Debian Container Scan with Trivy [2023-04-12]
Contents
Debian Container Security Scan with Trivy [ April 12 2023]
Started by user letslearntogether.info
Obtained Jenkinsfile.trivy-debian from git https://github.com/ffturan/practice.git/
Resume disabled by user, switching to high-performance, low-durability mode.
[Pipeline] Start of Pipeline
[Pipeline] node
Running on Jenkins in /var/lib/jenkins/workspace/trivy-debian
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Declarative: Checkout SCM)
[Pipeline] checkout
The recommended git tool is: NONE
using credential ed599e1d-a641-4f7d-a333-9308281bd4d8
Cloning the remote Git repository
Cloning repository https://github.com/ffturan/practice.git/
> git init /var/lib/jenkins/workspace/trivy-debian # timeout=10
Fetching upstream changes from https://github.com/ffturan/practice.git/
> git --version # timeout=10
> git --version # 'git version 2.39.2'
using GIT_ASKPASS to set credentials
> git fetch --tags --force --progress -- https://github.com/ffturan/practice.git/ +refs/heads/*:refs/remotes/origin/* # timeout=10
> git config remote.origin.url https://github.com/ffturan/practice.git/ # timeout=10
> git config --add remote.origin.fetch +refs/heads/*:refs/remotes/origin/* # timeout=10
Avoid second fetch
> git rev-parse refs/remotes/origin/main^{commit} # timeout=10
Checking out Revision 38c15d28e725d72020632e8b0e800208b6a9d3aa (refs/remotes/origin/main)
> git config core.sparsecheckout # timeout=10
> git checkout -f 38c15d28e725d72020632e8b0e800208b6a9d3aa # timeout=10
Commit message: "Update"
> git rev-list --no-walk 846cd2e7bbc7cae8ad1aa024a3da63cb3dcab70c # timeout=10
[Pipeline] }
[Pipeline] // stage
[Pipeline] withEnv
[Pipeline] {
[Pipeline] withEnv
[Pipeline] {
[Pipeline] stage
[Pipeline] { (Build Container)
[Pipeline] echo
Building container !!
[Pipeline] sh
+ cat Dockerfile.debian
FROM public.ecr.aws/debian/debian:latest
RUN apt-get -y update && apt-get -y upgrade
[Pipeline] sh
+ docker build -t debian:scan -f Dockerfile.debian .
#1 [internal] load .dockerignore
#1 transferring context:
#1 transferring context: 2B done
#1 DONE 0.6s
#2 [internal] load build definition from Dockerfile.debian
#2 transferring dockerfile: 182B done
#2 DONE 0.7s
#3 [internal] load metadata for public.ecr.aws/debian/debian:latest
#3 DONE 1.0s
#4 [1/2] FROM public.ecr.aws/debian/debian:latest@sha256:4220fb50c31f2541cb218d431e9305276b75af900c6a889e474b76714298d26d
#4 resolve public.ecr.aws/debian/debian:latest@sha256:4220fb50c31f2541cb218d431e9305276b75af900c6a889e474b76714298d26d
#4 resolve public.ecr.aws/debian/debian:latest@sha256:4220fb50c31f2541cb218d431e9305276b75af900c6a889e474b76714298d26d 0.2s done
#4 sha256:4220fb50c31f2541cb218d431e9305276b75af900c6a889e474b76714298d26d 2.29kB / 2.29kB done
#4 sha256:61d8a6dbe8683e1270fbaa8c1d1e90f26a84c165b64b0254e38239d2a9033c3e 407B / 407B done
#4 sha256:baac4550c58b9ee0e1a322b9e1a4d9b07e237bff8fa54250726e3a147f525b4f 453B / 453B done
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 0B / 53.69MB 0.1s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 3.15MB / 53.69MB 0.6s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 6.29MB / 53.69MB 0.9s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 9.44MB / 53.69MB 1.2s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 13.63MB / 53.69MB 1.5s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 17.83MB / 53.69MB 1.9s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 22.02MB / 53.69MB 2.2s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 26.21MB / 53.69MB 2.6s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 29.36MB / 53.69MB 2.9s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 32.51MB / 53.69MB 3.1s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 36.70MB / 53.69MB 3.5s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 39.85MB / 53.69MB 3.8s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 42.99MB / 53.69MB 4.0s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 46.14MB / 53.69MB 4.3s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 49.28MB / 53.69MB 4.6s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 53.69MB / 53.69MB 5.0s
#4 sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 53.69MB / 53.69MB 5.2s done
#4 extracting sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0
#4 extracting sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 5.0s
#4 extracting sha256:7442d1dc773073648a3eea904426491695f9bde6d4d0183c1762b644459f2fe0 9.3s done
#4 DONE 15.2s
#5 [2/2] RUN apt-get -y update && apt-get -y upgrade
#5 2.510 Get:1 http://deb.debian.org/debian bullseye InRelease [116 kB]
#5 2.579 Get:2 http://deb.debian.org/debian-security bullseye-security InRelease [48.4 kB]
#5 2.606 Get:3 http://deb.debian.org/debian bullseye-updates InRelease [44.1 kB]
#5 3.058 Get:4 http://deb.debian.org/debian bullseye/main amd64 Packages [8183 kB]
#5 3.932 Get:5 http://deb.debian.org/debian-security bullseye-security/main amd64 Packages [237 kB]
#5 3.968 Get:6 http://deb.debian.org/debian bullseye-updates/main amd64 Packages [14.6 kB]
#5 5.166 Fetched 8643 kB in 3s (3158 kB/s)
#5 5.166 Reading package lists...
#5 5.960 Reading package lists...
#5 6.466 Building dependency tree...
#5 6.716 Reading state information...
#5 6.768 Calculating upgrade...
#5 7.069 The following packages will be upgraded:
#5 7.069 tzdata
#5 7.153 1 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
#5 7.153 Need to get 286 kB of archives.
#5 7.153 After this operation, 20.5 kB of additional disk space will be used.
#5 7.153 Get:1 http://deb.debian.org/debian bullseye-updates/main amd64 tzdata all 2021a-1+deb11u9 [286 kB]
#5 7.504 debconf: delaying package configuration, since apt-utils is not installed
#5 7.551 Fetched 286 kB in 0s (1762 kB/s)
#5 7.686 (Reading database ...
(Reading database ... 5%
(Reading database ... 10%
(Reading database ... 15%
(Reading database ... 20%
(Reading database ... 25%
(Reading database ... 30%
(Reading database ... 35%
(Reading database ... 40%
(Reading database ... 45%
(Reading database ... 50%
(Reading database ... 55%
(Reading database ... 60%
(Reading database ... 65%
(Reading database ... 70%
(Reading database ... 75%
(Reading database ... 80%
(Reading database ... 85%
(Reading database ... 90%
(Reading database ... 95%
(Reading database ... 100%
(Reading database ... 6661 files and directories currently installed.)
#5 7.751 Preparing to unpack .../tzdata_2021a-1+deb11u9_all.deb ...
#5 7.792 Unpacking tzdata (2021a-1+deb11u9) over (2021a-1+deb11u8) ...
#5 9.156 Setting up tzdata (2021a-1+deb11u9) ...
#5 9.330 debconf: unable to initialize frontend: Dialog
#5 9.330 debconf: (TERM is not set, so the dialog frontend is not usable.)
#5 9.330 debconf: falling back to frontend: Readline
#5 9.332 debconf: unable to initialize frontend: Readline
#5 9.332 debconf: (Can't locate Term/ReadLine.pm in @INC (you may need to install the Term::ReadLine module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.32.1 /usr/local/share/perl/5.32.1 /usr/lib/x86_64-linux-gnu/perl5/5.32 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl-base /usr/lib/x86_64-linux-gnu/perl/5.32 /usr/share/perl/5.32 /usr/local/lib/site_perl) at /usr/share/perl5/Debconf/FrontEnd/Readline.pm line 7.)
#5 9.332 debconf: falling back to frontend: Teletype
#5 9.439
#5 9.439 Current default time zone: 'Etc/UTC'
#5 9.451 Local time is now: Wed Apr 12 13:22:49 UTC 2023.
#5 9.451 Universal Time is now: Wed Apr 12 13:22:49 UTC 2023.
#5 9.451 Run 'dpkg-reconfigure tzdata' if you wish to change it.
#5 9.451
#5 DONE 9.7s
#6 exporting to image
#6 exporting layers
#6 exporting layers 1.5s done
#6 writing image sha256:df43daafd7f24bf34e7e82a7bf91d8a8ea263f8ee9b89840c4bf34a0e3b3a5df
#6 writing image sha256:df43daafd7f24bf34e7e82a7bf91d8a8ea263f8ee9b89840c4bf34a0e3b3a5df done
#6 naming to docker.io/library/debian:scan done
#6 DONE 1.5s
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (Test Container with Trivy)
[Pipeline] sh
+ trivy image debian:scan
2023-04-12T09:22:53.498-0400 [34mINFO[0m Vulnerability scanning is enabled
2023-04-12T09:22:53.498-0400 [34mINFO[0m Secret scanning is enabled
2023-04-12T09:22:53.498-0400 [34mINFO[0m If your scanning is slow, please try '--security-checks vuln' to disable secret scanning
2023-04-12T09:22:53.498-0400 [34mINFO[0m Please see also https://aquasecurity.github.io/trivy/v0.34/docs/secret/scanning/#recommendation for faster secret detection
2023-04-12T09:23:02.712-0400 [34mINFO[0m Detected OS: debian
2023-04-12T09:23:02.712-0400 [34mINFO[0m Detecting Debian vulnerabilities...
2023-04-12T09:23:02.811-0400 [34mINFO[0m Number of language-specific files: 0
debian:scan (debian 11.6)
=========================
Total: 76 (UNKNOWN: 0, LOW: 56, MEDIUM: 6, HIGH: 13, CRITICAL: 1)
┌──────────────────┬──────────────────┬──────────┬───────────────────┬───────────────┬──────────────────────────────────────────────────────────────┐
│ Library │ Vulnerability │ Severity │ Installed Version │ Fixed Version │ Title │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ apt │ CVE-2011-3374 │ LOW │ 2.2.4 │ │ It was found that apt-key in apt, all versions, do not │
│ │ │ │ │ │ correctly... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3374 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ bash │ CVE-2022-3715 │ HIGH │ 5.1-2+deb11u1 │ │ bash: a heap-buffer-overflow in valid_parameter_transform │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3715 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ bsdutils │ CVE-2022-0563 │ LOW │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
│ │ │ │ │ │ and chsh when compiled... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ coreutils │ CVE-2016-2781 │ │ 8.32-4 │ │ coreutils: Non-privileged session can escape to the parent │
│ │ │ │ │ │ session in chroot │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2016-2781 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2017-18018 │ │ │ │ coreutils: race condition vulnerability in chown and chgrp │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-18018 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ e2fsprogs │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ gpgv │ CVE-2022-3219 │ LOW │ 2.2.27-2+deb11u2 │ │ gnupg: denial of service issue (resource consumption) using │
│ │ │ │ │ │ compressed packets │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3219 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libapt-pkg6.0 │ CVE-2011-3374 │ │ 2.2.4 │ │ It was found that apt-key in apt, all versions, do not │
│ │ │ │ │ │ correctly... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3374 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libblkid1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
│ │ │ │ │ │ and chsh when compiled... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libc-bin │ CVE-2010-4756 │ │ 2.31-13+deb11u5 │ │ glibc: glob implementation can cause excessive CPU and │
│ │ │ │ │ │ memory consumption due to... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4756 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2018-20796 │ │ │ │ glibc: uncontrolled recursion in function │
│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20796 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010022 │ │ │ │ glibc: stack guard protection bypass │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010022 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010023 │ │ │ │ glibc: running ldd on malicious ELF leads to code execution │
│ │ │ │ │ │ because of... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010023 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010024 │ │ │ │ glibc: ASLR bypass using cache of thread stack and heap │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010024 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010025 │ │ │ │ glibc: information disclosure of heap addresses of │
│ │ │ │ │ │ pthread_created thread │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010025 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-9192 │ │ │ │ glibc: uncontrolled recursion in function │
│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9192 │
├──────────────────┼──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ libc6 │ CVE-2010-4756 │ │ │ │ glibc: glob implementation can cause excessive CPU and │
│ │ │ │ │ │ memory consumption due to... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-4756 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2018-20796 │ │ │ │ glibc: uncontrolled recursion in function │
│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-20796 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010022 │ │ │ │ glibc: stack guard protection bypass │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010022 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010023 │ │ │ │ glibc: running ldd on malicious ELF leads to code execution │
│ │ │ │ │ │ because of... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010023 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010024 │ │ │ │ glibc: ASLR bypass using cache of thread stack and heap │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010024 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-1010025 │ │ │ │ glibc: information disclosure of heap addresses of │
│ │ │ │ │ │ pthread_created thread │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-1010025 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-9192 │ │ │ │ glibc: uncontrolled recursion in function │
│ │ │ │ │ │ check_dst_limits_calc_pos_1 in posix/regexec.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-9192 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libcom-err2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libdb5.3 │ CVE-2019-8457 │ CRITICAL │ 5.3.28+dfsg1-0.8 │ │ sqlite: heap out-of-bound read in function rtreenode() │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-8457 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libext2fs2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libgcrypt20 │ CVE-2021-33560 │ │ 1.8.7-6 │ │ libgcrypt: mishandles ElGamal encryption because it lacks │
│ │ │ │ │ │ exponent blinding to address a... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-33560 │
│ ├──────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2018-6829 │ LOW │ │ │ libgcrypt: ElGamal implementation doesn't have semantic │
│ │ │ │ │ │ security due to incorrectly encoded plaintexts... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-6829 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libgnutls30 │ CVE-2011-3389 │ │ 3.7.1-5+deb11u3 │ │ HTTPS: block-wise chosen-plaintext attack against SSL/TLS │
│ │ │ │ │ │ (BEAST) │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-3389 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libgssapi-krb5-2 │ CVE-2018-5709 │ │ 1.18.3-6+deb11u3 │ │ krb5: integer overflow in dbentry->n_key_data in │
│ │ │ │ │ │ kadmin/dbutil/dump.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2018-5709 │
├──────────────────┤ │ │ ├───────────────┤ │
│ libk5crypto3 │ │ │ │ │ │
│ │ │ │ │ │ │
│ │ │ │ │ │ │
├──────────────────┤ │ │ ├───────────────┤ │
│ libkrb5-3 │ │ │ │ │ │
│ │ │ │ │ │ │
│ │ │ │ │ │ │
├──────────────────┤ │ │ ├───────────────┤ │
│ libkrb5support0 │ │ │ │ │ │
│ │ │ │ │ │ │
│ │ │ │ │ │ │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libmount1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
│ │ │ │ │ │ and chsh when compiled... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libpcre3 │ CVE-2017-11164 │ │ 2:8.39-13 │ │ pcre: OP_KETRMAX feature in the match function in │
│ │ │ │ │ │ pcre_exec.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-11164 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2017-16231 │ │ │ │ pcre: self-recursive call in match() in pcre_exec.c leads to │
│ │ │ │ │ │ denial of service... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-16231 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2017-7245 │ │ │ │ pcre: stack-based buffer overflow write in │
│ │ │ │ │ │ pcre32_copy_substring │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-7245 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2017-7246 │ │ │ │ pcre: stack-based buffer overflow write in │
│ │ │ │ │ │ pcre32_copy_substring │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2017-7246 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-20838 │ │ │ │ pcre: Buffer over-read in JIT when UTF is disabled and \X │
│ │ │ │ │ │ or... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-20838 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libsepol1 │ CVE-2021-36084 │ │ 3.1-1 │ │ libsepol: use-after-free in __cil_verify_classperms() │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36084 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2021-36085 │ │ │ │ libsepol: use-after-free in __cil_verify_classperms() │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36085 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2021-36086 │ │ │ │ libsepol: use-after-free in cil_reset_classpermission() │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36086 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2021-36087 │ │ │ │ libsepol: heap-based buffer overflow in ebitmap_match_any() │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2021-36087 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libsmartcols1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
│ │ │ │ │ │ and chsh when compiled... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libss2 │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libssl1.1 │ CVE-2023-0464 │ │ 1.1.1n-0+deb11u4 │ │ openssl: Denial of service by excessive resource usage in │
│ │ │ │ │ │ verifying X509 policy... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0464 │
│ ├──────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2023-0465 │ MEDIUM │ │ │ openssl: Invalid certificate policies in leaf certificates │
│ │ │ │ │ │ are silently ignored │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0465 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2023-0466 │ │ │ │ openssl: Certificate policy check not enabled │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2023-0466 │
│ ├──────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2007-6755 │ LOW │ │ │ Dual_EC_DRBG: weak pseudo random number generator │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-6755 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2010-0928 │ │ │ │ openssl: RSA authentication weakness │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2010-0928 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libsystemd0 │ CVE-2022-3821 │ MEDIUM │ 247.3-7+deb11u1 │ │ systemd: buffer overrun in format_timespan() function │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3821 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2022-4415 │ │ │ │ systemd: local information leak due to systemd-coredump not │
│ │ │ │ │ │ respecting fs.suid_dumpable kernel setting... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4415 │
│ ├──────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2013-4392 │ LOW │ │ │ systemd: TOCTOU race condition when updating file │
│ │ │ │ │ │ permissions and SELinux security contexts... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4392 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2020-13529 │ │ │ │ systemd: DHCP FORCERENEW authentication not implemented can │
│ │ │ │ │ │ cause a system running the... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-13529 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libtinfo6 │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libudev1 │ CVE-2022-3821 │ MEDIUM │ 247.3-7+deb11u1 │ │ systemd: buffer overrun in format_timespan() function │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-3821 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2022-4415 │ │ │ │ systemd: local information leak due to systemd-coredump not │
│ │ │ │ │ │ respecting fs.suid_dumpable kernel setting... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4415 │
│ ├──────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2013-4392 │ LOW │ │ │ systemd: TOCTOU race condition when updating file │
│ │ │ │ │ │ permissions and SELinux security contexts... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4392 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2020-13529 │ │ │ │ systemd: DHCP FORCERENEW authentication not implemented can │
│ │ │ │ │ │ cause a system running the... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-13529 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libuuid1 │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
│ │ │ │ │ │ and chsh when compiled... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ libzstd1 │ CVE-2022-4899 │ HIGH │ 1.4.8+dfsg-2.1 │ │ zstd: buffer overrun in util.c │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-4899 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ login │ CVE-2007-5686 │ LOW │ 1:4.8.1-1 │ │ initscripts in rPath Linux 1 sets insecure permissions for │
│ │ │ │ │ │ the /var/lo ...... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-5686 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2013-4235 │ │ │ │ shadow-utils: TOCTOU race conditions by copying and removing │
│ │ │ │ │ │ directory trees │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4235 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-19882 │ │ │ │ shadow-utils: local users can obtain root access because │
│ │ │ │ │ │ setuid programs are misconfigured... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19882 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ logsave │ CVE-2022-1304 │ HIGH │ 1.46.2-2 │ │ e2fsprogs: out-of-bounds read/write via crafted filesystem │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-1304 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ mount │ CVE-2022-0563 │ LOW │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
│ │ │ │ │ │ and chsh when compiled... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ ncurses-base │ CVE-2022-29458 │ HIGH │ 6.2+20201114-2 │ │ ncurses: segfaulting OOB read │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-29458 │
├──────────────────┤ │ │ ├───────────────┤ │
│ ncurses-bin │ │ │ │ │ │
│ │ │ │ │ │ │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ passwd │ CVE-2007-5686 │ LOW │ 1:4.8.1-1 │ │ initscripts in rPath Linux 1 sets insecure permissions for │
│ │ │ │ │ │ the /var/lo ...... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2007-5686 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2013-4235 │ │ │ │ shadow-utils: TOCTOU race conditions by copying and removing │
│ │ │ │ │ │ directory trees │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2013-4235 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2019-19882 │ │ │ │ shadow-utils: local users can obtain root access because │
│ │ │ │ │ │ setuid programs are misconfigured... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2019-19882 │
├──────────────────┼──────────────────┼──────────┼───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ perl-base │ CVE-2020-16156 │ HIGH │ 5.32.1-4+deb11u2 │ │ perl-CPAN: Bypass of verification of signatures in CHECKSUMS │
│ │ │ │ │ │ files │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2020-16156 │
│ ├──────────────────┼──────────┤ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2011-4116 │ LOW │ │ │ perl: File::Temp insecure temporary file handling │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2011-4116 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ tar │ CVE-2005-2541 │ │ 1.34+dfsg-1 │ │ tar: does not properly warn the user when extracting setuid │
│ │ │ │ │ │ or setgid... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2005-2541 │
│ ├──────────────────┤ │ ├───────────────┼──────────────────────────────────────────────────────────────┤
│ │ CVE-2022-48303 │ │ │ │ tar: heap buffer overflow at from_header() in list.c via │
│ │ │ │ │ │ specially crafted checksum... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-48303 │
├──────────────────┼──────────────────┤ ├───────────────────┼───────────────┼──────────────────────────────────────────────────────────────┤
│ util-linux │ CVE-2022-0563 │ │ 2.36.1-8+deb11u1 │ │ util-linux: partial disclosure of arbitrary files in chfn │
│ │ │ │ │ │ and chsh when compiled... │
│ │ │ │ │ │ https://avd.aquasec.com/nvd/cve-2022-0563 │
└──────────────────┴──────────────────┴──────────┴───────────────────┴───────────────┴──────────────────────────────────────────────────────────────┘
[Pipeline] }
[Pipeline] // stage
[Pipeline] stage
[Pipeline] { (CleanUp)
[Pipeline] sh
++ docker ps --all
++ grep -v CONTAINER
++ gawk '{print $1}'
++ docker images --all
++ grep -v IMAGE
++ gawk '{print $3}'
+ for C in $(docker images --all | gawk {'print $3'} | grep -v IMAGE)
+ docker rmi -f df43daafd7f2
Untagged: debian:scan
Deleted: sha256:df43daafd7f24bf34e7e82a7bf91d8a8ea263f8ee9b89840c4bf34a0e3b3a5df
+ docker ps --all
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
+ docker images --all
REPOSITORY TAG IMAGE ID CREATED SIZE
[Pipeline] }
[Pipeline] // stage
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // withEnv
[Pipeline] }
[Pipeline] // node
[Pipeline] End of Pipeline
Finished: SUCCESS