cyber-dojo
flows
dashboard-archived-at-1707630840
artifacts
0077021e4677534b880ff055e010a25694c3bfe65e39eb320c6c17e0256cc474
By signing up, you agree to the
Terms of Service.
For more information about Kosli’s privacy practices, see the Kosli’s
Privacy Policy.
We’ll occasionally send you account-related emails.
We’ll occasionally send you account-related emails.
dashboard-archived-at-1707630840
UX for a group practice dashboard
cyberdojo/dashboard:a2dc8e3
Compliant
Download Evidence Package
JSON
{
"created_at": 1705475786.5208614,
"fingerprint": "0077021e4677534b880ff055e010a25694c3bfe65e39eb320c6c17e0256cc474",
"filename": "cyberdojo/dashboard:a2dc8e3",
"git_commit": "a2dc8e3134f22219730b270bf5070e4d1bc8130a",
"build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552299962",
"commit_url": "https://github.com/cyber-dojo/dashboard/commit/a2dc8e3134f22219730b270bf5070e4d1bc8130a",
"evidence": {
"snyk-scan": {
"evidence_type": "snyk",
"is_compliant": true,
"build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552299962",
"evidence_archive_fingerprint": "c5103abc147f480e4afbf9e879ffa0fb70c3ca845359486bdfdb43411201c245",
"user_data": {},
"snyk_results": {
"applications": [
{
"dependencyCount": 0,
"displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent",
"docker": {},
"filesystemPolicy": true,
"hasUnknownVersions": false,
"ignoreSettings": {
"adminOnly": false,
"disregardFilesystemIgnores": false,
"reasonRequired": false
},
"isPrivate": true,
"licensesPolicy": {
"orgLicenseRules": {
"AGPL-1.0": {
"instructions": "",
"licenseType": "AGPL-1.0",
"severity": "high"
},
"AGPL-3.0": {
"instructions": "",
"licenseType": "AGPL-3.0",
"severity": "high"
},
"Artistic-1.0": {
"instructions": "",
"licenseType": "Artistic-1.0",
"severity": "medium"
},
"Artistic-2.0": {
"instructions": "",
"licenseType": "Artistic-2.0",
"severity": "medium"
},
"CDDL-1.0": {
"instructions": "",
"licenseType": "CDDL-1.0",
"severity": "medium"
},
"CPOL-1.02": {
"instructions": "",
"licenseType": "CPOL-1.02",
"severity": "high"
},
"EPL-1.0": {
"instructions": "",
"licenseType": "EPL-1.0",
"severity": "medium"
},
"GPL-2.0": {
"instructions": "",
"licenseType": "GPL-2.0",
"severity": "high"
},
"GPL-3.0": {
"instructions": "",
"licenseType": "GPL-3.0",
"severity": "high"
},
"LGPL-2.0": {
"instructions": "",
"licenseType": "LGPL-2.0",
"severity": "medium"
},
"LGPL-2.1": {
"instructions": "",
"licenseType": "LGPL-2.1",
"severity": "medium"
},
"LGPL-3.0": {
"instructions": "",
"licenseType": "LGPL-3.0",
"severity": "medium"
},
"MPL-1.1": {
"instructions": "",
"licenseType": "MPL-1.1",
"severity": "medium"
},
"MPL-2.0": {
"instructions": "",
"licenseType": "MPL-2.0",
"severity": "medium"
},
"MS-RL": {
"instructions": "",
"licenseType": "MS-RL",
"severity": "medium"
},
"SimPL-2.0": {
"instructions": "",
"licenseType": "SimPL-2.0",
"severity": "high"
}
},
"severities": {}
},
"ok": true,
"org": "jonjagger",
"packageManager": "maven",
"path": "cyberdojo/dashboard:a2dc8e3/dashboard:a2dc8e3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent",
"policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-OPENSSL-6160000:\n - '*':\n reason: Waiting for fix in base-image\n expires: 2024-03-01T12:46:34.671Z\n created: 2024-01-17T07:46:34.673Z\n source: cli\npatch: {}\n",
"projectName": "cyberdojo/dashboard:a2dc8e3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent",
"summary": "No known vulnerabilities",
"targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent",
"uniqueCount": 0,
"vulnerabilities": []
}
],
"dependencyCount": 80,
"displayTargetFile": "Dockerfile",
"docker": {
"baseImage": "cyberdojo/sinatra-base:6afffdb",
"baseImageRemediation": {
"advice": [
{
"bold": true,
"message": "Recommendations for your base image (cyberdojo/sinatra-base:6afffdb) are not available.\nSee above for details and fixes on individual vulnerabilities"
}
],
"code": "UNTRACKED_BASE_IMAGE"
},
"binariesVulns": {
"affectedPkgs": {},
"issuesData": {}
}
},
"filesystemPolicy": true,
"filtered": {
"ignore": [
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": true,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [
false,
"openssl/libcrypto3@3.1.4-r4"
],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
".ruby-rundeps@20240108.230053",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"apk-tools/apk-tools@2.14.0-r2",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"busybox/ssl_client@1.36.1-r5",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"ca-certificates/ca-certificates@20230506-r0",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"nodejs/nodejs@18.18.2-r0",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
".ruby-rundeps@20240108.230053",
"openssl/libssl3@3.1.4-r3",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"curl/curl@8.5.0-r0",
"curl/libcurl@8.5.0-r0",
"openssl/libcrypto3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libcrypto3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"openssl/libssl3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": true,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libssl3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [
false,
"openssl/libssl3@3.1.4-r4"
],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
".ruby-rundeps@20240108.230053",
"openssl/libssl3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libssl3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"apk-tools/apk-tools@2.14.0-r2",
"openssl/libssl3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libssl3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"busybox/ssl_client@1.36.1-r5",
"openssl/libssl3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libssl3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"nodejs/nodejs@18.18.2-r0",
"openssl/libssl3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libssl3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
},
{
"CVSSv3": null,
"cpes": [],
"creationTime": "2024-01-17T03:02:09.302865Z",
"credit": [
""
],
"cvssDetails": [
{
"assigner": "Red Hat",
"cvssV3BaseScore": 5.9,
"cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"modificationTime": "2024-01-16T13:32:46.781382Z",
"severity": "medium"
}
],
"cvssScore": null,
"description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n",
"disclosureTime": null,
"epssDetails": null,
"exploit": "Not Defined",
"filtered": {
"ignored": [
{
"created": "2024-01-17T07:46:34.673Z",
"expires": "2024-03-01T12:46:34.671Z",
"path": [
"*"
],
"reason": "Waiting for fix in base-image",
"source": "cli"
}
]
},
"fixedIn": [
"3.1.4-r4"
],
"from": [
"docker-image|cyberdojo/dashboard@a2dc8e3",
"curl/curl@8.5.0-r0",
"curl/libcurl@8.5.0-r0",
"openssl/libssl3@3.1.4-r3"
],
"id": "SNYK-ALPINE318-OPENSSL-6160000",
"identifiers": {
"ALTERNATIVE": [],
"CVE": [
"CVE-2023-6237"
],
"CWE": []
},
"insights": {
"triageAdvice": null
},
"isDisputed": false,
"isPatchable": false,
"isUpgradable": false,
"language": "linux",
"malicious": false,
"modificationTime": "2024-01-17T03:02:09.311784Z",
"name": "openssl/libssl3",
"nearestFixedInVersion": "3.1.4-r4",
"nvdSeverity": null,
"packageManager": "alpine:3.18",
"packageName": "openssl",
"patches": [],
"publicationTime": "2024-01-17T03:02:09.311648Z",
"references": [],
"relativeImportance": null,
"semver": {
"vulnerable": [
"<3.1.4-r4"
]
},
"severity": "low",
"severityWithCritical": "low",
"socialTrendAlert": false,
"title": "CVE-2023-6237",
"upgradePath": [],
"version": "3.1.4-r3"
}
],
"patch": []
},
"hasUnknownVersions": false,
"ignoreSettings": {
"adminOnly": false,
"disregardFilesystemIgnores": false,
"reasonRequired": false
},
"isPrivate": true,
"licensesPolicy": {
"orgLicenseRules": {
"AGPL-1.0": {
"instructions": "",
"licenseType": "AGPL-1.0",
"severity": "high"
},
"AGPL-3.0": {
"instructions": "",
"licenseType": "AGPL-3.0",
"severity": "high"
},
"Artistic-1.0": {
"instructions": "",
"licenseType": "Artistic-1.0",
"severity": "medium"
},
"Artistic-2.0": {
"instructions": "",
"licenseType": "Artistic-2.0",
"severity": "medium"
},
"CDDL-1.0": {
"instructions": "",
"licenseType": "CDDL-1.0",
"severity": "medium"
},
"CPOL-1.02": {
"instructions": "",
"licenseType": "CPOL-1.02",
"severity": "high"
},
"EPL-1.0": {
"instructions": "",
"licenseType": "EPL-1.0",
"severity": "medium"
},
"GPL-2.0": {
"instructions": "",
"licenseType": "GPL-2.0",
"severity": "high"
},
"GPL-3.0": {
"instructions": "",
"licenseType": "GPL-3.0",
"severity": "high"
},
"LGPL-2.0": {
"instructions": "",
"licenseType": "LGPL-2.0",
"severity": "medium"
},
"LGPL-2.1": {
"instructions": "",
"licenseType": "LGPL-2.1",
"severity": "medium"
},
"LGPL-3.0": {
"instructions": "",
"licenseType": "LGPL-3.0",
"severity": "medium"
},
"MPL-1.1": {
"instructions": "",
"licenseType": "MPL-1.1",
"severity": "medium"
},
"MPL-2.0": {
"instructions": "",
"licenseType": "MPL-2.0",
"severity": "medium"
},
"MS-RL": {
"instructions": "",
"licenseType": "MS-RL",
"severity": "medium"
},
"SimPL-2.0": {
"instructions": "",
"licenseType": "SimPL-2.0",
"severity": "high"
}
},
"severities": {}
},
"ok": true,
"org": "jonjagger",
"packageManager": "apk",
"path": "cyberdojo/dashboard:a2dc8e3/dashboard",
"platform": "linux/amd64",
"policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-OPENSSL-6160000:\n - '*':\n reason: Waiting for fix in base-image\n expires: 2024-03-01T12:46:34.671Z\n created: 2024-01-17T07:46:34.673Z\n source: cli\npatch: {}\n",
"projectName": "docker-image|cyberdojo/dashboard",
"summary": "No known operating system vulnerabilities",
"targetFile": "Dockerfile",
"uniqueCount": 0,
"vulnerabilities": []
},
"created_at": 1705475816.6946619,
"has_audit_package": true
},
"pull-request": {
"evidence_type": "pull_request",
"is_compliant": true,
"build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552299962",
"commit_sha": "a2dc8e3134f22219730b270bf5070e4d1bc8130a",
"evidence_url": "https://github.com/cyber-dojo/dashboard/pull/111",
"user_data": {},
"git_provider": "github",
"pull_requests": [
{
"merge_commit": "a2dc8e3134f22219730b270bf5070e4d1bc8130a",
"url": "https://github.com/cyber-dojo/dashboard/pull/111",
"state": "closed",
"approvers": []
}
],
"created_at": 1705475771.2251036,
"has_audit_package": false
},
"lint": {
"evidence_type": "generic",
"is_compliant": true,
"build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552299962",
"commit_sha": "a2dc8e3134f22219730b270bf5070e4d1bc8130a",
"evidence_archive_fingerprint": "aa1ed6e3256c2d45a7f127d850a73b74d03cb26dba1bf66b598f20937ac4906e",
"user_data": {},
"created_at": 1705475781.959166,
"has_audit_package": true
}
},
"reported_by": "ci-pipelines",
"git_commit_info": {
"sha1": "a2dc8e3134f22219730b270bf5070e4d1bc8130a",
"message": "CI: fix kosli-trail env-var (#111)",
"author": "Jon Jagger <jon@kosli.com>",
"timestamp": 1705475745,
"branch": "main"
},
"repo_url": "https://github.com/cyber-dojo/dashboard",
"template": [
"artifact",
"snyk-scan",
"lint",
"pull-request"
],
"last_modified_at": 1705475816.6946619,
"releases": [
150,
149
],
"deployments": [
204,
203
],
"state": "COMPLIANT",
"html_url": "https://app.kosli.com/cyber-dojo/flows/dashboard-archived-at-1707630840/artifacts/0077021e4677534b880ff055e010a25694c3bfe65e39eb320c6c17e0256cc474",
"api_url": "https://app.kosli.com/api/v2/artifacts/cyber-dojo/dashboard-archived-at-1707630840/fingerprint/0077021e4677534b880ff055e010a25694c3bfe65e39eb320c6c17e0256cc474"
}
Artifact Information |
|
| Name | cyberdojo/dashboard:a2dc8e3 |
| Fingerprint | 0077021e4677534b880ff055e010a25694c3bfe65e39eb320c6c17e0256cc474 |
| Git commit |
a2dc8e3
Jon Jagger <jon@kosli.com> (main)
1705475745.0 • 3 months ago
CI: fix kosli-trail env-var (#111)
|
| CI Build | https://github.com/cyber-dojo/dashboard/actions/runs/7552299962 |
| Running | - |
| Exited | aws-beta#2823 aws-prod#1958 |
| Last modified | 1705475816.6946619 • 3 months ago |
Evidence
Evidence for 'snyk-scan'
{ "evidence_type": "snyk", "name": "snyk-scan", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552299962", "evidence_archive_fingerprint": "c5103abc147f480e4afbf9e879ffa0fb70c3ca845359486bdfdb43411201c245", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "cyberdojo/dashboard:a2dc8e3/dashboard:a2dc8e3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-OPENSSL-6160000:\n - '*':\n reason: Waiting for fix in base-image\n expires: 2024-03-01T12:46:34.671Z\n created: 2024-01-17T07:46:34.673Z\n source: cli\npatch: {}\n", "projectName": "cyberdojo/dashboard:a2dc8e3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "summary": "No known vulnerabilities", "targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 80, "displayTargetFile": "Dockerfile", "docker": { "baseImage": "cyberdojo/sinatra-base:6afffdb", "baseImageRemediation": { "advice": [ { "bold": true, "message": "Recommendations for your base image (cyberdojo/sinatra-base:6afffdb) are not available.\nSee above for details and fixes on individual vulnerabilities" } ], "code": "UNTRACKED_BASE_IMAGE" }, "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [ { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [ false, "openssl/libcrypto3@3.1.4-r4" ], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", ".ruby-rundeps@20240108.230053", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "apk-tools/apk-tools@2.14.0-r2", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "busybox/ssl_client@1.36.1-r5", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "ca-certificates/ca-certificates@20230506-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "nodejs/nodejs@18.18.2-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", ".ruby-rundeps@20240108.230053", "openssl/libssl3@3.1.4-r3", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "curl/curl@8.5.0-r0", "curl/libcurl@8.5.0-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [ false, "openssl/libssl3@3.1.4-r4" ], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", ".ruby-rundeps@20240108.230053", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "apk-tools/apk-tools@2.14.0-r2", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "busybox/ssl_client@1.36.1-r5", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "nodejs/nodejs@18.18.2-r0", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "epssDetails": null, "exploit": "Not Defined", "filtered": { "ignored": [ { "created": "2024-01-17T07:46:34.673Z", "expires": "2024-03-01T12:46:34.671Z", "path": [ "*" ], "reason": "Waiting for fix in base-image", "source": "cli" } ] }, "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@a2dc8e3", "curl/curl@8.5.0-r0", "curl/libcurl@8.5.0-r0", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" } ], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "apk", "path": "cyberdojo/dashboard:a2dc8e3/dashboard", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\n# ignores vulnerabilities until expiry date; change duration by modifying expiry date\nignore:\n SNYK-ALPINE318-OPENSSL-6160000:\n - '*':\n reason: Waiting for fix in base-image\n expires: 2024-03-01T12:46:34.671Z\n created: 2024-01-17T07:46:34.673Z\n source: cli\npatch: {}\n", "projectName": "docker-image|cyberdojo/dashboard", "summary": "No known operating system vulnerabilities", "targetFile": "Dockerfile", "uniqueCount": 0, "vulnerabilities": [] }, "created_at": 1705475816.6946619, "has_audit_package": true }
Evidence for 'lint'
{ "evidence_type": "generic", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552299962", "commit_sha": "a2dc8e3134f22219730b270bf5070e4d1bc8130a", "evidence_archive_fingerprint": "aa1ed6e3256c2d45a7f127d850a73b74d03cb26dba1bf66b598f20937ac4906e", "user_data": {}, "created_at": 1705475781.959166, "has_audit_package": true }
Evidence for 'pull-request'
{ "evidence_type": "pull_request", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552299962", "commit_sha": "a2dc8e3134f22219730b270bf5070e4d1bc8130a", "evidence_url": "https://github.com/cyber-dojo/dashboard/pull/111", "user_data": {}, "git_provider": "github", "pull_requests": [ { "merge_commit": "a2dc8e3134f22219730b270bf5070e4d1bc8130a", "url": "https://github.com/cyber-dojo/dashboard/pull/111", "state": "closed", "approvers": [] } ], "created_at": 1705475771.2251036, "has_audit_package": false }