7.0.11-alpine.html +++ /dev/null @@ -1,2204 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
    -
    -
    -
    - - - Snyk - Open Source Security - - - - - - - -
    -

    Snyk test report

    - -

    April 21st 2024, 12:25:00 am (UTC+00:00)

    -
    -
    - Scanned the following path: -
      -
    • redis:7.0.11-alpine (apk)
      • -
    -
    - -
    -
    10 known vulnerabilities
    -
    86 vulnerable dependency paths
    -
    18 dependencies
    -
    -
    -
    -
    -
    - - - - - - - -
    Project docker-image|redis
    Path redis:7.0.11-alpine
    Package Manager apk
    -
    -
    -
    -
    -

    Out-of-bounds Write

    -
    - -
    - critical severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - busybox/busybox -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

    -

    Remediation

    -

    Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-5363

    -
    - -
    - high severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

    -

    Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

    -

    When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

    -

    For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

    -

    Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

    -

    Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

    -

    OpenSSL 3.1 and 3.0 are vulnerable to this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Authentication

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

    -

    Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

    -

    The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

    -

    As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Inefficient Regular Expression Complexity

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

    -

    However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Excessive Iteration

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Checking excessively long DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

    -

    The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

    -

    An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

    -

    The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

    -

    Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Improper Check for Unusual or Exceptional Conditions

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

    -

    Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

    -

    While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

    -

    Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

    -

    An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

    -

    DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

    -

    Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

    -

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    -

    The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Out-of-bounds Write

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

    -

    Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

    -

    The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

    -

    The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

    -

    The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-0727

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

    -

    Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

    -

    A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

    -

    OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

    -

    We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2023-6237

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2511

    -
    - -
    - low severity -
    - -
    - -
      -
    • - Package Manager: alpine:3.18 -
      • -
    • - Vulnerable module: - - openssl/libcrypto3 -
      • - -
    • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

    -

    Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

    -

    Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

    -

    This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

    -

    This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

    -

    The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

    -

    Remediation

    -

    Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -
    -
    - - - diff --git a/docs/snyk/v2.8.16/argocd-iac-install.html b/docs/snyk/v2.8.17/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.8.16/argocd-iac-install.html rename to docs/snyk/v2.8.17/argocd-iac-install.html index f72bf79bda97b..e40b425071427 100644 --- a/docs/snyk/v2.8.16/argocd-iac-install.html +++ b/docs/snyk/v2.8.17/argocd-iac-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:26:06 am (UTC+00:00)

    +

    April 28th 2024, 12:26:25 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 20310 + Line number: 20316
    • diff --git a/docs/snyk/v2.8.16/argocd-iac-namespace-install.html b/docs/snyk/v2.8.17/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.8.16/argocd-iac-namespace-install.html rename to docs/snyk/v2.8.17/argocd-iac-namespace-install.html index 0ed3548b2ecc0..0cb2e3e2deeea 100644 --- a/docs/snyk/v2.8.16/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.8.17/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:26:14 am (UTC+00:00)

    +

    April 28th 2024, 12:26:34 am (UTC+00:00)

    Scanned the following path: @@ -2545,7 +2545,7 @@

    Container's or Pod's UID could clash with hos
  • - Line number: 1822 + Line number: 1828
    • diff --git a/docs/snyk/v2.8.16/argocd-test.html b/docs/snyk/v2.8.17/argocd-test.html similarity index 96% rename from docs/snyk/v2.8.16/argocd-test.html rename to docs/snyk/v2.8.17/argocd-test.html index 277070c2d0430..b273ffe971176 100644 --- a/docs/snyk/v2.8.16/argocd-test.html +++ b/docs/snyk/v2.8.17/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:24:29 am (UTC+00:00)

    +

    April 28th 2024, 12:24:48 am (UTC+00:00)

    Scanned the following paths: @@ -467,8 +467,8 @@

    Snyk test report

    -
    14 known vulnerabilities
    -
    231 vulnerable dependency paths
    +
    15 known vulnerabilities
    +
    237 vulnerable dependency paths
    1856 dependencies

    @@ -4780,6 +4780,221 @@

    References

    More about this vulnerability

    +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/whilp/git-urls +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#3446d4ae8520 + + github.com/argoproj/notifications-engine/pkg/services@#3446d4ae8520 + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    github.com/whilp/git-urls is a Git URLs parser

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    +

    Note: + This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    +

    PoC

    + 
    
+        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
+        malicious_url := "6en6ar@-:0////" + payload + "\"
+        begin := time.Now()
+        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
+        _, err := giturls.ParseScp(malicious_url)
+        if err != nil {
+        fmt.Errorf("[ - ] Error ->" + err.Error())
+        }
+        //fmt.Println("[ + ] Url --> " + u.Host)
+        elapse := time.Since(begin)
+        fmt.Printf("Function took %s", elapse)
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    There is no fixed version for github.com/whilp/git-urls.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    diff --git a/docs/snyk/v2.9.12/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.8.17/ghcr.io_dexidp_dex_v2.37.0.html similarity index 98% rename from docs/snyk/v2.9.12/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.8.17/ghcr.io_dexidp_dex_v2.37.0.html index ac1eea048f911..7e842f96a5cba 100644 --- a/docs/snyk/v2.9.12/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.8.17/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:22:25 am (UTC+00:00)

    +

    April 28th 2024, 12:24:54 am (UTC+00:00)

    Scanned the following paths: @@ -2045,6 +2045,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -4406,9 +4408,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/v2.10.7/haproxy_2.6.14-alpine.html b/docs/snyk/v2.8.17/haproxy_2.6.14-alpine.html similarity index 96% rename from docs/snyk/v2.10.7/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.8.17/haproxy_2.6.14-alpine.html index 9fa7c9a0e8cbc..1c1a5ba55c308 100644 --- a/docs/snyk/v2.10.7/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.8.17/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:20:17 am (UTC+00:00)

    +

    April 28th 2024, 12:24:57 am (UTC+00:00)

    Scanned the following path: @@ -1036,6 +1036,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -1357,9 +1359,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/v2.9.12/quay.io_argoproj_argocd_v2.9.12.html b/docs/snyk/v2.8.17/quay.io_argoproj_argocd_v2.8.17.html similarity index 91% rename from docs/snyk/v2.9.12/quay.io_argoproj_argocd_v2.9.12.html rename to docs/snyk/v2.8.17/quay.io_argoproj_argocd_v2.8.17.html index 5e8abae49720a..9a0771753b320 100644 --- a/docs/snyk/v2.9.12/quay.io_argoproj_argocd_v2.9.12.html +++ b/docs/snyk/v2.8.17/quay.io_argoproj_argocd_v2.8.17.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    April 21st 2024, 12:22:46 am (UTC+00:00)

    +

    April 28th 2024, 12:25:15 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.9.12/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.12//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.12/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.9.12/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.17/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.17/kustomize/kustomize/v5//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.17/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.8.17/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    37 known vulnerabilities
    -
    182 vulnerable dependency paths
    -
    2189 dependencies
    +
    38 known vulnerabilities
    +
    172 vulnerable dependency paths
    +
    2120 dependencies
    @@ -481,7 +481,7 @@

    Snyk test report

    -

    Denial of Service (DoS)

    +

    Allocation of Resources Without Limits or Throttling

    @@ -492,7 +492,7 @@

    Denial of Service (DoS)

    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -500,12 +500,12 @@

      Denial of Service (DoS)

    • Vulnerable module: - google.golang.org/grpc + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 + github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0
    @@ -520,7 +520,87 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - google.golang.org/grpc@v1.56.2 + golang.org/x/net/http2@v0.19.0 + + + + +
  • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/http2@v0.8.0 + + + +
    • + + +
    + +
    + +

    Overview

    +

    golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

    +

    Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

    +

    Remediation

    +

    Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + golang.org/x/net/http2 +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + helm.sh/helm/v3@* + + golang.org/x/net/http2@v0.8.0 @@ -532,10 +612,10 @@

      Detailed paths

      Overview

      -

      google.golang.org/grpc is a Go implementation of gRPC

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

      Remediation

      -

      Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      References

    -

    Allocation of Resources Without Limits or Throttling

    +

    Denial of Service (DoS)

    @@ -574,7 +654,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -582,12 +662,12 @@

    Allocation of Resources Without Limits or Throttling

    Vulnerable module: - golang.org/x/net/http2 + github.com/go-jose/go-jose/v3
  • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/net/http2@v0.19.0 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0
    • @@ -602,16 +682,88 @@

    Detailed paths

    Introduced through: github.com/argoproj/argo-cd/v2@* - golang.org/x/net/http2@v0.19.0 + github.com/go-jose/go-jose/v3@v3.0.0 + + +
    + +
    + +

    Overview

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) when decrypting JWE inputs. An attacker can cause a denial-of-service by providing a PBES2 encrypted JWE blob with a very large p2c value.

    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its intended and legitimate users.

    +

    Unlike other vulnerabilities, DoS attacks usually do not aim at breaching security. Rather, they are focused on making websites and services unavailable to genuine users resulting in downtime.

    +

    One popular Denial of Service vulnerability is DDoS (a Distributed Denial of Service), an attack that attempts to clog network pipes to the system by generating a large volume of traffic from many machines.

    +

    When it comes to open source libraries, DoS vulnerabilities allow attackers to trigger such a crash or crippling of the service by using a flaw either in the application code or from the use of open source libraries.

    +

    Two common types of DoS vulnerabilities:

    +
      +

    • High CPU/Memory Consumption- An attacker sending crafted requests that could cause the system to take a disproportionate amount of time to process. For example, commons-fileupload:commons-fileupload.

      +
      • +

    • Crash - An attacker sending crafted requests that could cause the system to crash. For Example, npm ws package

      +
      • +
    +

    Remediation

    +

    Upgrade github.com/go-jose/go-jose/v3 to version 3.0.1 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +
    +
    +

    Directory Traversal

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.17/helm/v3 /usr/local/bin/helm +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/cyphar/filepath-securejoin +
      • + +
    • Introduced through: + + helm.sh/helm/v3@* and github.com/cyphar/filepath-securejoin@v0.2.3 + +
      • +
    + +
    + + +

    Detailed paths

    + +
    • Introduced through: helm.sh/helm/v3@* - golang.org/x/net/http2@v0.17.0 + github.com/cyphar/filepath-securejoin@v0.2.3 @@ -623,22 +775,41 @@

      Detailed paths

      Overview

      -

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      -

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when reading header data from CONTINUATION frames. As part of the HPACK flow, all incoming HEADERS and CONTINUATION frames are read even if their payloads exceed MaxHeaderBytes and will be discarded. An attacker can send excessive data over a connection to render it unresponsive.

      +

      Affected versions of this package are vulnerable to Directory Traversal via the filepath.FromSlash() function, allwoing attackers to generate paths that were outside of the provided rootfs.

      +

      Note: + This vulnerability is only exploitable on Windows OS.

      +

      Details

      +

      A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

      +

      Directory Traversal vulnerabilities can be generally divided into two types:

      +
        +
      • Information Disclosure: Allows the attacker to gain information about the folder structure or read the contents of sensitive files on the system.
        • +
      +

      st is a module for serving static files on web pages, and contains a vulnerability of this type. In our example, we will serve files from the public route.

      +

      If an attacker requests the following URL from our server, it will in turn leak the sensitive private key of the root user.

      + 
      curl http://localhost:8080/public/%2e%2e/%2e%2e/%2e%2e/%2e%2e/%2e%2e/root/.ssh/id_rsa
+
      +

      Note %2e is the URL encoded version of . (dot).

      +
        +
      • Writing arbitrary files: Allows the attacker to create or replace existing files. This type of vulnerability is also known as Zip-Slip.
        • +
      +

      One way to achieve this is by using a malicious zip archive that holds path traversal filenames. When each filename in the zip archive gets concatenated to the target extraction folder, without validation, the final path ends up outside of the target folder. If an executable or a configuration file is overwritten with a file containing malicious code, the problem can turn into an arbitrary code execution issue quite easily.

      +

      The following is an example of a zip archive with one benign file and one malicious file. Extracting the malicious file will result in traversing out of the target folder, ending up in /root/.ssh/ overwriting the authorized_keys file:

      + 
      2018-04-15 22:04:29 .....           19           19  good.txt
+        2018-04-15 22:04:42 .....           20           20  ../../../../../../root/.ssh/authorized_keys
+

      Remediation

      -

      Upgrade golang.org/x/net/http2 to version 0.23.0 or higher.

      +

      Upgrade github.com/cyphar/filepath-securejoin to version 0.2.4 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    @@ -654,7 +825,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -667,7 +838,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.8.17 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -680,7 +851,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -730,7 +901,7 @@

      CVE-2023-51767

      • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -743,7 +914,7 @@

        CVE-2023-51767

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + docker-image|quay.io/argoproj/argocd@v2.8.17 and openssh/openssh-client@1:8.9p1-3ubuntu0.7
      @@ -756,9 +927,9 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 @@ -806,7 +977,7 @@

        Information Exposure

        • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -819,7 +990,7 @@

          Information Exposure

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.8.17 and libgcrypt20@1.9.4-3ubuntu3
        @@ -832,7 +1003,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 libgcrypt20@1.9.4-3ubuntu3 @@ -841,7 +1012,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -852,7 +1023,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -863,7 +1034,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -876,7 +1047,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -889,7 +1060,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -902,7 +1073,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -915,7 +1086,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -928,7 +1099,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -941,7 +1112,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -954,7 +1125,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -967,7 +1138,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -997,6 +1168,7 @@

          References

        • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
        • https://access.redhat.com/security/cve/CVE-2024-2236
        • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
          • +
        • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
        @@ -1005,6 +1177,78 @@

        References

        More about this vulnerability

    +
    +
    +

    CVE-2024-32487

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + less +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.8.17 and less@590-1ubuntu0.22.04.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.8.17 + + less@590-1ubuntu0.22.04.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 less.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2024-26461

    @@ -1018,7 +1262,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -1031,7 +1275,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -1044,7 +1288,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1053,7 +1297,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1074,7 +1318,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1097,7 +1341,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1106,7 +1350,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1127,7 +1371,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1136,9 +1380,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1147,7 +1391,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -1160,7 +1404,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -1175,7 +1419,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1194,7 +1438,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1238,7 +1482,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1251,7 +1495,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1264,7 +1508,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1273,7 +1517,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1294,7 +1538,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1317,7 +1561,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1326,7 +1570,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1347,7 +1591,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1356,9 +1600,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1367,7 +1611,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -1380,7 +1624,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -1395,7 +1639,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1414,7 +1658,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1458,7 +1702,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1471,7 +1715,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1484,7 +1728,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1493,7 +1737,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1514,7 +1758,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1537,7 +1781,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1546,7 +1790,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1567,7 +1811,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1576,9 +1820,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1587,7 +1831,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -1600,7 +1844,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -1615,7 +1859,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -1634,7 +1878,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1678,7 +1922,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1738,7 +1982,7 @@

            Infinite loop

            • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1809,7 +2053,7 @@

              Stack-based Buffer Overflow

              • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1877,7 +2121,7 @@

                Infinite loop

                • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -1937,7 +2181,7 @@

                  References

    -

    Authentication Bypass by Capture-replay

    +

    Allocation of Resources Without Limits or Throttling

    @@ -1948,7 +2192,7 @@

    Authentication Bypass by Capture-replay

    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/helm/v3 /usr/local/bin/helm
    • Package Manager: golang @@ -1956,12 +2200,12 @@

      Authentication Bypass by Capture-replay

    • Vulnerable module: - golang.org/x/crypto/ssh + golang.org/x/net/http2
    • Introduced through: - github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0 + helm.sh/helm/v3@* and golang.org/x/net/http2@v0.8.0
    @@ -1974,9 +2218,9 @@

    Detailed paths

    • Introduced through: - github.com/argoproj/argo-cd/v2@* + helm.sh/helm/v3@* - golang.org/x/crypto/ssh@v0.16.0 + golang.org/x/net/http2@v0.8.0 @@ -1988,333 +2232,28 @@

      Detailed paths

      Overview

      -

      golang.org/x/crypto/ssh is a SSH client and server

      -

      Affected versions of this package are vulnerable to Authentication Bypass by Capture-replay during the establishment of the secure channel. An attacker can manipulate handshake sequence numbers to delete messages sent immediately after the channel is established.

      +

      golang.org/x/net/http2 is a work-in-progress HTTP/2 implementation for Go.

      +

      Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling when MaxConcurrentStreams handler goroutines running. A a handler is started until one of the existing handlers exits.

      Note:

      -
        -

      1. Sequence numbers are only validated once the channel is established and arbitrary messages are allowed during the handshake, allowing them to manipulate the sequence numbers.

        -
        2. -

      2. The potential consequences of the general Terrapin attack are dependent on the messages exchanged after the handshake concludes. If you are using a custom SSH service and do not resort to the authentication protocol, you should check that dropping the first few messages of a connection does not yield security risks.

        -
        3. -
      -

      Impact:

      -

      While cryptographically novel, there is no discernable impact on the integrity of SSH traffic beyond giving the attacker the ability to delete the message that enables some features related to keystroke timing obfuscation. To successfully carry out the exploitation, the connection needs to be protected using either the ChaCha20-Poly1305 or CBC with Encrypt-then-MAC encryption methods. The attacker must also be able to intercept and modify the connection's traffic.

      -

      Workaround

      -

      Temporarily disable the affected chacha20-poly1305@openssh.com encryption and *-etm@openssh.com MAC algorithms in the affected configuration, and use unaffected algorithms like AES-GCM instead.

      +

      This issue is related to CVE-2023-44487

      Remediation

      -

      Upgrade golang.org/x/crypto/ssh to version 0.17.0 or higher.

      +

      Upgrade golang.org/x/net/http2 to version 0.17.0 or higher.

      References

      -

      More about this vulnerability

      +

      More about this vulnerability

    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.12 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncaught Exception

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.9.12 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2961

    +

    Authentication Bypass by Capture-replay

    @@ -2325,20 +2264,20 @@

    CVE-2024-2961

    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • - Package Manager: ubuntu:22.04 + Package Manager: golang
    • Vulnerable module: - glibc/libc-bin + golang.org/x/crypto/ssh
    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and glibc/libc-bin@2.35-0ubuntu3.6 + github.com/argoproj/argo-cd/v2@* and golang.org/x/crypto/ssh@v0.16.0
    @@ -2351,18 +2290,9 @@

    Detailed paths

    @@ -2407,7 +2362,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2467,7 +2422,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -2527,7 +2482,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -2587,7 +2542,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.9.12/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.8.17/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -2647,7 +2602,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2707,7 +2662,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -2767,7 +2722,7 @@

                Improper Handling of Highly Compressed Data (Data Amplif
                • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2780,7 +2735,7 @@

                  Improper Handling of Highly Compressed Data (Data Amplif
                • Introduced through: - github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.1 + github.com/argoproj/argo-cd/v2@* and github.com/go-jose/go-jose/v3@v3.0.0

                @@ -2795,7 +2750,7 @@

                Detailed paths

                Introduced through: github.com/argoproj/argo-cd/v2@* - github.com/go-jose/go-jose/v3@v3.0.1 + github.com/go-jose/go-jose/v3@v3.0.0 @@ -2836,7 +2791,7 @@

                CVE-2023-7008

                • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                • Package Manager: ubuntu:22.04 @@ -2849,7 +2804,7 @@

                  CVE-2023-7008

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 and systemd/libsystemd0@249.11-0ubuntu3.12
                @@ -2862,7 +2817,7 @@

                Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2871,7 +2826,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -2882,7 +2837,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -2893,7 +2848,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 util-linux@2.37.2-4ubuntu3.4 @@ -2904,7 +2859,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 util-linux/bsdutils@1:2.37.2-4ubuntu3.4 @@ -2915,7 +2870,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -2928,7 +2883,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 systemd/libudev1@249.11-0ubuntu3.12 @@ -2937,7 +2892,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 libfido2/libfido2-1@1.10.0-1 @@ -2948,7 +2903,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 util-linux@2.37.2-4ubuntu3.4 @@ -2959,7 +2914,7 @@

                  Detailed paths

                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -3012,7 +2967,7 @@

                  Arbitrary Code Injection

                  • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -3025,7 +2980,7 @@

                    Arbitrary Code Injection

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.8.17 and shadow/passwd@1:4.8.1-2ubuntu2.2
                  @@ -3038,7 +2993,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -3047,7 +3002,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -3058,9 +3013,9 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -3069,7 +3024,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 shadow/login@1:4.8.1-2ubuntu2.2 @@ -3116,7 +3071,7 @@

                    Uncontrolled Recursion

                    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -3129,7 +3084,7 @@

                      Uncontrolled Recursion

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.8.17 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
                    @@ -3142,7 +3097,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -3151,7 +3106,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 grep@3.7-1build1 @@ -3204,7 +3159,7 @@

                      Release of Invalid Pointer or Reference

                      • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -3217,7 +3172,7 @@

                        Release of Invalid Pointer or Reference

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.17 and patch@2.7.6-7build2
                      @@ -3230,7 +3185,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 patch@2.7.6-7build2 @@ -3274,7 +3229,7 @@

                        Double Free

                        • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -3287,7 +3242,7 @@

                          Double Free

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.8.17 and patch@2.7.6-7build2
                        @@ -3300,7 +3255,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 patch@2.7.6-7build2 @@ -3349,7 +3304,7 @@

                          CVE-2023-50495

                          • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -3362,7 +3317,7 @@

                            CVE-2023-50495

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
                          @@ -3375,7 +3330,7 @@

                          Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3384,7 +3339,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 bash@5.1-6ubuntu1.1 @@ -3395,7 +3350,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3406,7 +3361,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 less@590-1ubuntu0.22.04.2 @@ -3417,7 +3372,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 libedit/libedit2@3.1-20210910-1build1 @@ -3428,7 +3383,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3439,7 +3394,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3450,7 +3405,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 procps@2:3.3.17-6ubuntu2.1 @@ -3461,7 +3416,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 util-linux@2.37.2-4ubuntu3.4 @@ -3472,7 +3427,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3487,7 +3442,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3502,7 +3457,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3511,7 +3466,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 procps@2:3.3.17-6ubuntu2.1 @@ -3522,7 +3477,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3537,7 +3492,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3546,7 +3501,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 procps@2:3.3.17-6ubuntu2.1 @@ -3557,7 +3512,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3566,7 +3521,7 @@

                            Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3613,7 +3568,7 @@

                            CVE-2023-45918

                            • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                            • Package Manager: ubuntu:22.04 @@ -3626,7 +3581,7 @@

                              CVE-2023-45918

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.8.17 and ncurses/libtinfo6@6.3-2ubuntu0.1
                            @@ -3639,7 +3594,7 @@

                            Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3648,7 +3603,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 bash@5.1-6ubuntu1.1 @@ -3659,7 +3614,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3670,7 +3625,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 less@590-1ubuntu0.22.04.2 @@ -3681,7 +3636,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 libedit/libedit2@3.1-20210910-1build1 @@ -3692,7 +3647,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3703,7 +3658,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3714,7 +3669,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 procps@2:3.3.17-6ubuntu2.1 @@ -3725,7 +3680,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 util-linux@2.37.2-4ubuntu3.4 @@ -3736,7 +3691,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3751,7 +3706,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3766,7 +3721,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3775,7 +3730,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 procps@2:3.3.17-6ubuntu2.1 @@ -3786,7 +3741,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3801,7 +3756,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3810,7 +3765,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 procps@2:3.3.17-6ubuntu2.1 @@ -3821,7 +3776,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3830,7 +3785,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3875,7 +3830,7 @@

                              Resource Exhaustion

                              • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                              • Package Manager: ubuntu:22.04 @@ -3888,7 +3843,7 @@

                                Resource Exhaustion

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.8.17 and libzstd/libzstd1@1.4.8+dfsg-3build1
                              @@ -3901,7 +3856,7 @@

                              Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3952,7 +3907,7 @@

                                Integer Overflow or Wraparound

                                • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                                • Package Manager: ubuntu:22.04 @@ -3965,7 +3920,7 @@

                                  Integer Overflow or Wraparound

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.8.17 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
                                @@ -3978,7 +3933,7 @@

                                Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3987,7 +3942,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -4008,7 +3963,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -4031,7 +3986,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -4040,7 +3995,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -4061,7 +4016,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4070,9 +4025,9 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -4081,7 +4036,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -4094,7 +4049,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -4109,7 +4064,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 adduser@3.118ubuntu5 @@ -4128,7 +4083,7 @@

                                  Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -4176,7 +4131,7 @@

                                  Out-of-bounds Write

                                  • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                                  • Package Manager: ubuntu:22.04 @@ -4189,7 +4144,7 @@

                                    Out-of-bounds Write

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.8.17 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                                  @@ -4202,7 +4157,7 @@

                                  Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4211,7 +4166,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -4222,7 +4177,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4233,7 +4188,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4244,7 +4199,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4255,7 +4210,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4268,7 +4223,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4281,7 +4236,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4290,7 +4245,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4301,7 +4256,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4314,7 +4269,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4323,7 +4278,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4334,7 +4289,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4343,7 +4298,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4354,7 +4309,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4363,7 +4318,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4374,7 +4329,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4387,7 +4342,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4400,7 +4355,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4409,7 +4364,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4420,7 +4375,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4433,7 +4388,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4446,7 +4401,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4455,7 +4410,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4466,7 +4421,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4475,7 +4430,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4486,7 +4441,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4495,7 +4450,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4506,7 +4461,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4555,7 +4510,7 @@

                                    Allocation of Resources Without Limits or Throttling

                                  • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                                  • Package Manager: ubuntu:22.04 @@ -4568,7 +4523,7 @@

                                    Allocation of Resources Without Limits or Throttling

                                    Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and glibc/libc-bin@2.35-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.8.17 and glibc/libc-bin@2.35-0ubuntu3.7
                                  @@ -4581,18 +4536,18 @@

                                  Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - glibc/libc-bin@2.35-0ubuntu3.6 + glibc/libc-bin@2.35-0ubuntu3.7
                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 - glibc/libc6@2.35-0ubuntu3.6 + glibc/libc6@2.35-0ubuntu3.7 @@ -4636,7 +4591,7 @@

                                    Improper Input Validation

                                    • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                                    • Package Manager: ubuntu:22.04 @@ -4650,7 +4605,7 @@

                                      Improper Input Validation

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.8.17, git@1:2.34.1-1ubuntu1.10 and others
                                    @@ -4662,7 +4617,7 @@

                                    Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -4673,7 +4628,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git@1:2.34.1-1ubuntu1.10 @@ -4682,7 +4637,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 git-lfs@3.0.2-1ubuntu0.2 @@ -4729,7 +4684,7 @@

                                      Uncontrolled Recursion

                                      • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                                      • Package Manager: ubuntu:22.04 @@ -4742,7 +4697,7 @@

                                        Uncontrolled Recursion

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.8.17 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                                      @@ -4755,7 +4710,7 @@

                                      Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4764,7 +4719,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -4775,7 +4730,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 apt@2.4.12 @@ -4788,7 +4743,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4797,7 +4752,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4844,7 +4799,7 @@

                                        Improper Input Validation

                                        • - Manifest file: quay.io/argoproj/argocd:v2.9.12/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.8.17/argoproj/argocd Dockerfile
                                        • Package Manager: ubuntu:22.04 @@ -4857,7 +4812,7 @@

                                          Improper Input Validation

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.8.17 and coreutils@8.32-4.1ubuntu1.2
                                        @@ -4870,7 +4825,7 @@

                                        Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.9.12 + docker-image|quay.io/argoproj/argocd@v2.8.17 coreutils@8.32-4.1ubuntu1.2 diff --git a/docs/snyk/v2.8.17/redis_7.0.15-alpine.html b/docs/snyk/v2.8.17/redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..45913276ad075 --- /dev/null +++ b/docs/snyk/v2.8.17/redis_7.0.15-alpine.html @@ -0,0 +1,657 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                          +
                                          +
                                          +
                                          + + + Snyk - Open Source Security + + + + + + + +
                                          +

                                          Snyk test report

                                          + +

                                          April 28th 2024, 12:25:19 am (UTC+00:00)

                                          +
                                          +
                                          + Scanned the following paths: +
                                            +
                                          • redis:7.0.15-alpine (apk)
                                            • +
                                          • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
                                            • +
                                          +
                                          + +
                                          +
                                          1 known vulnerabilities
                                          +
                                          9 vulnerable dependency paths
                                          +
                                          19 dependencies
                                          +
                                          +
                                          +
                                          +
                                          + +
                                          +
                                          +
                                          +

                                          CVE-2024-2511

                                          +
                                          + +
                                          + low severity +
                                          + +
                                          + +
                                            +
                                          • + Package Manager: alpine:3.19 +
                                            • +
                                          • + Vulnerable module: + + openssl/libcrypto3 +
                                            • + +
                                          • Introduced through: + + docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 + +
                                            • +
                                          + +
                                          + + +

                                          Detailed paths

                                          + +
                                            +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libssl3@3.1.4-r5 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          • + Introduced through: + docker-image|redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r5 + + + +
                                            • +
                                          + +
                                          + +
                                          + +

                                          NVD Description

                                          +

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                                          +

                                          Issue summary: Some non-default TLS server configurations can cause unbounded + memory growth when processing TLSv1.3 sessions

                                          +

                                          Impact summary: An attacker may exploit certain server configurations to trigger + unbounded memory growth that would lead to a Denial of Service

                                          +

                                          This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is + being used (but not if early_data support is also configured and the default + anti-replay protection is in use). In this case, under certain conditions, the + session cache can get into an incorrect state and it will fail to flush properly + as it fills. The session cache will continue to grow in an unbounded manner. A + malicious client could deliberately create the scenario for this failure to + force a Denial of Service. It may also happen by accident in normal operation.

                                          +

                                          This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS + clients.

                                          +

                                          The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL + 1.0.2 is also not affected by this issue.

                                          +

                                          Remediation

                                          +

                                          Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

                                          +

                                          References

                                          + + +
                                          + +
                                          +

                                          More about this vulnerability

                                          +
                                          + +
                                          +
                                          +
                                          +
                                          + + + diff --git a/docs/snyk/v2.9.12/redis_7.0.11-alpine.html b/docs/snyk/v2.9.12/redis_7.0.11-alpine.html deleted file mode 100644 index 623fb7fffd626..0000000000000 --- a/docs/snyk/v2.9.12/redis_7.0.11-alpine.html +++ /dev/null @@ -1,2204 +0,0 @@ - - - - - - - - - Snyk test report - - - - - - - - - -
                                          -
                                          -
                                          -
                                          - - - Snyk - Open Source Security - - - - - - - -
                                          -

                                          Snyk test report

                                          - -

                                          April 21st 2024, 12:22:52 am (UTC+00:00)

                                          -
                                          -
                                          - Scanned the following path: -
                                            -
                                          • redis:7.0.11-alpine (apk)
                                            • -
                                          -
                                          - -
                                          -
                                          10 known vulnerabilities
                                          -
                                          86 vulnerable dependency paths
                                          -
                                          18 dependencies
                                          -
                                          -
                                          -
                                          -
                                          -
                                          - - - - - - - -
                                          Project docker-image|redis
                                          Path redis:7.0.11-alpine
                                          Package Manager apk
                                          -
                                          -
                                          -
                                          -
                                          -

                                          Out-of-bounds Write

                                          -
                                          - -
                                          - critical severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - busybox/busybox -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and busybox/busybox@1.36.1-r0 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox@1.36.1-r0 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - busybox/busybox@1.36.1-r0 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/busybox-binsh@1.36.1-r0 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - alpine-baselayout/alpine-baselayout@3.4.3-r1 - - busybox/busybox-binsh@1.36.1-r0 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream busybox package and not the busybox package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          There is a stack overflow vulnerability in ash.c:6030 in busybox before 1.35. In the environment of Internet of Vehicles, this vulnerability can be executed from command to arbitrary code execution.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 busybox to version 1.36.1-r1 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          CVE-2023-5363

                                          -
                                          - -
                                          - high severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: A bug has been identified in the processing of key and - initialisation vector (IV) lengths. This can lead to potential truncation - or overruns during the initialisation of some symmetric ciphers.

                                          -

                                          Impact summary: A truncation in the IV can result in non-uniqueness, - which could result in loss of confidentiality for some cipher modes.

                                          -

                                          When calling EVP_EncryptInit_ex2(), EVP_DecryptInit_ex2() or - EVP_CipherInit_ex2() the provided OSSL_PARAM array is processed after - the key and IV have been established. Any alterations to the key length, - via the "keylen" parameter or the IV length, via the "ivlen" parameter, - within the OSSL_PARAM array will not take effect as intended, potentially - causing truncation or overreading of these values. The following ciphers - and cipher modes are impacted: RC2, RC4, RC5, CCM, GCM and OCB.

                                          -

                                          For the CCM, GCM and OCB cipher modes, truncation of the IV can result in - loss of confidentiality. For example, when following NIST's SP 800-38D - section 8.2.1 guidance for constructing a deterministic IV for AES in - GCM mode, truncation of the counter portion could lead to IV reuse.

                                          -

                                          Both truncations and overruns of the key and overruns of the IV will - produce incorrect results and could, in some cases, trigger a memory - exception. However, these issues are not currently assessed as security - critical.

                                          -

                                          Changing the key and/or IV lengths is not considered to be a common operation - and the vulnerable API was recently introduced. Furthermore it is likely that - application developers will have spotted this problem during testing since - decryption would fail unless both peers in the communication were similarly - vulnerable. For these reasons we expect the probability of an application being - vulnerable to this to be quite low. However if an application is vulnerable then - this issue is considered very serious. For these reasons we have assessed this - issue as Moderate severity overall.

                                          -

                                          The OpenSSL SSL/TLS implementation is not affected by this issue.

                                          -

                                          The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this because - the issue lies outside of the FIPS provider boundary.

                                          -

                                          OpenSSL 3.1 and 3.0 are vulnerable to this issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.4-r0 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          Improper Authentication

                                          -
                                          - -
                                          - medium severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: The AES-SIV cipher implementation contains a bug that causes - it to ignore empty associated data entries which are unauthenticated as - a consequence.

                                          -

                                          Impact summary: Applications that use the AES-SIV algorithm and want to - authenticate empty data entries as associated data can be mislead by removing - adding or reordering such empty entries as these are ignored by the OpenSSL - implementation. We are currently unaware of any such applications.

                                          -

                                          The AES-SIV algorithm allows for authentication of multiple associated - data entries along with the encryption. To authenticate empty data the - application has to call EVP_EncryptUpdate() (or EVP_CipherUpdate()) with - NULL pointer as the output buffer and 0 as the input buffer length. - The AES-SIV implementation in OpenSSL just returns success for such a call - instead of performing the associated data authentication operation. - The empty data thus will not be authenticated.

                                          -

                                          As this issue does not affect non-empty associated data authentication and - we expect it to be rare for an application to use empty associated data - entries this is qualified as Low severity issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.1-r2 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          Inefficient Regular Expression Complexity

                                          -
                                          - -
                                          - medium severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: Checking excessively long DH keys or parameters may be very slow.

                                          -

                                          Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

                                          -

                                          The function DH_check() performs various checks on DH parameters. One of those - checks confirms that the modulus ('p' parameter) is not too large. Trying to use - a very large modulus is slow and OpenSSL will not normally use a modulus which - is over 10,000 bits in length.

                                          -

                                          However the DH_check() function checks numerous aspects of the key or parameters - that have been supplied. Some of those checks use the supplied modulus value - even if it has already been found to be too large.

                                          -

                                          An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulernable to a Denial of Service attack.

                                          -

                                          The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

                                          -

                                          Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the '-check' option.

                                          -

                                          The OpenSSL SSL/TLS implementation is not affected by this issue. - The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.1-r3 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          Excessive Iteration

                                          -
                                          - -
                                          - medium severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: Checking excessively long DH keys or parameters may be very slow.

                                          -

                                          Impact summary: Applications that use the functions DH_check(), DH_check_ex() - or EVP_PKEY_param_check() to check a DH key or DH parameters may experience long - delays. Where the key or parameters that are being checked have been obtained - from an untrusted source this may lead to a Denial of Service.

                                          -

                                          The function DH_check() performs various checks on DH parameters. After fixing - CVE-2023-3446 it was discovered that a large q parameter value can also trigger - an overly long computation during some of these checks. A correct q value, - if present, cannot be larger than the modulus p parameter, thus it is - unnecessary to perform these checks if q is larger than p.

                                          -

                                          An application that calls DH_check() and supplies a key or parameters obtained - from an untrusted source could be vulnerable to a Denial of Service attack.

                                          -

                                          The function DH_check() is itself called by a number of other OpenSSL functions. - An application calling any of those other functions may similarly be affected. - The other functions affected by this are DH_check_ex() and - EVP_PKEY_param_check().

                                          -

                                          Also vulnerable are the OpenSSL dhparam and pkeyparam command line applications - when using the "-check" option.

                                          -

                                          The OpenSSL SSL/TLS implementation is not affected by this issue.

                                          -

                                          The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.2-r0 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          Improper Check for Unusual or Exceptional Conditions

                                          -
                                          - -
                                          - medium severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: Generating excessively long X9.42 DH keys or checking - excessively long X9.42 DH keys or parameters may be very slow.

                                          -

                                          Impact summary: Applications that use the functions DH_generate_key() to - generate an X9.42 DH key may experience long delays. Likewise, applications - that use DH_check_pub_key(), DH_check_pub_key_ex() or EVP_PKEY_public_check() - to check an X9.42 DH key or X9.42 DH parameters may experience long delays. - Where the key or parameters that are being checked have been obtained from - an untrusted source this may lead to a Denial of Service.

                                          -

                                          While DH_check() performs all the necessary checks (as of CVE-2023-3817), - DH_check_pub_key() doesn't make any of these checks, and is therefore - vulnerable for excessively large P and Q parameters.

                                          -

                                          Likewise, while DH_generate_key() performs a check for an excessively large - P, it doesn't check for an excessively large Q.

                                          -

                                          An application that calls DH_generate_key() or DH_check_pub_key() and - supplies a key or parameters obtained from an untrusted source could be - vulnerable to a Denial of Service attack.

                                          -

                                          DH_generate_key() and DH_check_pub_key() are also called by a number of - other OpenSSL functions. An application calling any of those other - functions may similarly be affected. The other functions affected by this - are DH_check_pub_key_ex(), EVP_PKEY_public_check(), and EVP_PKEY_generate().

                                          -

                                          Also vulnerable are the OpenSSL pkey command line application when using the - "-pubcheck" option, as well as the OpenSSL genpkey command line application.

                                          -

                                          The OpenSSL SSL/TLS implementation is not affected by this issue.

                                          -

                                          The OpenSSL 3.0 and 3.1 FIPS providers are not affected by this issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.4-r1 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          Out-of-bounds Write

                                          -
                                          - -
                                          - medium severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: The POLY1305 MAC (message authentication code) implementation - contains a bug that might corrupt the internal state of applications running - on PowerPC CPU based platforms if the CPU provides vector instructions.

                                          -

                                          Impact summary: If an attacker can influence whether the POLY1305 MAC - algorithm is used, the application state might be corrupted with various - application dependent consequences.

                                          -

                                          The POLY1305 MAC (message authentication code) implementation in OpenSSL for - PowerPC CPUs restores the contents of vector registers in a different order - than they are saved. Thus the contents of some of these vector registers - are corrupted when returning to the caller. The vulnerable code is used only - on newer PowerPC processors supporting the PowerISA 2.07 instructions.

                                          -

                                          The consequences of this kind of internal application state corruption can - be various - from no consequences, if the calling application does not - depend on the contents of non-volatile XMM registers at all, to the worst - consequences, where the attacker could get complete control of the application - process. However unless the compiler uses the vector registers for storing - pointers, the most likely consequence, if any, would be an incorrect result - of some application dependent calculations or a crash leading to a denial of - service.

                                          -

                                          The POLY1305 MAC algorithm is most frequently used as part of the - CHACHA20-POLY1305 AEAD (authenticated encryption with associated data) - algorithm. The most common usage of this AEAD cipher is with TLS protocol - versions 1.2 and 1.3. If this cipher is enabled on the server a malicious - client can influence whether this AEAD cipher is used. This implies that - TLS server applications using OpenSSL can be potentially impacted. However - we are currently not aware of any concrete application that would be affected - by this issue therefore we consider this a Low severity security issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.4-r3 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          CVE-2024-0727

                                          -
                                          - -
                                          - medium severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: Processing a maliciously formatted PKCS12 file may lead OpenSSL - to crash leading to a potential Denial of Service attack

                                          -

                                          Impact summary: Applications loading files in the PKCS12 format from untrusted - sources might terminate abruptly.

                                          -

                                          A file in PKCS12 format can contain certificates and keys and may come from an - untrusted source. The PKCS12 specification allows certain fields to be NULL, but - OpenSSL does not correctly check for this case. This can lead to a NULL pointer - dereference that results in OpenSSL crashing. If an application processes PKCS12 - files from an untrusted source using the OpenSSL APIs then that application will - be vulnerable to this issue.

                                          -

                                          OpenSSL APIs that are vulnerable to this are: PKCS12_parse(), - PKCS12_unpack_p7data(), PKCS12_unpack_p7encdata(), PKCS12_unpack_authsafes() - and PKCS12_newpass().

                                          -

                                          We have also fixed a similar issue in SMIME_write_PKCS7(). However since this - function is related to writing data we do not consider it security significant.

                                          -

                                          The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.4-r5 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          CVE-2023-6237

                                          -
                                          - -
                                          - low severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          This vulnerability has not been analyzed by NVD yet.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

                                          - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -

                                          CVE-2024-2511

                                          -
                                          - -
                                          - low severity -
                                          - -
                                          - -
                                            -
                                          • - Package Manager: alpine:3.18 -
                                            • -
                                          • - Vulnerable module: - - openssl/libcrypto3 -
                                            • - -
                                          • Introduced through: - - docker-image|redis@7.0.11-alpine and openssl/libcrypto3@3.1.1-r1 - -
                                            • -
                                          - -
                                          - - -

                                          Detailed paths

                                          - -
                                            -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - openssl/libcrypto3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - .redis-rundeps@20230614.215749 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - apk-tools/apk-tools@2.14.0-r2 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          • - Introduced through: - docker-image|redis@7.0.11-alpine - - busybox/ssl_client@1.36.1-r0 - - openssl/libssl3@3.1.1-r1 - - - -
                                            • -
                                          - -
                                          - -
                                          - -

                                          NVD Description

                                          -

                                          Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. - See How to fix? for Alpine:3.18 relevant fixed versions and status.

                                          -

                                          Issue summary: Some non-default TLS server configurations can cause unbounded - memory growth when processing TLSv1.3 sessions

                                          -

                                          Impact summary: An attacker may exploit certain server configurations to trigger - unbounded memory growth that would lead to a Denial of Service

                                          -

                                          This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is - being used (but not if early_data support is also configured and the default - anti-replay protection is in use). In this case, under certain conditions, the - session cache can get into an incorrect state and it will fail to flush properly - as it fills. The session cache will continue to grow in an unbounded manner. A - malicious client could deliberately create the scenario for this failure to - force a Denial of Service. It may also happen by accident in normal operation.

                                          -

                                          This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS - clients.

                                          -

                                          The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL - 1.0.2 is also not affected by this issue.

                                          -

                                          Remediation

                                          -

                                          Upgrade Alpine:3.18 openssl to version 3.1.4-r6 or higher.

                                          -

                                          References

                                          - - -
                                          - -
                                          -

                                          More about this vulnerability

                                          -
                                          - -
                                          -
                                          -
                                          -
                                          - - - diff --git a/docs/snyk/v2.9.12/argocd-iac-install.html b/docs/snyk/v2.9.13/argocd-iac-install.html similarity index 99% rename from docs/snyk/v2.9.12/argocd-iac-install.html rename to docs/snyk/v2.9.13/argocd-iac-install.html index 81aeb8c3a6c56..e933d17b7c1ec 100644 --- a/docs/snyk/v2.9.12/argocd-iac-install.html +++ b/docs/snyk/v2.9.13/argocd-iac-install.html @@ -456,7 +456,7 @@

                                          Snyk test report

                                          -

                                          April 21st 2024, 12:24:05 am (UTC+00:00)

                                          +

                                          April 28th 2024, 12:24:23 am (UTC+00:00)

                                          Scanned the following path: @@ -2545,7 +2545,7 @@

                                          Container's or Pod's UID could clash with hos

                                        • - Line number: 22188 + Line number: 22194
                                        diff --git a/docs/snyk/v2.9.12/argocd-iac-namespace-install.html b/docs/snyk/v2.9.13/argocd-iac-namespace-install.html similarity index 99% rename from docs/snyk/v2.9.12/argocd-iac-namespace-install.html rename to docs/snyk/v2.9.13/argocd-iac-namespace-install.html index 07e019012d369..3d4c0e2f1aa76 100644 --- a/docs/snyk/v2.9.12/argocd-iac-namespace-install.html +++ b/docs/snyk/v2.9.13/argocd-iac-namespace-install.html @@ -456,7 +456,7 @@

                                        Snyk test report

                                        -

                                        April 21st 2024, 12:24:14 am (UTC+00:00)

                                        +

                                        April 28th 2024, 12:24:32 am (UTC+00:00)

                                        Scanned the following path: @@ -2545,7 +2545,7 @@

                                        Container's or Pod's UID could clash with hos

                                      • - Line number: 1843 + Line number: 1849
                                      diff --git a/docs/snyk/v2.9.12/argocd-test.html b/docs/snyk/v2.9.13/argocd-test.html similarity index 96% rename from docs/snyk/v2.9.12/argocd-test.html rename to docs/snyk/v2.9.13/argocd-test.html index 4c59fc32c358b..dba6599c95117 100644 --- a/docs/snyk/v2.9.12/argocd-test.html +++ b/docs/snyk/v2.9.13/argocd-test.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,7 +456,7 @@

                                      Snyk test report

                                      -

                                      April 21st 2024, 12:22:20 am (UTC+00:00)

                                      +

                                      April 28th 2024, 12:22:38 am (UTC+00:00)

                                      Scanned the following paths: @@ -467,8 +467,8 @@

                                      Snyk test report

                                      -
                                      14 known vulnerabilities
                                      -
                                      260 vulnerable dependency paths
                                      +
                                      15 known vulnerabilities
                                      +
                                      266 vulnerable dependency paths
                                      1917 dependencies
    @@ -5167,6 +5167,221 @@

    References

    More about this vulnerability

    +
    +
    +

    Regular Expression Denial of Service (ReDoS)

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: /argo-cd/argoproj/argo-cd/v2 go.mod +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + github.com/whilp/git-urls +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@0.0.0 and github.com/whilp/git-urls@1.0.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/cmd@#9dcecdc3eebf + + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/api@#9dcecdc3eebf + + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@0.0.0 + + github.com/argoproj/notifications-engine/pkg/controller@#9dcecdc3eebf + + github.com/argoproj/notifications-engine/pkg/subscriptions@#9dcecdc3eebf + + github.com/argoproj/notifications-engine/pkg/services@#9dcecdc3eebf + + github.com/whilp/git-urls@1.0.2 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    github.com/whilp/git-urls is a Git URLs parser

    +

    Affected versions of this package are vulnerable to Regular Expression Denial of Service (ReDoS) due to the usage of an insecure regular expression in scpSyntax. Exploiting this vulnerability is possible when a long input is provided inside the directory path of the git URL.

    +

    Note: + This vulnerability has existed since commit 4a18977c6eecbf4ce0ca1e486e9ba77072ba4395.

    +

    PoC

    + 
    
+        var payload = strings.Repeat("////", 19000000) //payload used, the number can be tweaked to cause 7 second delay
+        malicious_url := "6en6ar@-:0////" + payload + "\"
+        begin := time.Now()
+        //u, err := giturls.ParseScp("remote_username@10.10.0.2:/remote/directory")// normal git url
+        _, err := giturls.ParseScp(malicious_url)
+        if err != nil {
+        fmt.Errorf("[ - ] Error ->" + err.Error())
+        }
+        //fmt.Println("[ + ] Url --> " + u.Host)
+        elapse := time.Since(begin)
+        fmt.Printf("Function took %s", elapse)
+
    +

    Details

    +

    Denial of Service (DoS) describes a family of attacks, all aimed at making a system inaccessible to its original and legitimate users. There are many types of DoS attacks, ranging from trying to clog the network pipes to the system by generating a large volume of traffic from many machines (a Distributed Denial of Service - DDoS - attack) to sending crafted requests that cause a system to crash or take a disproportional amount of time to process.

    +

    The Regular expression Denial of Service (ReDoS) is a type of Denial of Service attack. Regular expressions are incredibly powerful, but they aren't very intuitive and can ultimately end up making it easy for attackers to take your site down.

    +

    Let’s take the following regular expression as an example:

    + 
    regex = /A(B|C+)+D/
+
    +

    This regular expression accomplishes the following:

    +
      +
    • A The string must start with the letter 'A'
      • +
    • (B|C+)+ The string must then follow the letter A with either the letter 'B' or some number of occurrences of the letter 'C' (the + matches one or more times). The + at the end of this section states that we can look for one or more matches of this section.
      • +
    • D Finally, we ensure this section of the string ends with a 'D'
      • +
    +

    The expression would match inputs such as ABBD, ABCCCCD, ABCBCCCD and ACCCCCD

    +

    It most cases, it doesn't take very long for a regex engine to find a match:

    + 
    $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCD")'
+        0.04s user 0.01s system 95% cpu 0.052 total
+        
+        $ time node -e '/A(B|C+)+D/.test("ACCCCCCCCCCCCCCCCCCCCCCCCCCCCX")'
+        1.79s user 0.02s system 99% cpu 1.812 total
+
    +

    The entire process of testing it against a 30 characters long string takes around ~52ms. But when given an invalid string, it takes nearly two seconds to complete the test, over ten times as long as it took to test a valid string. The dramatic difference is due to the way regular expressions get evaluated.

    +

    Most Regex engines will work very similarly (with minor differences). The engine will match the first possible way to accept the current character and proceed to the next one. If it then fails to match the next one, it will backtrack and see if there was another way to digest the previous character. If it goes too far down the rabbit hole only to find out the string doesn’t match in the end, and if many characters have multiple valid regex paths, the number of backtracking steps can become very large, resulting in what is known as catastrophic backtracking.

    +

    Let's look at how our expression runs into this problem, using a shorter string: "ACCCX". While it seems fairly straightforward, there are still four different ways that the engine could match those three C's:

    +
      +
    1. CCC
      2. +
    2. CC+C
      3. +
    3. C+CC
      4. +
    4. C+C+C.
      5. +
    +

    The engine has to try each of those combinations to see if any of them potentially match against the expression. When you combine that with the other steps the engine must take, we can use RegEx 101 debugger to see the engine has to take a total of 38 steps before it can determine the string doesn't match.

    +

    From there, the number of steps the engine must use to validate a string just continues to grow.

    + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
    StringNumber of C'sNumber of steps
    ACCCX338
    ACCCCX471
    ACCCCCX5136
    ACCCCCCCCCCCCCCX1465,553
    +

    By the time the string includes 14 C's, the engine has to take over 65,000 steps just to see if the string is valid. These extreme situations can cause them to work very slowly (exponentially related to input size, as shown above), allowing an attacker to exploit this and can cause the service to excessively consume CPU, resulting in a Denial of Service.

    +

    Remediation

    +

    There is no fixed version for github.com/whilp/git-urls.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    MPL-2.0 license

    diff --git a/docs/snyk/v2.10.7/ghcr.io_dexidp_dex_v2.37.0.html b/docs/snyk/v2.9.13/ghcr.io_dexidp_dex_v2.37.0.html similarity index 98% rename from docs/snyk/v2.10.7/ghcr.io_dexidp_dex_v2.37.0.html rename to docs/snyk/v2.9.13/ghcr.io_dexidp_dex_v2.37.0.html index ec4ba77354db2..da07b86437353 100644 --- a/docs/snyk/v2.10.7/ghcr.io_dexidp_dex_v2.37.0.html +++ b/docs/snyk/v2.9.13/ghcr.io_dexidp_dex_v2.37.0.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:20:13 am (UTC+00:00)

    +

    April 28th 2024, 12:22:43 am (UTC+00:00)

    Scanned the following paths: @@ -2045,6 +2045,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -4406,9 +4408,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/v2.9.12/haproxy_2.6.14-alpine.html b/docs/snyk/v2.9.13/haproxy_2.6.14-alpine.html similarity index 96% rename from docs/snyk/v2.9.12/haproxy_2.6.14-alpine.html rename to docs/snyk/v2.9.13/haproxy_2.6.14-alpine.html index 92a3cb3a756af..6eb66eb2025ec 100644 --- a/docs/snyk/v2.9.12/haproxy_2.6.14-alpine.html +++ b/docs/snyk/v2.9.13/haproxy_2.6.14-alpine.html @@ -456,7 +456,7 @@

    Snyk test report

    -

    April 21st 2024, 12:22:29 am (UTC+00:00)

    +

    April 28th 2024, 12:22:46 am (UTC+00:00)

    Scanned the following path: @@ -1036,6 +1036,8 @@

    References

  • https://www.openssl.org/news/secadv/20240109.txt
  • http://www.openwall.com/lists/oss-security/2024/01/09/1
  • https://security.netapp.com/advisory/ntap-20240216-0009/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0008/
    • +
  • https://security.netapp.com/advisory/ntap-20240426-0013/
    • @@ -1357,9 +1359,37 @@

    Detailed paths

    NVD Description

    -

    This vulnerability has not been analyzed by NVD yet.

    +

    Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.18 relevant fixed versions and status.

    +

    Issue summary: Checking excessively long invalid RSA public keys may take + a long time.

    +

    Impact summary: Applications that use the function EVP_PKEY_public_check() + to check RSA public keys may experience long delays. Where the key that + is being checked has been obtained from an untrusted source this may lead + to a Denial of Service.

    +

    When function EVP_PKEY_public_check() is called on RSA public keys, + a computation is done to confirm that the RSA modulus, n, is composite. + For valid RSA keys, n is a product of two or more large primes and this + computation completes quickly. However, if n is an overly large prime, + then this computation would take a long time.

    +

    An application that calls EVP_PKEY_public_check() and supplies an RSA key + obtained from an untrusted source could be vulnerable to a Denial of Service + attack.

    +

    The function EVP_PKEY_public_check() is not called from other OpenSSL + functions however it is called from the OpenSSL pkey command line + application. For that reason that application is also vulnerable if used + with the '-pubin' and '-check' options on untrusted data.

    +

    The OpenSSL SSL/TLS implementation is not affected by this issue.

    +

    The OpenSSL 3.0 and 3.1 FIPS providers are affected by this issue.

    Remediation

    Upgrade Alpine:3.18 openssl to version 3.1.4-r4 or higher.

    +

    References

    +
    diff --git a/docs/snyk/v2.10.7/quay.io_argoproj_argocd_v2.10.7.html b/docs/snyk/v2.9.13/quay.io_argoproj_argocd_v2.9.13.html similarity index 90% rename from docs/snyk/v2.10.7/quay.io_argoproj_argocd_v2.10.7.html rename to docs/snyk/v2.9.13/quay.io_argoproj_argocd_v2.9.13.html index 93ad8fc908e90..53b766a58014d 100644 --- a/docs/snyk/v2.10.7/quay.io_argoproj_argocd_v2.10.7.html +++ b/docs/snyk/v2.9.13/quay.io_argoproj_argocd_v2.9.13.html @@ -7,7 +7,7 @@ Snyk test report - + @@ -456,23 +456,23 @@

    Snyk test report

    -

    April 21st 2024, 12:20:33 am (UTC+00:00)

    +

    April 28th 2024, 12:23:05 am (UTC+00:00)

    Scanned the following paths:
      -
    • quay.io/argoproj/argocd:v2.10.7/argoproj/argocd/Dockerfile (deb)
      • -
    • quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.7//usr/local/bin/kustomize (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.7/helm/v3//usr/local/bin/helm (gomodules)
      • -
    • quay.io/argoproj/argocd:v2.10.7/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.13/argoproj/argocd/Dockerfile (deb)
      • +
    • quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2//usr/local/bin/argocd (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.13//usr/local/bin/kustomize (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.13/helm/v3//usr/local/bin/helm (gomodules)
      • +
    • quay.io/argoproj/argocd:v2.9.13/git-lfs/git-lfs//usr/bin/git-lfs (gomodules)
    -
    36 known vulnerabilities
    -
    181 vulnerable dependency paths
    -
    2275 dependencies
    +
    35 known vulnerabilities
    +
    169 vulnerable dependency paths
    +
    2189 dependencies
    @@ -480,6 +480,88 @@

    Snyk test report

    +
    +

    Denial of Service (DoS)

    +
    + +
    + high severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd +
      • +
    • + Package Manager: golang +
      • +
    • + Vulnerable module: + + google.golang.org/grpc +
      • + +
    • Introduced through: + + github.com/argoproj/argo-cd/v2@* and google.golang.org/grpc@v1.56.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + github.com/argoproj/argo-cd/v2@* + + google.golang.org/grpc@v1.56.2 + + + +
      • +
    + +
    + +
    + +

    Overview

    +

    google.golang.org/grpc is a Go implementation of gRPC

    +

    Affected versions of this package are vulnerable to Denial of Service (DoS) in the implementation of the HTTP/2 protocol. An attacker can cause a denial of service (including via DDoS) by rapidly resetting many streams through request cancellation.

    +

    Remediation

    +

    Upgrade google.golang.org/grpc to version 1.56.3, 1.57.1, 1.58.3 or higher.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    + +

    Allocation of Resources Without Limits or Throttling

    @@ -492,7 +574,7 @@

    Allocation of Resources Without Limits or Throttling

  • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
  • Package Manager: golang @@ -572,7 +654,7 @@

    CVE-2020-22916

    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -585,7 +667,7 @@

      CVE-2020-22916

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and xz-utils/liblzma5@5.2.5-2ubuntu1 + docker-image|quay.io/argoproj/argocd@v2.9.13 and xz-utils/liblzma5@5.2.5-2ubuntu1
    @@ -598,7 +680,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 xz-utils/liblzma5@5.2.5-2ubuntu1 @@ -648,7 +730,7 @@

      CVE-2023-51767

      • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -661,7 +743,7 @@

        CVE-2023-51767

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and openssh/openssh-client@1:8.9p1-3ubuntu0.6 + docker-image|quay.io/argoproj/argocd@v2.9.13 and openssh/openssh-client@1:8.9p1-3ubuntu0.7
      @@ -674,9 +756,9 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 @@ -724,7 +806,7 @@

        Information Exposure

        • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -737,7 +819,7 @@

          Information Exposure

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and libgcrypt20@1.9.4-3ubuntu3 + docker-image|quay.io/argoproj/argocd@v2.9.13 and libgcrypt20@1.9.4-3ubuntu3
        @@ -750,7 +832,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 libgcrypt20@1.9.4-3ubuntu3 @@ -759,7 +841,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -770,7 +852,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -781,7 +863,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -794,7 +876,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -807,7 +889,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -820,7 +902,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -833,7 +915,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -846,7 +928,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -859,7 +941,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -872,7 +954,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -885,7 +967,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -915,6 +997,7 @@

          References

        • http://people.ubuntu.com/~ubuntu-security/cve/CVE-2024-2236
        • https://access.redhat.com/security/cve/CVE-2024-2236
        • https://bugzilla.redhat.com/show_bug.cgi?id=2268268
          • +
        • https://bugzilla.redhat.com/show_bug.cgi?id=2245218
        @@ -923,6 +1006,78 @@

        References

        More about this vulnerability

    • +
    +
    +

    CVE-2024-32487

    +
    + +
    + medium severity +
    + +
    + +
      +
    • + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile +
      • +
    • + Package Manager: ubuntu:22.04 +
      • +
    • + Vulnerable module: + + less +
      • + +
    • Introduced through: + + docker-image|quay.io/argoproj/argocd@v2.9.13 and less@590-1ubuntu0.22.04.2 + +
      • +
    + +
    + + +

    Detailed paths

    + +
      +
    • + Introduced through: + docker-image|quay.io/argoproj/argocd@v2.9.13 + + less@590-1ubuntu0.22.04.2 + + + +
      • +
    + +
    + +
    + +

    NVD Description

    +

    Note: Versions mentioned in the description apply only to the upstream less package and not the less package as distributed by Ubuntu. + See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    +

    less through 653 allows OS command execution via a newline character in the name of a file, because quoting is mishandled in filename.c. Exploitation typically requires use with attacker-controlled file names, such as the files extracted from an untrusted archive. Exploitation also requires the LESSOPEN environment variable, but this is set by default in many common cases.

    +

    Remediation

    +

    There is no fixed version for Ubuntu:22.04 less.

    +

    References

    + + +
    + +
    +

    More about this vulnerability

    +
    +

    CVE-2024-26461

    @@ -936,7 +1091,7 @@

    CVE-2024-26461

    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
    • Package Manager: ubuntu:22.04 @@ -949,7 +1104,7 @@

      CVE-2024-26461

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
    @@ -962,7 +1117,7 @@

    Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -971,7 +1126,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -992,7 +1147,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1015,7 +1170,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1024,7 +1179,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1045,7 +1200,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1054,9 +1209,9 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1065,7 +1220,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -1078,7 +1233,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -1093,7 +1248,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1112,7 +1267,7 @@

      Detailed paths

    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1156,7 +1311,7 @@

      CVE-2024-26462

      • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
      • Package Manager: ubuntu:22.04 @@ -1169,7 +1324,7 @@

        CVE-2024-26462

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
      @@ -1182,7 +1337,7 @@

      Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1191,7 +1346,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1212,7 +1367,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1235,7 +1390,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1244,7 +1399,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1265,7 +1420,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1274,9 +1429,9 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1285,7 +1440,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -1298,7 +1453,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -1313,7 +1468,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1332,7 +1487,7 @@

        Detailed paths

      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1376,7 +1531,7 @@

        CVE-2024-26458

        • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
        • Package Manager: ubuntu:22.04 @@ -1389,7 +1544,7 @@

          CVE-2024-26458

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
        @@ -1402,7 +1557,7 @@

        Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -1411,7 +1566,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1432,7 +1587,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1455,7 +1610,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -1464,7 +1619,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1485,7 +1640,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1494,9 +1649,9 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -1505,7 +1660,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -1518,7 +1673,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -1533,7 +1688,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -1552,7 +1707,7 @@

          Detailed paths

        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -1596,7 +1751,7 @@

          LGPL-3.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
          • Package Manager: golang @@ -1656,7 +1811,7 @@

            Infinite loop

            • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -1727,7 +1882,7 @@

              Stack-based Buffer Overflow

              • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -1795,7 +1950,7 @@

                Infinite loop

                • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -1866,7 +2021,7 @@

                  Authentication Bypass by Capture-replay

                  • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
                  • Package Manager: golang @@ -1951,367 +2106,6 @@

                    References

                    More about this vulnerability

    -
    -
    -

    Information Exposure

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.7 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw was found in GnuTLS. The Minerva attack is a cryptographic vulnerability that exploits deterministic behavior in systems like GnuTLS, leading to side-channel leaks. In specific scenarios, such as when using the GNUTLS_PRIVKEY_FLAG_REPRODUCIBLE flag, it can result in a noticeable step in nonce size from 513 to 512 bits, exposing a potential timing side-channel.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    Uncaught Exception

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - gnutls28/libgnutls30 -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.7 and gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - apt@2.4.12 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - gnupg2/dirmngr@2.2.27-3ubuntu2.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - openldap/libldap-2.5-0@2.5.17+dfsg-0ubuntu0.22.04.1 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - git@1:2.34.1-1ubuntu1.10 - - curl/libcurl3-gnutls@7.81.0-1ubuntu1.16 - - rtmpdump/librtmp1@2.4+20151223.gitfa8646d.1-2build4 - - gnutls28/libgnutls30@3.7.3-4ubuntu1.4 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream gnutls28 package and not the gnutls28 package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    A flaw has been discovered in GnuTLS where an application crash can be induced when attempting to verify a specially crafted .pem bundle using the "certtool --verify-chain" command.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 gnutls28 to version 3.7.3-4ubuntu1.5 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    - -
    -
    -

    CVE-2024-2961

    -
    - -
    - medium severity -
    - -
    - -
      -
    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile -
      • -
    • - Package Manager: ubuntu:22.04 -
      • -
    • - Vulnerable module: - - glibc/libc-bin -
      • - -
    • Introduced through: - - docker-image|quay.io/argoproj/argocd@v2.10.7 and glibc/libc-bin@2.35-0ubuntu3.6 - -
      • -
    - -
    - - -

    Detailed paths

    - -
      -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - glibc/libc-bin@2.35-0ubuntu3.6 - - - -
      • -
    • - Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 - - glibc/libc6@2.35-0ubuntu3.6 - - - -
      • -
    - -
    - -
    - -

    NVD Description

    -

    Note: Versions mentioned in the description apply only to the upstream glibc package and not the glibc package as distributed by Ubuntu. - See How to fix? for Ubuntu:22.04 relevant fixed versions and status.

    -

    The iconv() function in the GNU C Library versions 2.39 and older may overflow the output buffer passed to it by up to 4 bytes when converting strings to the ISO-2022-CN-EXT character set, which may be used to crash an application or overwrite a neighbouring variable.

    -

    Remediation

    -

    Upgrade Ubuntu:22.04 glibc to version 2.35-0ubuntu3.7 or higher.

    -

    References

    - - -
    - -
    -

    More about this vulnerability

    -
    -

    MPL-2.0 license

    @@ -2325,7 +2119,7 @@

    MPL-2.0 license

    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
    • Package Manager: golang @@ -2385,7 +2179,7 @@

      MPL-2.0 license

      • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
      • Package Manager: golang @@ -2445,7 +2239,7 @@

        MPL-2.0 license

        • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
        • Package Manager: golang @@ -2505,7 +2299,7 @@

          MPL-2.0 license

          • - Manifest file: quay.io/argoproj/argocd:v2.10.7/helm/v3 /usr/local/bin/helm + Manifest file: quay.io/argoproj/argocd:v2.9.13/helm/v3 /usr/local/bin/helm
          • Package Manager: golang @@ -2565,7 +2359,7 @@

            MPL-2.0 license

            • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
            • Package Manager: golang @@ -2625,7 +2419,7 @@

              MPL-2.0 license

              • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
              • Package Manager: golang @@ -2685,7 +2479,7 @@

                Improper Handling of Highly Compressed Data (Data Amplif
                • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argo-cd/v2 /usr/local/bin/argocd + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argo-cd/v2 /usr/local/bin/argocd
                • Package Manager: golang @@ -2754,7 +2548,7 @@

                  CVE-2023-7008

                  • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                  • Package Manager: ubuntu:22.04 @@ -2767,7 +2561,7 @@

                    CVE-2023-7008

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and systemd/libsystemd0@249.11-0ubuntu3.12 + docker-image|quay.io/argoproj/argocd@v2.9.13 and systemd/libsystemd0@249.11-0ubuntu3.12
                  @@ -2780,7 +2574,7 @@

                  Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 systemd/libsystemd0@249.11-0ubuntu3.12 @@ -2789,7 +2583,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -2800,7 +2594,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 procps/libprocps8@2:3.3.17-6ubuntu2.1 @@ -2811,7 +2605,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 util-linux@2.37.2-4ubuntu3.4 @@ -2822,7 +2616,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 util-linux/bsdutils@1:2.37.2-4ubuntu3.4 @@ -2833,7 +2627,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -2846,7 +2640,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 systemd/libudev1@249.11-0ubuntu3.12 @@ -2855,7 +2649,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 libfido2/libfido2-1@1.10.0-1 @@ -2866,7 +2660,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 util-linux@2.37.2-4ubuntu3.4 @@ -2877,7 +2671,7 @@

                    Detailed paths

                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -2930,7 +2724,7 @@

                    Arbitrary Code Injection

                    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                    • Package Manager: ubuntu:22.04 @@ -2943,7 +2737,7 @@

                      Arbitrary Code Injection

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and shadow/passwd@1:4.8.1-2ubuntu2.2 + docker-image|quay.io/argoproj/argocd@v2.9.13 and shadow/passwd@1:4.8.1-2ubuntu2.2
                    @@ -2956,7 +2750,7 @@

                    Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2965,7 +2759,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -2976,9 +2770,9 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 shadow/passwd@1:4.8.1-2ubuntu2.2 @@ -2987,7 +2781,7 @@

                      Detailed paths

                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 shadow/login@1:4.8.1-2ubuntu2.2 @@ -3034,7 +2828,7 @@

                      Uncontrolled Recursion

                      • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                      • Package Manager: ubuntu:22.04 @@ -3047,7 +2841,7 @@

                        Uncontrolled Recursion

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 + docker-image|quay.io/argoproj/argocd@v2.9.13 and pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1
                      @@ -3060,7 +2854,7 @@

                      Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 pcre3/libpcre3@2:8.39-13ubuntu0.22.04.1 @@ -3069,7 +2863,7 @@

                        Detailed paths

                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 grep@3.7-1build1 @@ -3122,7 +2916,7 @@

                        Release of Invalid Pointer or Reference

                        • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                        • Package Manager: ubuntu:22.04 @@ -3135,7 +2929,7 @@

                          Release of Invalid Pointer or Reference

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.9.13 and patch@2.7.6-7build2
                        @@ -3148,7 +2942,7 @@

                        Detailed paths

                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 patch@2.7.6-7build2 @@ -3192,7 +2986,7 @@

                          Double Free

                          • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                          • Package Manager: ubuntu:22.04 @@ -3205,7 +2999,7 @@

                            Double Free

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and patch@2.7.6-7build2 + docker-image|quay.io/argoproj/argocd@v2.9.13 and patch@2.7.6-7build2
                          @@ -3218,7 +3012,7 @@

                          Detailed paths

                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 patch@2.7.6-7build2 @@ -3267,7 +3061,7 @@

                            CVE-2023-50495

                            • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                            • Package Manager: ubuntu:22.04 @@ -3280,7 +3074,7 @@

                              CVE-2023-50495

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
                            @@ -3293,7 +3087,7 @@

                            Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3302,7 +3096,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 bash@5.1-6ubuntu1.1 @@ -3313,7 +3107,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3324,7 +3118,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 less@590-1ubuntu0.22.04.2 @@ -3335,7 +3129,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 libedit/libedit2@3.1-20210910-1build1 @@ -3346,7 +3140,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3357,7 +3151,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3368,7 +3162,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 procps@2:3.3.17-6ubuntu2.1 @@ -3379,7 +3173,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 util-linux@2.37.2-4ubuntu3.4 @@ -3390,7 +3184,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3405,7 +3199,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3420,7 +3214,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3429,7 +3223,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 procps@2:3.3.17-6ubuntu2.1 @@ -3440,7 +3234,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3455,7 +3249,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3464,7 +3258,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 procps@2:3.3.17-6ubuntu2.1 @@ -3475,7 +3269,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3484,7 +3278,7 @@

                              Detailed paths

                            • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3531,7 +3325,7 @@

                              CVE-2023-45918

                              • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                              • Package Manager: ubuntu:22.04 @@ -3544,7 +3338,7 @@

                                CVE-2023-45918

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and ncurses/libtinfo6@6.3-2ubuntu0.1 + docker-image|quay.io/argoproj/argocd@v2.9.13 and ncurses/libtinfo6@6.3-2ubuntu0.1
                              @@ -3557,7 +3351,7 @@

                              Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libtinfo6@6.3-2ubuntu0.1 @@ -3566,7 +3360,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 bash@5.1-6ubuntu1.1 @@ -3577,7 +3371,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3588,7 +3382,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 less@590-1ubuntu0.22.04.2 @@ -3599,7 +3393,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 libedit/libedit2@3.1-20210910-1build1 @@ -3610,7 +3404,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3621,7 +3415,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3632,7 +3426,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 procps@2:3.3.17-6ubuntu2.1 @@ -3643,7 +3437,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 util-linux@2.37.2-4ubuntu3.4 @@ -3654,7 +3448,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -3669,7 +3463,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3684,7 +3478,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncursesw6@6.3-2ubuntu0.1 @@ -3693,7 +3487,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 procps@2:3.3.17-6ubuntu2.1 @@ -3704,7 +3498,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -3719,7 +3513,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/libncurses6@6.3-2ubuntu0.1 @@ -3728,7 +3522,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 procps@2:3.3.17-6ubuntu2.1 @@ -3739,7 +3533,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/ncurses-base@6.3-2ubuntu0.1 @@ -3748,7 +3542,7 @@

                                Detailed paths

                              • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 ncurses/ncurses-bin@6.3-2ubuntu0.1 @@ -3793,7 +3587,7 @@

                                Resource Exhaustion

                                • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                                • Package Manager: ubuntu:22.04 @@ -3806,7 +3600,7 @@

                                  Resource Exhaustion

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and libzstd/libzstd1@1.4.8+dfsg-3build1 + docker-image|quay.io/argoproj/argocd@v2.9.13 and libzstd/libzstd1@1.4.8+dfsg-3build1
                                @@ -3819,7 +3613,7 @@

                                Detailed paths

                                • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 libzstd/libzstd1@1.4.8+dfsg-3build1 @@ -3870,7 +3664,7 @@

                                  Integer Overflow or Wraparound

                                  • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                                  • Package Manager: ubuntu:22.04 @@ -3883,7 +3677,7 @@

                                    Integer Overflow or Wraparound

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and krb5/libk5crypto3@1.19.2-2ubuntu0.3 + docker-image|quay.io/argoproj/argocd@v2.9.13 and krb5/libk5crypto3@1.19.2-2ubuntu0.3
                                  @@ -3896,7 +3690,7 @@

                                  Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libk5crypto3@1.19.2-2ubuntu0.3 @@ -3905,7 +3699,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -3926,7 +3720,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -3949,7 +3743,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5-3@1.19.2-2ubuntu0.3 @@ -3958,7 +3752,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -3979,7 +3773,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3988,9 +3782,9 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - openssh/openssh-client@1:8.9p1-3ubuntu0.6 + openssh/openssh-client@1:8.9p1-3ubuntu0.7 krb5/libgssapi-krb5-2@1.19.2-2ubuntu0.3 @@ -3999,7 +3793,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -4012,7 +3806,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -4027,7 +3821,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 adduser@3.118ubuntu5 @@ -4046,7 +3840,7 @@

                                    Detailed paths

                                  • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 krb5/libkrb5support0@1.19.2-2ubuntu0.3 @@ -4094,7 +3888,7 @@

                                    Out-of-bounds Write

                                    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                                    • Package Manager: ubuntu:22.04 @@ -4107,7 +3901,7 @@

                                      Out-of-bounds Write

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and gnupg2/gpgv@2.2.27-3ubuntu2.1 + docker-image|quay.io/argoproj/argocd@v2.9.13 and gnupg2/gpgv@2.2.27-3ubuntu2.1
                                    @@ -4120,7 +3914,7 @@

                                    Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpgv@2.2.27-3ubuntu2.1 @@ -4129,7 +3923,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -4140,7 +3934,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4151,7 +3945,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4162,7 +3956,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4173,7 +3967,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4186,7 +3980,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4199,7 +3993,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/dirmngr@2.2.27-3ubuntu2.1 @@ -4208,7 +4002,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4219,7 +4013,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4232,7 +4026,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg-l10n@2.2.27-3ubuntu2.1 @@ -4241,7 +4035,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4252,7 +4046,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg-utils@2.2.27-3ubuntu2.1 @@ -4261,7 +4055,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4272,7 +4066,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg@2.2.27-3ubuntu2.1 @@ -4281,7 +4075,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4292,7 +4086,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4305,7 +4099,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4318,7 +4112,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg-agent@2.2.27-3ubuntu2.1 @@ -4327,7 +4121,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4338,7 +4132,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4351,7 +4145,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4364,7 +4158,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg-wks-client@2.2.27-3ubuntu2.1 @@ -4373,7 +4167,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4384,7 +4178,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpg-wks-server@2.2.27-3ubuntu2.1 @@ -4393,7 +4187,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4404,7 +4198,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gpgsm@2.2.27-3ubuntu2.1 @@ -4413,7 +4207,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4424,7 +4218,7 @@

                                      Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gnupg2/gnupg@2.2.27-3ubuntu2.1 @@ -4473,7 +4267,7 @@

                                      Allocation of Resources Without Limits or Throttling

                                    • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                                    • Package Manager: ubuntu:22.04 @@ -4486,7 +4280,7 @@

                                      Allocation of Resources Without Limits or Throttling

                                      Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and glibc/libc-bin@2.35-0ubuntu3.6 + docker-image|quay.io/argoproj/argocd@v2.9.13 and glibc/libc-bin@2.35-0ubuntu3.7
                                    @@ -4499,18 +4293,18 @@

                                    Detailed paths

                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - glibc/libc-bin@2.35-0ubuntu3.6 + glibc/libc-bin@2.35-0ubuntu3.7
                                    • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 - glibc/libc6@2.35-0ubuntu3.6 + glibc/libc6@2.35-0ubuntu3.7 @@ -4554,7 +4348,7 @@

                                      Improper Input Validation

                                      • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                                      • Package Manager: ubuntu:22.04 @@ -4568,7 +4362,7 @@

                                        Improper Input Validation

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7, git@1:2.34.1-1ubuntu1.10 and others + docker-image|quay.io/argoproj/argocd@v2.9.13, git@1:2.34.1-1ubuntu1.10 and others
                                      @@ -4580,7 +4374,7 @@

                                      Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -4591,7 +4385,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git@1:2.34.1-1ubuntu1.10 @@ -4600,7 +4394,7 @@

                                        Detailed paths

                                      • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 git-lfs@3.0.2-1ubuntu0.2 @@ -4647,7 +4441,7 @@

                                        Uncontrolled Recursion

                                        • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                                        • Package Manager: ubuntu:22.04 @@ -4660,7 +4454,7 @@

                                          Uncontrolled Recursion

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 + docker-image|quay.io/argoproj/argocd@v2.9.13 and gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04
                                        @@ -4673,7 +4467,7 @@

                                        Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gcc-12/libstdc++6@12.3.0-1ubuntu1~22.04 @@ -4682,7 +4476,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -4693,7 +4487,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 apt@2.4.12 @@ -4706,7 +4500,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gcc-12/gcc-12-base@12.3.0-1ubuntu1~22.04 @@ -4715,7 +4509,7 @@

                                          Detailed paths

                                        • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 gcc-12/libgcc-s1@12.3.0-1ubuntu1~22.04 @@ -4762,7 +4556,7 @@

                                          Improper Input Validation

                                          • - Manifest file: quay.io/argoproj/argocd:v2.10.7/argoproj/argocd Dockerfile + Manifest file: quay.io/argoproj/argocd:v2.9.13/argoproj/argocd Dockerfile
                                          • Package Manager: ubuntu:22.04 @@ -4775,7 +4569,7 @@

                                            Improper Input Validation

                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 and coreutils@8.32-4.1ubuntu1.2 + docker-image|quay.io/argoproj/argocd@v2.9.13 and coreutils@8.32-4.1ubuntu1.2
                                          @@ -4788,7 +4582,7 @@

                                          Detailed paths

                                          • Introduced through: - docker-image|quay.io/argoproj/argocd@v2.10.7 + docker-image|quay.io/argoproj/argocd@v2.9.13 coreutils@8.32-4.1ubuntu1.2 diff --git a/docs/snyk/v2.9.13/redis_7.0.15-alpine.html b/docs/snyk/v2.9.13/redis_7.0.15-alpine.html new file mode 100644 index 0000000000000..f287402b77fef --- /dev/null +++ b/docs/snyk/v2.9.13/redis_7.0.15-alpine.html @@ -0,0 +1,657 @@ + + + + + + + + + Snyk test report + + + + + + + + + +
                                            +
                                            +
                                            +
                                            + + + Snyk - Open Source Security + + + + + + + +
                                            +

                                            Snyk test report

                                            + +

                                            April 28th 2024, 12:23:09 am (UTC+00:00)

                                            +
                                            +
                                            + Scanned the following paths: +
                                              +
                                            • redis:7.0.15-alpine (apk)
                                              • +
                                            • redis:7.0.15-alpine/tianon/gosu//usr/local/bin/gosu (gomodules)
                                              • +
                                            +
                                            + +
                                            +
                                            1 known vulnerabilities
                                            +
                                            9 vulnerable dependency paths
                                            +
                                            19 dependencies
                                            +
                                            +
                                            +
                                            +
                                            + +
                                            +
                                            +
                                            +

                                            CVE-2024-2511

                                            +
                                            + +
                                            + low severity +
                                            + +
                                            + +
                                              +
                                            • + Package Manager: alpine:3.19 +
                                              • +
                                            • + Vulnerable module: + + openssl/libcrypto3 +
                                              • + +
                                            • Introduced through: + + docker-image|redis@7.0.15-alpine and openssl/libcrypto3@3.1.4-r5 + +
                                              • +
                                            + +
                                            + + +

                                            Detailed paths

                                            + +
                                              +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + openssl/libcrypto3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libssl3@3.1.4-r5 + + openssl/libcrypto3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + openssl/libssl3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + .redis-rundeps@20240315.235535 + + openssl/libssl3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + apk-tools/apk-tools@2.14.0-r5 + + openssl/libssl3@3.1.4-r5 + + + +
                                              • +
                                            • + Introduced through: + docker-image|redis@7.0.15-alpine + + busybox/ssl_client@1.36.1-r15 + + openssl/libssl3@3.1.4-r5 + + + +
                                              • +
                                            + +
                                            + +
                                            + +

                                            NVD Description

                                            +

                                            Note: Versions mentioned in the description apply only to the upstream openssl package and not the openssl package as distributed by Alpine. + See How to fix? for Alpine:3.19 relevant fixed versions and status.

                                            +

                                            Issue summary: Some non-default TLS server configurations can cause unbounded + memory growth when processing TLSv1.3 sessions

                                            +

                                            Impact summary: An attacker may exploit certain server configurations to trigger + unbounded memory growth that would lead to a Denial of Service

                                            +

                                            This problem can occur in TLSv1.3 if the non-default SSL_OP_NO_TICKET option is + being used (but not if early_data support is also configured and the default + anti-replay protection is in use). In this case, under certain conditions, the + session cache can get into an incorrect state and it will fail to flush properly + as it fills. The session cache will continue to grow in an unbounded manner. A + malicious client could deliberately create the scenario for this failure to + force a Denial of Service. It may also happen by accident in normal operation.

                                            +

                                            This issue only affects TLS servers supporting TLSv1.3. It does not affect TLS + clients.

                                            +

                                            The FIPS modules in 3.2, 3.1 and 3.0 are not affected by this issue. OpenSSL + 1.0.2 is also not affected by this issue.

                                            +

                                            Remediation

                                            +

                                            Upgrade Alpine:3.19 openssl to version 3.1.4-r6 or higher.

                                            +

                                            References

                                            + + +
                                            + +
                                            +

                                            More about this vulnerability

                                            +
                                            + +
                                            +
                                            +
                                            +
                                            + + +