sig-cloud-instance-images/trivy-results.sarif
2022-12-08 13:06:20 +00:00

80 lines
3.6 KiB
JSON

{
"version": "2.1.0",
"$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
"runs": [
{
"tool": {
"driver": {
"fullName": "Trivy Vulnerability Scanner",
"informationUri": "https://github.com/aquasecurity/trivy",
"name": "Trivy",
"rules": [
{
"id": "CVE-2022-42898",
"name": "OsPackageVulnerability",
"shortDescription": {
"text": "krb5: integer overflow vulnerabilities in PAC parsing"
},
"fullDescription": {
"text": "A vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash."
},
"defaultConfiguration": {
"level": "warning"
},
"helpUri": "https://avd.aquasec.com/nvd/cve-2022-42898",
"help": {
"text": "Vulnerability CVE-2022-42898\nSeverity: MEDIUM\nPackage: krb5-libs\nFixed Version: 1.18.2-22.el8_7\nLink: [CVE-2022-42898](https://avd.aquasec.com/nvd/cve-2022-42898)\nA vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash.",
"markdown": "**Vulnerability CVE-2022-42898**\n| Severity | Package | Fixed Version | Link |\n| --- | --- | --- | --- |\n|MEDIUM|krb5-libs|1.18.2-22.el8_7|[CVE-2022-42898](https://avd.aquasec.com/nvd/cve-2022-42898)|\n\nA vulnerability was found in MIT krb5. This flaw allows an authenticated attacker to cause a KDC or kadmind process to crash by reading beyond the bounds of allocated memory, creating a denial of service. A privileged attacker may similarly be able to cause a Kerberos or GSS application service to crash."
},
"properties": {
"precision": "very-high",
"security-severity": "5.5",
"tags": [
"vulnerability",
"security",
"MEDIUM"
]
}
}
],
"version": "0.34.0"
}
},
"results": [
{
"ruleId": "CVE-2022-42898",
"ruleIndex": 0,
"level": "warning",
"message": {
"text": "Package: krb5-libs\nInstalled Version: 1.18.2-21.el8\nVulnerability CVE-2022-42898\nSeverity: MEDIUM\nFixed Version: 1.18.2-22.el8_7\nLink: [CVE-2022-42898](https://avd.aquasec.com/nvd/cve-2022-42898)"
},
"locations": [
{
"physicalLocation": {
"artifactLocation": {
"uri": "rockylinux/rockylinux",
"uriBaseId": "ROOTPATH"
},
"region": {
"startLine": 1,
"startColumn": 1,
"endLine": 1,
"endColumn": 1
}
},
"message": {
"text": "rockylinux/rockylinux: krb5-libs@1.18.2-21.el8"
}
}
]
}
],
"columnKind": "utf16CodeUnits",
"originalUriBaseIds": {
"ROOTPATH": {
"uri": "file:///"
}
}
}
]
}