Scan results for 21.08.525
Table of Contents
Expand all | Collapse all
-
- Methodology
- Scan results for 30.03.122
- Scan results for 30.02.123
- Scan results for 30.01.153
- Scan results for 22.12.415
- Scan results for 22.06.224
- Scan results for 22.06.197
- Scan results for 22.06.179
- Scan results for 22.01.880
- Scan results for 22.01.840
- Scan results for 21.08.525
- Scan results for 21.08.520
- Scan results for 21.08.514
- Scan results for 21.04.439
- Scan results for 21.04.421
- Scan results for 21.04.412
- Scan results for 20.12.541
Scan results for 21.08.525
OpenSCAP and vulnerability scan report:
- Prisma Cloud Compute release: 21.08 Update2 (21.08.525)
- Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.4-205
- Benchmark URL: scap-security-guide-0.1.57/ssg-rhel8-ds.xml
- Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
- Profile ID: xccdf_org.ssgproject.content_profile_stig
- Compared to IronBank’s UBI8-minimal, Version 8.4, Build Date: 2021-11-22
twistlock/private:console_21_08_525
Findings for Prisma Cloud Compute Console.
OpenSCAP report
You can find the OpenSCAP report here
Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy | Pass | Fail | /etc/pki/tls/openssl.cnf configured according to check |
xccdf_org.ssgproject.content_rule_banner_etc_issue | Fail | Pass | Application is a non-interactive container. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214587 | Fail | Pass | CVE-2021-42574 libgcc, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513 | Fail | Pass | CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087 libsepol, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513 | Fail | Pass | CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214511 | Fail | Pass | CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214510 | Fail | Pass | CVE-2020-24370 lua-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214489 | Fail | Pass | CVE-2021-20266 rpm & rpm-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214451 | Fail | Pass | CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232 gnutls, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214426 | Fail | Pass | CVE-2019-17594 & CVE-2019-17595 ncurses-libs & ncurses-base, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214424 | Fail | Pass | CVE-2021-23840 openssl & openssl-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214409 | Fail | Pass | CVE-2021-33560 libgcrypt, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214387 | Fail | Pass | CVE-2020-16135 libssh-config, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214386 | Fail | Pass | CVE-2021-42574 libgcc, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214385 | Fail | Pass | CVE-2021-28153 glib2, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214382 | Fail | Pass | CVE-2020-12762 json-c, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214374 | Fail | Pass | CVE-2019-18218 file-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214373 | Fail | Pass | CVE-2020-14155 & CVE-2019-20838 pcre, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214358 | Fail | Pass | CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645 glibc & glibc-common & glibc-minimal-langpack, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214151 | Fail | Pass | CVE-2021-42771 & CVE-2021-23336 & CVE-2021-27291 & CVE-2020-28493 & CVE-2021-20270 & CVE-2021-28957 python2, to be patched in the next release (Joule). |
Vulnerabilities full report
You can find the full vulnerabilities report here.
CVE | Package | Version | Fix Status | Justification |
|---|---|---|---|---|
CVE-2019-17594 & CVE-2019-17595 | ncurses-libs & ncurses-base | 6.1-7.20180224.el8 | To be patched in next release, Joule | |
CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645 | glibc & glibc-common & glibc-minimal-langpack | 2.28-151.el8 | To be patched in next release, Joule | |
CVE-2021-23840 | openssl & openssl-libs | 1.1.1g-15.el8_3 | To be patched in next release, Joule | |
CVE-2021-20231 & CVE-2021-20232 | nettle | 3.4.1-4.el8_3 | To be patched in next release, Joule | |
CVE-2021-20266 | rpm & rpm-libs | 4.14.3-14.el8_4 | To be patched in next release, Joule | |
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 | libcurl | 7.61.1-18.el8_4.2 | To be patched in next release, Joule | |
CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087 | libsepol | 2.9-2.el8 | To be patched in next release, Joule | |
CVE-2020-14155 & CVE-2019-20838 | pcre | 8.42-4.el8 | To be patched in next release, Joule | |
CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232 | gnutls | 3.6.14-8.el8_3 | To be patched in next release, Joule | |
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 | curl | 7.61.1-18.el8_4.2 | To be patched in next release, Joule | |
CVE-2021-42771 & CVE-2021-23336 & CVE-2021-27291 & CVE-2020-28493 & CVE-2021-20270 & CVE-2021-28957 | python2 | 2.7.18-4.module+el8.4.0+9577+0b56c8de | To be patched in next release, Joule |
twistlock/private:defender_21_08_525
Findings for Prisma Cloud Compute Defender.
OpenSCAP report
You can find the OpenSCAP report here.
Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy | Pass | Fail | /etc/pki/tls/openssl.cnf configured according to check |
xccdf_org.ssgproject.content_rule_banner_etc_issue | Fail | Pass | Application is a non-interactive container. There is no interactive console session with the container. |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214587 | Fail | Pass | CVE-2021-42574 libgcc, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513 | Fail | Pass | CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087 libsepol, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214513 | Fail | Pass | CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214511 | Fail | Pass | CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 curl, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214510 | Fail | Pass | CVE-2020-24370 lua-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214489 | Fail | Pass | CVE-2021-20266 rpm & rpm-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214451 | Fail | Pass | CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232 gnutls, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214426 | Fail | Pass | CVE-2019-17594 & CVE-2019-17595 ncurses-libs & ncurses-base, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214424 | Fail | Pass | CVE-2021-23840 openssl & openssl-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214409 | Fail | Pass | CVE-2021-33560 libgcrypt, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214387 | Fail | Pass | CVE-2020-16135 libssh-config, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214386 | Fail | Pass | CVE-2021-42574 libgcc, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214385 | Fail | Pass | CVE-2021-28153 glib2, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214382 | Fail | Pass | CVE-2020-12762 json-c, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214374 | Fail | Pass | CVE-2019-18218 file-libs, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214373 | Fail | Pass | CVE-2020-14155 & CVE-2019-20838 pcre, to be patched in the next release (Joule). |
xccdf_org.ssgproject.content_rule_security_patches_up_to_date oval:com.redhat.rhsa:def:20214358 | Fail | Pass | CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645 glibc & glibc-common & glibc-minimal-langpack, to be patched in the next release (Joule). |
Vulnerabilities full report
You can find the full vulnerabilities report here.
CVE | Package | Version | Fix Status | Justification |
|---|---|---|---|---|
CVE-2019-17594 & CVE-2019-17595 | ncurses-libs & ncurses-base | 6.1-7.20180224.el8 | To be patched in next release, Joule | |
CVE-2021-35942 & CVE-2021-33574 & CVE-2021-27645 | glibc & glibc-common & glibc-minimal-langpack | 2.28-151.el8 | To be patched in next release, Joule | |
CVE-2021-23840 | openssl & openssl-libs | 1.1.1g-15.el8_3 | To be patched in next release, Joule | |
CVE-2021-20231 & CVE-2021-20232 | nettle | 3.4.1-4.el8_3 | To be patched in next release, Joule | |
CVE-2021-20266 | rpm & rpm-libs | 4.14.3-14.el8_4 | To be patched in next release, Joule | |
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 | libcurl | 7.61.1-18.el8_4.2 | To be patched in next release, Joule | |
CVE-2021-36084 & CVE-2021-36085 & CVE-2021-36086 & CVE-2021-36087 | libsepol | 2.9-2.el8 | To be patched in next release, Joule | |
CVE-2020-14155 & CVE-2019-20838 | pcre | 8.42-4.el8 | To be patched in next release, Joule | |
CVE-2021-3580 & CVE-2021-20231 & CVE-2021-20232 | gnutls | 3.6.14-8.el8_3 | To be patched in next release, Joule | |
CVE-2021-22925 & CVE-2021-22898 & CVE-2021-22876 | curl | 7.61.1-18.el8_4.2 | To be patched in next release, Joule |