@ -12,9 +12,9 @@ hide:
##### Scan Results
#### Chart Object: awesome-ttrss/charts/postgresql/templates/common.yaml
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | < details > < summary > Expand...< / summary > A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. < br > < hr > < br > Container ' autopermissions' of StatefulSet ' RELEASE-NAME-postgresql' should set ' securityContext.allowPrivilegeEscalation' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv001" > https://avd.aquasec.com/appshield/ksv001< / a > < br > < / details > |
@ -30,7 +30,7 @@ hide:
| Kubernetes Security Check | KSV021 | Runs with low group ID | MEDIUM | < details > < summary > Expand...< / summary > Force the container to run with group ID > 10000 to avoid conflicts with the host’ s user table. < br > < hr > < br > Container ' autopermissions' of StatefulSet ' RELEASE-NAME-postgresql' should set ' securityContext.runAsGroup' > 10000 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubesec.io/basics/containers-securitycontext-runasuser/" > https://kubesec.io/basics/containers-securitycontext-runasuser/< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv021" > https://avd.aquasec.com/appshield/ksv021< / a > < br > < / details > |
| Kubernetes Security Check | KSV029 | A root primary or supplementary GID set | LOW | < details > < summary > Expand...< / summary > Containers should be forbidden from running with a root primary or supplementary GID. < br > < hr > < br > StatefulSet ' RELEASE-NAME-postgresql' should set ' spec.securityContext.runAsGroup' , ' spec.securityContext.supplementalGroups[*]' and ' spec.securityContext.fsGroup' to integer greater than 0 < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv029" > https://avd.aquasec.com/appshield/ksv029< / a > < br > < / details > |
| Type | Misconfiguration ID | Check | Severity | Explaination | Links |
|:----------------|:------------------:|:-----------:|:------------------:|-----------------------------------------|-----------------------------------------|
| Kubernetes Security Check | KSV001 | Process can elevate its own privileges | MEDIUM | < details > < summary > Expand...< / summary > A program inside the container can elevate its own privileges and run as root, which might give the program control over the container and node. < br > < hr > < br > Container ' autopermissions' of Deployment ' RELEASE-NAME-awesome-ttrss' should set ' securityContext.allowPrivilegeEscalation' to false < / details > | < details > < summary > Expand...< / summary > < a href = "https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted" > https://kubernetes.io/docs/concepts/security/pod-security-standards/#restricted< / a > < br > < a href = "https://avd.aquasec.com/appshield/ksv001" > https://avd.aquasec.com/appshield/ksv001< / a > < br > < / details > |
@ -66,11 +66,11 @@ hide:
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-28391" > https://access.redhat.com/security/cve/CVE-2022-28391< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
@ -87,11 +87,11 @@ hide:
#### Container: tccr.io/truecharts/postgresql:v14.3.0@sha256:5a7765edadb738a56757590d843417861d27628cf56fefb25e30870f5e047620 (debian 11.3)
**debian**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| apt | CVE-2011-3374 | LOW | 2.2.4 | | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/cve-2011-3374" > https://access.redhat.com/security/cve/cve-2011-3374< / a > < br > < a href = "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480" > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480< / a > < br > < a href = "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html" > https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html< / a > < br > < a href = "https://seclists.org/fulldisclosure/2011/Sep/221" > https://seclists.org/fulldisclosure/2011/Sep/221< / a > < br > < a href = "https://security-tracker.debian.org/tracker/CVE-2011-3374" > https://security-tracker.debian.org/tracker/CVE-2011-3374< / a > < br > < a href = "https://snyk.io/vuln/SNYK-LINUX-APT-116518" > https://snyk.io/vuln/SNYK-LINUX-APT-116518< / a > < br > < a href = "https://ubuntu.com/security/CVE-2011-3374" > https://ubuntu.com/security/CVE-2011-3374< / a > < br > < / details > |
@ -223,15 +223,15 @@ hide:
**jar**
| No Vulnerabilities found |
|:---------------------------------|
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| github.com/opencontainers/runc | CVE-2021-43784 | MEDIUM | v1.0.1 | v1.0.3 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-43784" > https://access.redhat.com/security/cve/CVE-2021-43784< / a > < br > < a href = "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241" > https://bugs.chromium.org/p/project-zero/issues/detail?id=2241< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554" > https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae" > https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed" > https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed< / a > < br > < a href = "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f" > https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html" > https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-43784" > https://nvd.nist.gov/vuln/detail/CVE-2021-43784< / a > < br > < / details > |
@ -239,11 +239,11 @@ hide:
#### Container: tccr.io/truecharts/alpine:v3.15.2@sha256:29ed3480a0ee43f7af681fed5d4fc215516abf1c41eade6938b26d8c9c2c7583 (alpine 3.15.2)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| busybox | CVE-2022-28391 | CRITICAL | 1.34.1-r4 | 1.34.1-r5 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-28391" > https://access.redhat.com/security/cve/CVE-2022-28391< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-28391< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0001-libbb-sockaddr2str-ensure-only-printable-characters-.patch< / a > < br > < a href = "https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch" > https://git.alpinelinux.org/aports/plain/main/busybox/0002-nslookup-sanitize-all-printed-strings-with-printable.patch< / a > < br > < a href = "https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661" > https://gitlab.alpinelinux.org/alpine/aports/-/issues/13661< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-28391" > https://nvd.nist.gov/vuln/detail/CVE-2022-28391< / a > < br > < / details > |
@ -260,11 +260,11 @@ hide:
#### Container: tccr.io/truecharts/postgresql:v14.3.0@sha256:5a7765edadb738a56757590d843417861d27628cf56fefb25e30870f5e047620 (debian 11.3)
**debian**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| apt | CVE-2011-3374 | LOW | 2.2.4 | | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/cve-2011-3374" > https://access.redhat.com/security/cve/cve-2011-3374< / a > < br > < a href = "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480" > https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=642480< / a > < br > < a href = "https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html" > https://people.canonical.com/~ubuntu-security/cve/2011/CVE-2011-3374.html< / a > < br > < a href = "https://seclists.org/fulldisclosure/2011/Sep/221" > https://seclists.org/fulldisclosure/2011/Sep/221< / a > < br > < a href = "https://security-tracker.debian.org/tracker/CVE-2011-3374" > https://security-tracker.debian.org/tracker/CVE-2011-3374< / a > < br > < a href = "https://snyk.io/vuln/SNYK-LINUX-APT-116518" > https://snyk.io/vuln/SNYK-LINUX-APT-116518< / a > < br > < a href = "https://ubuntu.com/security/CVE-2011-3374" > https://ubuntu.com/security/CVE-2011-3374< / a > < br > < / details > |
@ -396,15 +396,15 @@ hide:
**jar**
| No Vulnerabilities found |
|:---------------------------------|
**gobinary**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| github.com/opencontainers/runc | CVE-2021-43784 | MEDIUM | v1.0.1 | v1.0.3 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-43784" > https://access.redhat.com/security/cve/CVE-2021-43784< / a > < br > < a href = "https://bugs.chromium.org/p/project-zero/issues/detail?id=2241" > https://bugs.chromium.org/p/project-zero/issues/detail?id=2241< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554" > https://github.com/opencontainers/runc/commit/9c444070ec7bb83995dbc0185da68284da71c554< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae" > https://github.com/opencontainers/runc/commit/d72d057ba794164c3cce9451a00b72a78b25e1ae< / a > < br > < a href = "https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed" > https://github.com/opencontainers/runc/commit/f50369af4b571e358f20b139eea52d612eb55eed< / a > < br > < a href = "https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f" > https://github.com/opencontainers/runc/security/advisories/GHSA-v95c-p5hm-xq8f< / a > < br > < a href = "https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html" > https://lists.debian.org/debian-lts-announce/2021/12/msg00005.html< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-43784" > https://nvd.nist.gov/vuln/detail/CVE-2021-43784< / a > < br > < / details > |
@ -412,11 +412,11 @@ hide:
#### Container: wangqiru/ttrss:latest-2022-04-19@sha256:08c55163614f2b3307d6916b1fde725f5a8606b10856c6af0f6bc2f52f9d4347 (alpine 3.15.4)
**alpine**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| curl | CVE-2022-22576 | HIGH | 7.80.0-r0 | 7.80.0-r1 | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2022-22576" > https://access.redhat.com/security/cve/CVE-2022-22576< / a > < br > < a href = "https://curl.se/docs/CVE-2022-22576.html" > https://curl.se/docs/CVE-2022-22576.html< / a > < br > < a href = "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576" > https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-22576< / a > < br > < a href = "https://hackerone.com/reports/1526328" > https://hackerone.com/reports/1526328< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2022-22576" > https://nvd.nist.gov/vuln/detail/CVE-2022-22576< / a > < br > < a href = "https://security.netapp.com/advisory/ntap-20220609-0008/" > https://security.netapp.com/advisory/ntap-20220609-0008/< / a > < br > < a href = "https://ubuntu.com/security/notices/USN-5397-1" > https://ubuntu.com/security/notices/USN-5397-1< / a > < br > < / details > |
@ -437,24 +437,21 @@ hide:
**node-pkg**
| Package | Vulnerability | Severity | Installed Version | Fixed Version | Links |
|:----------------|:------------------:|:-----------:|:------------------:|:-------------:|-----------------------------------------|
| dojo | CVE-2021-23450 | HIGH | 1.16.4 | | < details > < summary > Expand...< / summary > < a href = "https://access.redhat.com/security/cve/CVE-2021-23450" > https://access.redhat.com/security/cve/CVE-2021-23450< / a > < br > < a href = "https://github.com/advisories/GHSA-m8gw-hjpr-rjv7" > https://github.com/advisories/GHSA-m8gw-hjpr-rjv7< / a > < br > < a href = "https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172" > https://github.com/dojo/dojo/blob/4c39c14349408fc8274e19b399ffc660512ed07c/_base/lang.js%23L172< / a > < br > < a href = "https://nvd.nist.gov/vuln/detail/CVE-2021-23450" > https://nvd.nist.gov/vuln/detail/CVE-2021-23450< / a > < br > < a href = "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036" > https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARS-2313036< / a > < br > < a href = "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035" > https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWER-2313035< / a > < br > < a href = "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034" > https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSBOWERGITHUBDOJO-2313034< / a > < br > < a href = "https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033" > https://snyk.io/vuln/SNYK-JAVA-ORGWEBJARSNPM-2313033< / a > < br > < a href = "https://snyk.io/vuln/SNYK-JS-DOJO-1535223" > https://snyk.io/vuln/SNYK-JS-DOJO-1535223< / a > < br > < a href = "https://www.oracle.com/security-alerts/cpuapr2022.html" > https://www.oracle.com/security-alerts/cpuapr2022.html< / a > < br > < / details > |
**composer**
| No Vulnerabilities found |
|:---------------------------------|
**composer**
| No Vulnerabilities found |
|:---------------------------------|