gitea-mirror/trivy
1
0
Fork 0
mirror of https://github.com/aquasecurity/trivy.git synced 2025-12-12 15:50:15 -08:00
Code Issues Packages Projects Releases Wiki Activity
Files
1f0d6290c33c95d5f213cc409a0ff6a53a2c888e
trivy/integration/testdata/centos-6.json.golden
Juan Ariza Toledano 1f0d6290c3 feat(vuln): include pkg identifier on detected vulnerabilities (#5439) 
Signed-off-by: juan131 <jariza@vmware.com>
Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: DmitriyLewen <dmitriy.lewen@smartforce.io>
Co-authored-by: DmitriyLewen <91113035+DmitriyLewen@users.noreply.github.com>
Co-authored-by: Nikita Pivkin <nikita.pivkin@smartforce.io>
Co-authored-by: knqyf263 <knqyf263@gmail.com>
2023-12-27 07:54:56 +00:00

228 lines
12 KiB
Plaintext
Raw Blame History

{
"SchemaVersion": 2,
"CreatedAt": "2021-08-25T12:20:30.000000005Z",
"ArtifactName": "testdata/fixtures/images/centos-6.tar.gz",
"ArtifactType": "container_image",
"Metadata": {
"OS": {
"Family": "centos",
"Name": "6.10",
"EOSL": true
},
"ImageID": "sha256:5bf9684f472089d6d5cb636041d3d6dc748dbde39f1aefc374bbd367bd2aabbf",
"DiffIDs": [
"sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9"
],
"ImageConfig": {
"architecture": "amd64",
"author": "https://github.com/CentOS/sig-cloud-instance-images",
"container": "39f18700e994db8cbf9769e400afd93f3e9d0b00e06d44fe31f5e81513204d42",
"created": "2021-09-15T18:20:39.183628076Z",
"docker_version": "20.10.7",
"history": [
{
"author": "https://github.com/CentOS/sig-cloud-instance-images",
"created": "2021-09-15T18:20:32.237976425Z",
"created_by": "/bin/sh -c #(nop) MAINTAINER https://github.com/CentOS/sig-cloud-instance-images",
"empty_layer": true
},
{
"author": "https://github.com/CentOS/sig-cloud-instance-images",
"created": "2021-09-15T18:20:38.186052996Z",
"created_by": "/bin/sh -c #(nop) ADD file:0065316a41144e95bcb133567cc86816b8368a823cc067d741e06ded59849fd8 in / "
},
{
"author": "https://github.com/CentOS/sig-cloud-instance-images",
"created": "2021-09-15T18:20:38.990977879Z",
"created_by": "/bin/sh -c #(nop) LABEL org.label-schema.schema-version=1.0 org.label-schema.name=CentOS Base Image org.label-schema.vendor=CentOS org.label-schema.license=GPLv2 org.label-schema.build-date=20181006",
"empty_layer": true
},
{
"author": "https://github.com/CentOS/sig-cloud-instance-images",
"created": "2021-09-15T18:20:39.183628076Z",
"created_by": "/bin/sh -c #(nop) CMD [\"/bin/bash\"]",
"empty_layer": true
}
],
"os": "linux",
"rootfs": {
"type": "layers",
"diff_ids": [
"sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9"
]
},
"config": {
"Cmd": [
"/bin/bash"
],
"Env": [
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Image": "sha256:60e456a7493aee808844ffd1e87bffc99b84bb095366bfd68b8843e0328f9e20",
"Labels": {
"org.label-schema.build-date": "20181006",
"org.label-schema.license": "GPLv2",
"org.label-schema.name": "CentOS Base Image",
"org.label-schema.schema-version": "1.0",
"org.label-schema.vendor": "CentOS"
}
}
}
},
"Results": [
{
"Target": "testdata/fixtures/images/centos-6.tar.gz (centos 6.10)",
"Class": "os-pkgs",
"Type": "centos",
"Vulnerabilities": [
{
"VulnerabilityID": "CVE-2020-29573",
"PkgID": "glibc@2.12-1.212.el6.x86_64",
"PkgName": "glibc",
"PkgIdentifier": {
"PURL": "pkg:rpm/centos/glibc@2.12-1.212.el6?arch=x86_64\u0026distro=centos-6.10"
},
"InstalledVersion": "2.12-1.212.el6",
"Status": "end_of_life",
"Layer": {
"Digest": "sha256:ff50d722b38227ec8f2bbf0cdbce428b66745077c173d8117d91376128fa532e",
"DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9"
},
"SeveritySource": "redhat",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2020-29573",
"Title": "glibc: stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern",
"Description": "sysdeps/i386/ldbl2mpn.c in the GNU C Library (aka glibc or libc6) before 2.23 on x86 targets has a stack-based buffer overflow if the input to any of the printf family of functions is an 80-bit long double with a non-canonical bit pattern, as seen when passing a \\x00\\x04\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x04 value to sprintf. NOTE: the issue does not affect glibc by default in 2016 or later (i.e., 2.23 or later) because of commits made in 2015 for inlining of C99 math functions through use of GCC built-ins. In other words, the reference to 2.23 is intentional despite the mention of \"Fixed for glibc 2.33\" in the 26649 reference.",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-787"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 3,
"oracle-oval": 2,
"photon": 3,
"redhat": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V2Score": 5,
"V3Score": 7.5
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"V3Score": 7.5
}
},
"References": [
"https://access.redhat.com/security/cve/CVE-2020-29573",
"https://linux.oracle.com/cve/CVE-2020-29573.html",
"https://linux.oracle.com/errata/ELSA-2021-0348.html",
"https://security.gentoo.org/glsa/202101-20",
"https://security.netapp.com/advisory/ntap-20210122-0004/",
"https://sourceware.org/bugzilla/show_bug.cgi?id=26649",
"https://sourceware.org/pipermail/libc-alpha/2020-September/117779.html"
],
"PublishedDate": "2020-12-06T00:15:00Z",
"LastModifiedDate": "2021-01-26T18:15:00Z"
},
{
"VulnerabilityID": "CVE-2019-1559",
"VendorIDs": [
"RHSA-2019:2471"
],
"PkgID": "openssl@1.0.1e-57.el6.x86_64",
"PkgName": "openssl",
"PkgIdentifier": {
"PURL": "pkg:rpm/centos/openssl@1.0.1e-57.el6?arch=x86_64\u0026distro=centos-6.10"
},
"InstalledVersion": "1.0.1e-57.el6",
"FixedVersion": "1.0.1e-58.el6_10",
"Status": "fixed",
"Layer": {
"Digest": "sha256:ff50d722b38227ec8f2bbf0cdbce428b66745077c173d8117d91376128fa532e",
"DiffID": "sha256:af6bf1987c2eb07d73f33836b0d8fd825d7c785273526b077e46780e8b4b2ae9"
},
"SeveritySource": "redhat",
"PrimaryURL": "https://avd.aquasec.com/nvd/cve-2019-1559",
"Title": "openssl: 0-byte record padding oracle",
"Description": "If an application encounters a fatal protocol error and then calls SSL_shutdown() twice (once to send a close_notify, and once to receive one) then OpenSSL can respond differently to the calling application if a 0 byte record is received with invalid padding compared to if a 0 byte record is received with an invalid MAC. If the application then behaves differently based on that in a way that is detectable to the remote peer, then this amounts to a padding oracle that could be used to decrypt data. In order for this to be exploitable \"non-stitched\" ciphersuites must be in use. Stitched ciphersuites are optimised implementations of certain commonly used ciphersuites. Also the application must call SSL_shutdown() twice even if a protocol error has occurred (applications should not do this but some do anyway). Fixed in OpenSSL 1.0.2r (Affected 1.0.2-1.0.2q).",
"Severity": "MEDIUM",
"CweIDs": [
"CWE-203"
],
"VendorSeverity": {
"amazon": 2,
"arch-linux": 2,
"nvd": 2,
"oracle-oval": 2,
"redhat": 2,
"ubuntu": 2
},
"CVSS": {
"nvd": {
"V2Vector": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"V3Vector": "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V2Score": 4.3,
"V3Score": 5.9
},
"redhat": {
"V3Vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N",
"V3Score": 5.9
}
},
"References": [
"http://lists.opensuse.org/opensuse-security-announce/2019-03/msg00041.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00019.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00046.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-04/msg00047.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-05/msg00049.html",
"http://lists.opensuse.org/opensuse-security-announce/2019-06/msg00080.html",
"http://www.securityfocus.com/bid/107174",
"https://access.redhat.com/errata/RHSA-2019:2304",
"https://access.redhat.com/errata/RHSA-2019:2437",
"https://access.redhat.com/errata/RHSA-2019:2439",
"https://access.redhat.com/errata/RHSA-2019:2471",
"https://access.redhat.com/errata/RHSA-2019:3929",
"https://access.redhat.com/errata/RHSA-2019:3931",
"https://access.redhat.com/security/cve/CVE-2019-1559",
"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-1559",
"https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=e9bbefbf0f24c57645e7ad6a5a71ae649d18ac8e",
"https://github.com/RUB-NDS/TLS-Padding-Oracles",
"https://kc.mcafee.com/corporate/index?page=content\u0026id=SB10282",
"https://linux.oracle.com/cve/CVE-2019-1559.html",
"https://linux.oracle.com/errata/ELSA-2019-2471.html",
"https://lists.debian.org/debian-lts-announce/2019/03/msg00003.html",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/EWC42UXL5GHTU5G77VKBF6JYUUNGSHOM/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/Y3IVFGSERAZLNJCK35TEM2R4726XIH3Z/",
"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZBEV5QGDRFUZDMNECFXUSN5FMYOZDE4V/",
"https://security.gentoo.org/glsa/201903-10",
"https://security.netapp.com/advisory/ntap-20190301-0001/",
"https://security.netapp.com/advisory/ntap-20190301-0002/",
"https://security.netapp.com/advisory/ntap-20190423-0002/",
"https://support.f5.com/csp/article/K18549143",
"https://support.f5.com/csp/article/K18549143?utm_source=f5support\u0026amp;utm_medium=RSS",
"https://ubuntu.com/security/notices/USN-3899-1",
"https://ubuntu.com/security/notices/USN-4376-2",
"https://usn.ubuntu.com/3899-1/",
"https://usn.ubuntu.com/4376-2/",
"https://www.debian.org/security/2019/dsa-4400",
"https://www.openssl.org/news/secadv/20190226.txt",
"https://www.oracle.com/security-alerts/cpujan2020.html",
"https://www.oracle.com/security-alerts/cpujan2021.html",
"https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html",
"https://www.oracle.com/technetwork/security-advisory/cpujul2019-5072835.html",
"https://www.oracle.com/technetwork/security-advisory/cpuoct2019-5072832.html",
"https://www.tenable.com/security/tns-2019-02",
"https://www.tenable.com/security/tns-2019-03"
],
"PublishedDate": "2019-02-27T23:29:00Z",
"LastModifiedDate": "2021-01-20T15:15:00Z"
}
]
}
]
}
Reference in New Issue View Git Blame Copy Permalink