cyber-dojo
flows
dashboard-archived-at-1707630840
artifacts
e2d003595260198d10b3548df3d4a7d635b0a8ac06c93d538581781e048716ff
By signing up, you agree to the
Terms of Service.
For more information about Kosli’s privacy practices, see the Kosli’s
Privacy Policy.
We’ll occasionally send you account-related emails.
We’ll occasionally send you account-related emails.
dashboard-archived-at-1707630840
UX for a group practice dashboard
cyberdojo/dashboard:9a082d3
Non-compliant
Download Evidence Package
JSON
{ "created_at": 1705473793.3480065, "fingerprint": "e2d003595260198d10b3548df3d4a7d635b0a8ac06c93d538581781e048716ff", "filename": "cyberdojo/dashboard:9a082d3", "git_commit": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552037805", "commit_url": "https://github.com/cyber-dojo/dashboard/commit/9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "evidence": { "snyk-scan": { "evidence_type": "snyk", "is_compliant": false, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552037805", "evidence_archive_fingerprint": "3a30c5c3123b47c2a1c654d7ed3d71fcf486bca75121f6cd117624b70a9068e5", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "cyberdojo/dashboard:9a082d3/dashboard:9a082d3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "cyberdojo/dashboard:9a082d3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "summary": "No known vulnerabilities", "targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 80, "displayTargetFile": "Dockerfile", "docker": { "baseImage": "cyberdojo/sinatra-base:6afffdb", "baseImageRemediation": { "advice": [ { "bold": true, "message": "Recommendations for your base image (cyberdojo/sinatra-base:6afffdb) are not available.\nSee above for details and fixes on individual vulnerabilities" } ], "code": "UNTRACKED_BASE_IMAGE" }, "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": false, "org": "jonjagger", "packageManager": "apk", "path": "cyberdojo/dashboard:9a082d3/dashboard", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "docker-image|cyberdojo/dashboard", "summary": "14 vulnerable dependency paths", "targetFile": "Dockerfile", "uniqueCount": 1, "vulnerabilities": [ { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [ false, "openssl/libcrypto3@3.1.4-r4" ], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", ".ruby-rundeps@20240108.230053", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "apk-tools/apk-tools@2.14.0-r2", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "busybox/ssl_client@1.36.1-r5", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "ca-certificates/ca-certificates@20230506-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "nodejs/nodejs@18.18.2-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", ".ruby-rundeps@20240108.230053", "openssl/libssl3@3.1.4-r3", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "curl/curl@8.5.0-r0", "curl/libcurl@8.5.0-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [ false, "openssl/libssl3@3.1.4-r4" ], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", ".ruby-rundeps@20240108.230053", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "apk-tools/apk-tools@2.14.0-r2", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "busybox/ssl_client@1.36.1-r5", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "nodejs/nodejs@18.18.2-r0", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "curl/curl@8.5.0-r0", "curl/libcurl@8.5.0-r0", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" } ] }, "created_at": 1705473822.849704, "has_audit_package": true }, "pull-request": { "evidence_type": "pull_request", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552037805", "commit_sha": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "evidence_url": "https://github.com/cyber-dojo/dashboard/pull/105", "user_data": {}, "git_provider": "github", "pull_requests": [ { "merge_commit": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "url": "https://github.com/cyber-dojo/dashboard/pull/105", "state": "closed", "approvers": [] } ], "created_at": 1705473787.0588741, "has_audit_package": false }, "lint": { "evidence_type": "generic", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552037805", "commit_sha": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "evidence_archive_fingerprint": "088fd9944156bb13dbf2e7c625c414b19ad96d82a99eace314bca0eeef7a3b1f", "user_data": {}, "created_at": 1705473793.3661745, "has_audit_package": true } }, "reported_by": "ci-pipelines", "git_commit_info": { "sha1": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "message": "C: fold env-vars into kosli-trail job (#105)", "author": "Jon Jagger <jon@kosli.com>", "timestamp": 1705473756, "branch": "main" }, "repo_url": "https://github.com/cyber-dojo/dashboard", "template": [ "artifact", "snyk-scan", "lint", "pull-request" ], "last_modified_at": 1705473822.849704, "state": "NON-COMPLIANT", "html_url": "https://app.kosli.com/cyber-dojo/flows/dashboard-archived-at-1707630840/artifacts/e2d003595260198d10b3548df3d4a7d635b0a8ac06c93d538581781e048716ff", "api_url": "https://app.kosli.com/api/v2/artifacts/cyber-dojo/dashboard-archived-at-1707630840/fingerprint/e2d003595260198d10b3548df3d4a7d635b0a8ac06c93d538581781e048716ff" }
Artifact Information |
|
Name | cyberdojo/dashboard:9a082d3 |
Fingerprint | e2d003595260198d10b3548df3d4a7d635b0a8ac06c93d538581781e048716ff |
Git commit |
9a082d3
Jon Jagger <jon@kosli.com> (main)
1705473756.0 • 4 months ago
C: fold env-vars into kosli-trail job (#105)
|
CI Build | https://github.com/cyber-dojo/dashboard/actions/runs/7552037805 |
Running | - |
Exited | - |
Last modified | 1705473822.849704 • 4 months ago |
Approvals
None |
Evidence
Evidence for 'snyk-scan'
{ "evidence_type": "snyk", "name": "snyk-scan", "is_compliant": false, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552037805", "evidence_archive_fingerprint": "3a30c5c3123b47c2a1c654d7ed3d71fcf486bca75121f6cd117624b70a9068e5", "user_data": {}, "snyk_results": { "applications": [ { "dependencyCount": 0, "displayTargetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "docker": {}, "filesystemPolicy": true, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": true, "org": "jonjagger", "packageManager": "maven", "path": "cyberdojo/dashboard:9a082d3/dashboard:9a082d3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "cyberdojo/dashboard:9a082d3:/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "summary": "No known vulnerabilities", "targetFile": "/usr/local/bundle/gems/concurrent-ruby-1.2.2/lib/concurrent-ruby/concurrent", "uniqueCount": 0, "vulnerabilities": [] } ], "dependencyCount": 80, "displayTargetFile": "Dockerfile", "docker": { "baseImage": "cyberdojo/sinatra-base:6afffdb", "baseImageRemediation": { "advice": [ { "bold": true, "message": "Recommendations for your base image (cyberdojo/sinatra-base:6afffdb) are not available.\nSee above for details and fixes on individual vulnerabilities" } ], "code": "UNTRACKED_BASE_IMAGE" }, "binariesVulns": { "affectedPkgs": {}, "issuesData": {} } }, "filesystemPolicy": true, "filtered": { "ignore": [], "patch": [] }, "hasUnknownVersions": false, "ignoreSettings": { "adminOnly": false, "disregardFilesystemIgnores": false, "reasonRequired": false }, "isPrivate": true, "licensesPolicy": { "orgLicenseRules": { "AGPL-1.0": { "instructions": "", "licenseType": "AGPL-1.0", "severity": "high" }, "AGPL-3.0": { "instructions": "", "licenseType": "AGPL-3.0", "severity": "high" }, "Artistic-1.0": { "instructions": "", "licenseType": "Artistic-1.0", "severity": "medium" }, "Artistic-2.0": { "instructions": "", "licenseType": "Artistic-2.0", "severity": "medium" }, "CDDL-1.0": { "instructions": "", "licenseType": "CDDL-1.0", "severity": "medium" }, "CPOL-1.02": { "instructions": "", "licenseType": "CPOL-1.02", "severity": "high" }, "EPL-1.0": { "instructions": "", "licenseType": "EPL-1.0", "severity": "medium" }, "GPL-2.0": { "instructions": "", "licenseType": "GPL-2.0", "severity": "high" }, "GPL-3.0": { "instructions": "", "licenseType": "GPL-3.0", "severity": "high" }, "LGPL-2.0": { "instructions": "", "licenseType": "LGPL-2.0", "severity": "medium" }, "LGPL-2.1": { "instructions": "", "licenseType": "LGPL-2.1", "severity": "medium" }, "LGPL-3.0": { "instructions": "", "licenseType": "LGPL-3.0", "severity": "medium" }, "MPL-1.1": { "instructions": "", "licenseType": "MPL-1.1", "severity": "medium" }, "MPL-2.0": { "instructions": "", "licenseType": "MPL-2.0", "severity": "medium" }, "MS-RL": { "instructions": "", "licenseType": "MS-RL", "severity": "medium" }, "SimPL-2.0": { "instructions": "", "licenseType": "SimPL-2.0", "severity": "high" } }, "severities": {} }, "ok": false, "org": "jonjagger", "packageManager": "apk", "path": "cyberdojo/dashboard:9a082d3/dashboard", "platform": "linux/amd64", "policy": "# Snyk (https://snyk.io) policy file, patches or ignores known vulnerabilities.\nversion: v1.25.1\nignore: {}\npatch: {}\n", "projectName": "docker-image|cyberdojo/dashboard", "summary": "14 vulnerable dependency paths", "targetFile": "Dockerfile", "uniqueCount": 1, "vulnerabilities": [ { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [ false, "openssl/libcrypto3@3.1.4-r4" ], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", ".ruby-rundeps@20240108.230053", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "apk-tools/apk-tools@2.14.0-r2", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "busybox/ssl_client@1.36.1-r5", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "ca-certificates/ca-certificates@20230506-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "nodejs/nodejs@18.18.2-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", ".ruby-rundeps@20240108.230053", "openssl/libssl3@3.1.4-r3", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "curl/curl@8.5.0-r0", "curl/libcurl@8.5.0-r0", "openssl/libcrypto3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libcrypto3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": true, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [ false, "openssl/libssl3@3.1.4-r4" ], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", ".ruby-rundeps@20240108.230053", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "apk-tools/apk-tools@2.14.0-r2", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "busybox/ssl_client@1.36.1-r5", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "nodejs/nodejs@18.18.2-r0", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" }, { "CVSSv3": null, "cpes": [], "creationTime": "2024-01-17T03:02:09.302865Z", "credit": [ "" ], "cvssDetails": [ { "assigner": "Red Hat", "cvssV3BaseScore": 5.9, "cvssV3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "modificationTime": "2024-01-16T13:32:46.781382Z", "severity": "medium" } ], "cvssScore": null, "description": "## NVD Description\n_This vulnerability has not been analyzed by NVD yet._\n\n## Remediation\nUpgrade `Alpine:3.18` `openssl` to version 3.1.4-r4 or higher.\n", "disclosureTime": null, "dockerBaseImage": "cyberdojo/sinatra-base:6afffdb", "epssDetails": null, "exploit": "Not Defined", "fixedIn": [ "3.1.4-r4" ], "from": [ "docker-image|cyberdojo/dashboard@9a082d3", "curl/curl@8.5.0-r0", "curl/libcurl@8.5.0-r0", "openssl/libssl3@3.1.4-r3" ], "id": "SNYK-ALPINE318-OPENSSL-6160000", "identifiers": { "ALTERNATIVE": [], "CVE": [ "CVE-2023-6237" ], "CWE": [] }, "insights": { "triageAdvice": null }, "isDisputed": false, "isPatchable": false, "isUpgradable": false, "language": "linux", "malicious": false, "modificationTime": "2024-01-17T03:02:09.311784Z", "name": "openssl/libssl3", "nearestFixedInVersion": "3.1.4-r4", "nvdSeverity": null, "packageManager": "alpine:3.18", "packageName": "openssl", "patches": [], "publicationTime": "2024-01-17T03:02:09.311648Z", "references": [], "relativeImportance": null, "semver": { "vulnerable": [ "<3.1.4-r4" ] }, "severity": "low", "severityWithCritical": "low", "socialTrendAlert": false, "title": "CVE-2023-6237", "upgradePath": [], "version": "3.1.4-r3" } ] }, "created_at": 1705473822.849704, "has_audit_package": true }
Evidence for 'lint'
{ "evidence_type": "generic", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552037805", "commit_sha": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "evidence_archive_fingerprint": "088fd9944156bb13dbf2e7c625c414b19ad96d82a99eace314bca0eeef7a3b1f", "user_data": {}, "created_at": 1705473793.3661745, "has_audit_package": true }
Evidence for 'pull-request'
{ "evidence_type": "pull_request", "is_compliant": true, "build_url": "https://github.com/cyber-dojo/dashboard/actions/runs/7552037805", "commit_sha": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "evidence_url": "https://github.com/cyber-dojo/dashboard/pull/105", "user_data": {}, "git_provider": "github", "pull_requests": [ { "merge_commit": "9a082d31bf821cefdb2c8fa5cd70b0cd9f9192ea", "url": "https://github.com/cyber-dojo/dashboard/pull/105", "state": "closed", "approvers": [] } ], "created_at": 1705473787.0588741, "has_audit_package": false }