Scan results for 21.04.412

OpenSCAP and vulnerability scan report:
  • Prisma Cloud Compute release: 21.04 (21.04.412)
  • Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.3-291
  • Benchmark URL: scap-security-guide-0.1.54/ssg-rhel8-ds.xml
  • Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
  • Profile ID: xccdf_org.ssgproject.content_profile_stig
  • Compared to IronBank’s UBI8-minimal, Version 8.3 - Conditionally Approved, Build Date: 2021-04-28T14:08:19.203Z

twistlock/private:console_21_04_412

Findings for Prisma Cloud Compute Console.
Note: There is a large discrepancy in the OpenSCAP findings for this release due to the late addition of the systemd-pam package. These "Protect Accounts by Configuring PAM" findings will be corrected in the next release update. There is no interactive console session with the container and these settings are not implemented.

OpenSCAP report

You can find the report here.
Rule_ID
Compute finding
IronBank finding
Justification
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy
Pass
Fail
/etc/pki/tls/openssl.cnf configured according to check
xccdf_org.ssgproject.content_rule_banner_etc_issue
Fail
Pass
Application is a non-interactive container. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_enforce_local
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_difok
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_disable_users_coredumps
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.

Vulnerabilities report

You can find the report here.
CVE
Package
Version
Fix Status
Justification
CVE-2021-27218
glib2
2.56.4-8.el8
RedHat has not released patch
CVE-2021-27219
glib2
2.56.4-8.el8
RedHat has not released patch
CVE-2021-28153
glib2
2.56.4-8.el8
RedHat has not released patch
CVE-2020-12762
json-c
0.13.1-0.2.el8
RedHat has not released patch
CVE-2020-8231
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2020-8284
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2020-8285
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2020-8286
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2021-22876
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2021-23840
openssl
1.1.1g-15.el8_3
RedHat has not released patch
CVE-2021-23841
openssl
1.1.1g-15.el8_3
RedHat has not released patch
CVE-2019-25013
glibc
2.28-127.el8_3.2
RedHat has not released patch
CVE-2020-27618
glibc
2.28-127.el8_3.2
RedHat has not released patch
CVE-2021-3326
glibc
2.28-127.el8_3.2
RedHat has not released patch
CVE-2020-29361
p11-kit
0.23.14-5.el8_0
RedHat has not released patch
CVE-2020-29363
p11-kit
0.23.14-5.el8_0
RedHat has not released patch
CVE-2020-29362
p11-kit
0.23.14-5.el8_0
RedHat has not released patch
CVE-2019-20838
pcre
8.42-4.el8
RedHat has not released patch
CVE-2020-14155
pcre
8.42-4.el8
RedHat has not released patch
CVE-2020-8927
brotli
1.0.6-2.el8
RedHat has not released patch
CVE-2021-20271
rpm
4.14.3-4.el8
RedHat has not released patch
CVE-2021-20231
gnutls
3.6.14-8.el8_3
RedHat has not released patch
CVE-2021-20232
gnutls
3.6.14-8.el8_3
RedHat has not released patch

twistlock/private:defender_21_04_412

Findings for Prisma Cloud Compute Defender.

OpenSCAP report

You can find the report here.
Rule_ID
Compute finding
IronBank finding
Justification
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy
Pass
Fail
/etc/pki/tls/openssl.cnf configured according to check
xccdf_org.ssgproject.content_rule_banner_etc_issue
Fail
Pass
Application is a non-interactive container. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_unlock_time
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_deny
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_interval
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_passwords_pam_faillock_enforce_local
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_unix_remember
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxrepeat
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_maxclassrepeat
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_minlen
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_ucredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_difok
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_dcredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_root
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_ocredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_lcredit
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_pam_enforce_local
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_disable_ctrlaltdel_burstaction
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_password_minlen_login_defs
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_account_disable_post_pw_expiration
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_accounts_max_concurrent_login_sessions
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.
xccdf_org.ssgproject.content_rule_disable_users_coredumps
Fail
notapplicable
To be corrected in the next release update. There is no interactive console session with the container.

Vulnerabilities report

You can find the report here.
CVE
Package
Version
Fix Status
Justification
CVE-2021-27218
glib2
2.56.4-8.el8
RedHat has not released patch
CVE-2021-27219
glib2
2.56.4-8.el8
RedHat has not released patch
CVE-2021-28153
glib2
2.56.4-8.el8
RedHat has not released patch
CVE-2020-12762
json-c
0.13.1-0.2.el8
RedHat has not released patch
CVE-2020-8231
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2020-8284
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2020-8285
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2020-8286
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2021-22876
curl
7.61.1-14.el8_3.1
RedHat has not released patch
CVE-2021-23840
openssl
1.1.1g-15.el8_3
RedHat has not released patch
CVE-2021-23841
openssl
1.1.1g-15.el8_3
RedHat has not released patch
CVE-2020-13776
systemd
239-41.el8_3.2
RedHat has not released patch
CVE-2019-25013
glibc
2.28-127.el8_3.2
RedHat has not released patch
CVE-2020-27618
glibc
2.28-127.el8_3.2
RedHat has not released patch
CVE-2021-3326
glibc
2.28-127.el8_3.2
RedHat has not released patch
CVE-2020-29361
p11-kit
0.23.14-5.el8_0
RedHat has not released patch
CVE-2020-29363
p11-kit
0.23.14-5.el8_0
RedHat has not released patch
CVE-2020-29362
p11-kit
0.23.14-5.el8_0
RedHat has not released patch
CVE-2019-20838
pcre
8.42-4.el8
RedHat has not released patch
CVE-2020-14155
pcre
8.42-4.el8
RedHat has not released patch
CVE-2020-8927
brotli
1.0.6-2.el8
RedHat has not released patch
CVE-2021-20271
rpm
4.14.3-4.el8
RedHat has not released patch
CVE-2021-20231
gnutls
3.6.14-8.el8_3
RedHat has not released patch
CVE-2021-20232
gnutls
3.6.14-8.el8_3
RedHat has not released patch

Recommended For You