Skip to content
Run Image Scan for Amazon CloudWatch Observability Helm Chart

Run Image Scan for Amazon CloudWatch Observability Helm Chart #75

Sign in to view logs

Run Image Scan for Amazon CloudWatch Observability Helm Chart

Run Image Scan for Amazon CloudWatch Observability Helm Chart #75

Manually triggered December 3, 2024 21:33
@the-mannthe-mann
37d1eda
mpmann/slackbot
Status Failure
Total duration 45s
Artifacts

amazon-cloudwatch-observability-image-scan.yaml

on: workflow_dispatch
Matrix: ContainerImageScan
Fit to window
Zoom out
Zoom in

Annotations

19 errors, 43 warnings, and 20 notices
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-24790 - CRITICAL severity - golang: net/netip: Unexpected behavior from Is methods for IPv4-mapped IPv6 addresses vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2023-45288 - HIGH severity - golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-34156 - HIGH severity - encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
Container image is unhealthy. Following your desired severity threshold (HIGH), the job has been marked as failed.
ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...
CVE-2024-48957 - HIGH severity - libarchive: Out-of-bounds access in libarchive's archive file handling vulnerability in libarchive
ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...
CVE-2024-48958 - HIGH severity - libarchive: Out-of-bounds access in libarchive's RAR file handling vulnerability in libarchive
ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...
Container image is unhealthy. Following your desired severity threshold (HIGH), the job has been marked as failed.
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-34156 - HIGH severity - encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion vulnerability in stdlib
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
Container image is unhealthy. Following your desired severity threshold (HIGH), the job has been marked as failed.
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2020-16119 - HIGH severity - kernel: DCCP CCID structure use-after-free may lead to DoS or code execution vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2022-36402 - HIGH severity - kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2023-20569 - HIGH severity - amd: Return Address Predictor vulnerability leading to information disclosure vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2023-21400 - HIGH severity - kernel: io_uring: io_defer_entry object double free vulnerability vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-26800 - HIGH severity - kernel: tls: fix use-after-free on failed backlog decryption vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-26960 - HIGH severity - kernel: mm: swap: fix race between free_swap_and_cache() and swapoff() vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-27397 - HIGH severity - kernel: netfilter: nf_tables: use timestamp to check for set element timeout vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-38630 - HIGH severity - kernel: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-43882 - HIGH severity - kernel: exec: Fix ToCToU between perm check and set-uid/gid usage vulnerability in linux-libc-dev
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-53103 - HIGH severity - In the Linux kernel, the following vulnerability has been resolved: h ... vulnerability in linux-libc-dev
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2023-45289 - MEDIUM severity - golang: net/http/cookiejar: incorrect forwarding of sensitive headers and cookies on HTTP redirect vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2023-45290 - MEDIUM severity - golang: net/http: golang: mime/multipart: golang: net/textproto: memory exhaustion in Request.ParseMultipartForm vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-24783 - MEDIUM severity - golang: crypto/x509: Verify panics on certificates with an unknown public key algorithm vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-24784 - MEDIUM severity - golang: net/mail: comments in display names are incorrectly handled vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-24785 - MEDIUM severity - golang: html/template: errors returned from MarshalJSON methods may break template escaping vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-24789 - MEDIUM severity - golang: archive/zip: Incorrect handling of certain ZIP files vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-24791 - MEDIUM severity - net/http: Denial of service due to improper 100-continue handling in net/http vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-34155 - MEDIUM severity - go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion vulnerability in stdlib
ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...
CVE-2024-34158 - MEDIUM severity - go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion vulnerability in stdlib
ContainerImageScan (.agent.image.repositoryDomainMap.public, .agent.image.repository, .agent.imag...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.agent.image.repositoryDomainMap.public, .agent.image.repository, .agent.imag...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.manager.autoInstrumentationImage.python.repositoryDomain, .manager.autoInstr...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.manager.autoInstrumentationImage.python.repositoryDomain, .manager.autoInstr...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.manager.autoInstrumentationImage.nodejs.repositoryDomain, .manager.autoInstr...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.manager.autoInstrumentationImage.nodejs.repositoryDomain, .manager.autoInstr...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in gcc-12-base
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in libgcc-s1
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-26462 - MEDIUM severity - krb5: Memory leak at /krb5/src/kdc/ndr.c vulnerability in libgssapi-krb5-2
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-37370 - MEDIUM severity - krb5: GSS message token handling vulnerability in libgssapi-krb5-2
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-37371 - MEDIUM severity - krb5: GSS message token handling vulnerability in libgssapi-krb5-2
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-26462 - MEDIUM severity - krb5: Memory leak at /krb5/src/kdc/ndr.c vulnerability in libk5crypto3
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-37370 - MEDIUM severity - krb5: GSS message token handling vulnerability in libk5crypto3
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-37371 - MEDIUM severity - krb5: GSS message token handling vulnerability in libk5crypto3
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2024-26462 - MEDIUM severity - krb5: Memory leak at /krb5/src/kdc/ndr.c vulnerability in libkrb5-3
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-modules
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-modules
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-modules-bin
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-modules-bin
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-runtime
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-runtime
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam0g
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam0g
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2024-11168 - MEDIUM severity - python: Improper validation of IPv6 and IPvFuture addresses vulnerability in libpython3.8
ContainerImageScan (.manager.autoInstrumentationImage.java.repositoryDomain, .manager.autoInstrum...
ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636
ContainerImageScan (.manager.autoInstrumentationImage.java.repositoryDomain, .manager.autoInstrum...
Dockerfile not provided. Skipping sarif scan result.
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2016-2781 - LOW severity - coreutils: Non-privileged session can escape to the parent session in chroot vulnerability in coreutils
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in dirmngr
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-27943 - LOW severity - binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const vulnerability in gcc-12-base
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg-l10n
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg-utils
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg2
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpg
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpg-agent
ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...
CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpg-wks-client
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2017-13716 - LOW severity - binutils: Memory leak with the C++ symbol demangler routine in libiberty vulnerability in binutils
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2018-20657 - LOW severity - libiberty: Memory leak in demangle_template function resulting in a denial of service vulnerability in binutils
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2019-1010204 - LOW severity - binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service vulnerability in binutils
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2022-48064 - LOW severity - binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c vulnerability in binutils
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2017-13716 - LOW severity - binutils: Memory leak with the C++ symbol demangler routine in libiberty vulnerability in binutils-common
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2018-20657 - LOW severity - libiberty: Memory leak in demangle_template function resulting in a denial of service vulnerability in binutils-common
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2019-1010204 - LOW severity - binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service vulnerability in binutils-common
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2022-48064 - LOW severity - binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c vulnerability in binutils-common
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2017-13716 - LOW severity - binutils: Memory leak with the C++ symbol demangler routine in libiberty vulnerability in binutils-x86-64-linux-gnu
ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...
CVE-2018-20657 - LOW severity - libiberty: Memory leak in demangle_template function resulting in a denial of service vulnerability in binutils-x86-64-linux-gnu