Run Image Scan for Amazon CloudWatch Observability Helm Chart

Run Image Scan for Amazon CloudWatch Observability Helm Chart #83

Triggered via schedule December 23, 2024 13:07

lisguo

⁠ 50245a7

main

Status Failure

Total duration 42s

Artifacts –

amazon-cloudwatch-observability-image-scan.yaml

on: schedule

Matrix: ContainerImageScan

Annotations

21 errors, 36 warnings, and 20 notices

ContainerImageScan (.agent.image.repositoryDomainMap.public, .agent.image.repository, .agent.imag...

2024-12-23T13:07:59Z INFO [vulndb] Need to update DB 2024-12-23T13:07:59Z INFO [vulndb] Downloading vulnerability DB... 2024-12-23T13:07:59Z INFO [vulndb] Downloading artifact... repo="mirror.gcr.io/aquasec/trivy-db:2" 2024-12-23T13:08:03Z INFO [vulndb] Artifact successfully downloaded repo="mirror.gcr.io/aquasec/trivy-db:2" 2024-12-23T13:08:03Z INFO [vuln] Vulnerability scanning is enabled 2024-12-23T13:08:03Z INFO [secret] Secret scanning is enabled 2024-12-23T13:08:03Z INFO [secret] If your scanning is slow, please try '--scanners vuln' to disable secret scanning 2024-12-23T13:08:03Z INFO [secret] Please see also https://aquasecurity.github.io/trivy/v0.57/docs/scanner/secret#recommendation for faster secret detection 2024-12-23T13:08:03Z FATAL Fatal error image scan error: scan error: unable to initialize a scanner: unable to initialize an image scanner: unable to find the specified image "public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300051.0b992" in ["docker" "containerd" "podman" "remote"]: 4 errors occurred: * docker error: unable to inspect the image (public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300051.0b992): Error response from daemon: No such image: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300051.0b992 * containerd error: failed to initialize a containerd client: failed to dial "/run/containerd/containerd.sock": connection error: desc = "transport: error while dialing: dial unix /run/containerd/containerd.sock: connect: permission denied" * podman error: unable to inspect the image (public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300051.0b992): failed to find image public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300051.0b992: public.ecr.aws/cloudwatch-agent/cloudwatch-agent:1.300051.0b992: No such image * remote error: GET https://public.ecr.aws/v2/cloudwatch-agent/cloudwatch-agent/manifests/1.300051.0b992: MANIFEST_UNKNOWN: Requested image not found

ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...

CVE-2024-45338 - HIGH severity - golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html vulnerability in golang.org/x/net

ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...

CVE-2024-34156 - HIGH severity - encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion vulnerability in stdlib

ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...

Container image is unhealthy. Following your desired severity threshold (HIGH), the job has been marked as failed.

ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...

CVE-2024-48957 - HIGH severity - libarchive: Out-of-bounds access in libarchive's archive file handling vulnerability in libarchive

ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...

CVE-2024-48958 - HIGH severity - libarchive: Out-of-bounds access in libarchive's RAR file handling vulnerability in libarchive

ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...

Container image is unhealthy. Following your desired severity threshold (HIGH), the job has been marked as failed.

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-45337 - CRITICAL severity - golang.org/x/crypto/ssh: Misuse of ServerConfig.PublicKeyCallback may cause authorization bypass in golang.org/x/crypto vulnerability in golang.org/x/crypto

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-45338 - HIGH severity - golang.org/x/net/html: Non-linear parsing of case-insensitive content in golang.org/x/net/html vulnerability in golang.org/x/net

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-34156 - HIGH severity - encoding/gob: golang: Calling Decoder.Decode on a message which contains deeply nested structures can cause a panic due to stack exhaustion vulnerability in stdlib

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

Container image is unhealthy. Following your desired severity threshold (HIGH), the job has been marked as failed.

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2020-16119 - HIGH severity - kernel: DCCP CCID structure use-after-free may lead to DoS or code execution vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2022-36402 - HIGH severity - kernel: vmwgfx: integer overflow in vmwgfx_execbuf.c vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2023-20569 - HIGH severity - amd: Return Address Predictor vulnerability leading to information disclosure vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2023-21400 - HIGH severity - kernel: io_uring: io_defer_entry object double free vulnerability vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-26800 - HIGH severity - kernel: tls: fix use-after-free on failed backlog decryption vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-26960 - HIGH severity - kernel: mm: swap: fix race between free_swap_and_cache() and swapoff() vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-27397 - HIGH severity - kernel: netfilter: nf_tables: use timestamp to check for set element timeout vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-38630 - HIGH severity - kernel: watchdog: cpu5wdt.c: Fix use-after-free bug caused by cpu5wdt_trigger vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-43882 - HIGH severity - kernel: exec: Fix ToCToU between perm check and set-uid/gid usage vulnerability in linux-libc-dev

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-50264 - HIGH severity - kernel: vsock/virtio: Initialization of the dangling pointer occurring in vsk->trans vulnerability in linux-libc-dev

ContainerImageScan (.agent.image.repositoryDomainMap.public, .agent.image.repository, .agent.imag...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.manager.autoInstrumentationImage.nodejs.repositoryDomain, .manager.autoInstr...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.manager.autoInstrumentationImage.nodejs.repositoryDomain, .manager.autoInstr...

Dockerfile not provided. Skipping sarif scan result.

ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...

Dockerfile not provided. Skipping sarif scan result.

ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...

CVE-2024-34155 - MEDIUM severity - go/parser: golang: Calling any of the Parse functions containing deeply nested literals can cause a panic/stack exhaustion vulnerability in stdlib

ContainerImageScan (.manager.image.repositoryDomainMap.public, .manager.image.repository, .manage...

CVE-2024-34158 - MEDIUM severity - go/build/constraint: golang: Calling Parse on a "// +build" build tag line with deeply nested expressions can cause a panic due to stack exhaustion vulnerability in stdlib

ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...

Dockerfile not provided. Skipping sarif scan result.

ContainerImageScan (.manager.autoInstrumentationImage.dotnet.repositoryDomain, .manager.autoInstr...

CVE-2024-34459 - MEDIUM severity - libxml2: buffer over-read in xmlHTMLPrintFileContext in xmllint.c vulnerability in libxml2

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

Dockerfile not provided. Skipping sarif scan result.

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in gcc-12-base

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2023-4039 - MEDIUM severity - gcc: -fstack-protector fails to guard dynamic stack allocations on ARM64 vulnerability in libgcc-s1

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-26462 - MEDIUM severity - krb5: Memory leak at /krb5/src/kdc/ndr.c vulnerability in libgssapi-krb5-2

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-37370 - MEDIUM severity - krb5: GSS message token handling vulnerability in libgssapi-krb5-2

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-37371 - MEDIUM severity - krb5: GSS message token handling vulnerability in libgssapi-krb5-2

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-26462 - MEDIUM severity - krb5: Memory leak at /krb5/src/kdc/ndr.c vulnerability in libk5crypto3

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-37370 - MEDIUM severity - krb5: GSS message token handling vulnerability in libk5crypto3

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-37371 - MEDIUM severity - krb5: GSS message token handling vulnerability in libk5crypto3

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2024-26462 - MEDIUM severity - krb5: Memory leak at /krb5/src/kdc/ndr.c vulnerability in libkrb5-3

ContainerImageScan (.manager.autoInstrumentationImage.python.repositoryDomain, .manager.autoInstr...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.manager.autoInstrumentationImage.python.repositoryDomain, .manager.autoInstr...

Dockerfile not provided. Skipping sarif scan result.

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

Dockerfile not provided. Skipping sarif scan result.

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-modules

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-modules

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-modules-bin

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-modules-bin

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam-runtime

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam-runtime

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10041 - MEDIUM severity - pam: libpam: Libpam vulnerable to read hashed password vulnerability in libpam0g

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-10963 - MEDIUM severity - pam: Improper Hostname Interpretation in pam_access Leads to Access Control Bypass vulnerability in libpam0g

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2024-11168 - MEDIUM severity - python: Improper validation of IPv6 and IPvFuture addresses vulnerability in libpython3.8

ContainerImageScan (.manager.autoInstrumentationImage.java.repositoryDomain, .manager.autoInstrum...

ubuntu-latest pipelines will use ubuntu-24.04 soon. For more details, see https://github.com/actions/runner-images/issues/10636

ContainerImageScan (.manager.autoInstrumentationImage.java.repositoryDomain, .manager.autoInstrum...

Dockerfile not provided. Skipping sarif scan result.

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2016-2781 - LOW severity - coreutils: Non-privileged session can escape to the parent session in chroot vulnerability in coreutils

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in dirmngr

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-27943 - LOW severity - binutils: libiberty/rust-demangle.c in GNU GCC 11.2 allows stack exhaustion in demangle_const vulnerability in gcc-12-base

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg-l10n

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg-utils

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gnupg2

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpg

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpg-agent

ContainerImageScan (.dcgmExporter.image.repositoryDomainMap.public, .dcgmExporter.image.repositor...

CVE-2022-3219 - LOW severity - gnupg: denial of service issue (resource consumption) using compressed packets vulnerability in gpg-wks-client

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2017-13716 - LOW severity - binutils: Memory leak with the C++ symbol demangler routine in libiberty vulnerability in binutils

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2018-20657 - LOW severity - libiberty: Memory leak in demangle_template function resulting in a denial of service vulnerability in binutils

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2019-1010204 - LOW severity - binutils: Improper Input Validation, Signed/Unsigned Comparison, Out-of-bounds Read in gold/fileread.cc and elfcpp/elfcpp_file.h leads to denial of service vulnerability in binutils

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2022-48064 - LOW severity - binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c vulnerability in binutils

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2017-13716 - LOW severity - binutils: Memory leak with the C++ symbol demangler routine in libiberty vulnerability in binutils-common

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2018-20657 - LOW severity - libiberty: Memory leak in demangle_template function resulting in a denial of service vulnerability in binutils-common

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2022-48064 - LOW severity - binutils: excessive memory consumption in _bfd_dwarf2_find_nearest_line_with_alt() in dwarf2.c vulnerability in binutils-common

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2017-13716 - LOW severity - binutils: Memory leak with the C++ symbol demangler routine in libiberty vulnerability in binutils-x86-64-linux-gnu

ContainerImageScan (.neuronMonitor.image.repositoryDomainMap.public, .neuronMonitor.image.reposit...

CVE-2018-20657 - LOW severity - libiberty: Memory leak in demangle_template function resulting in a denial of service vulnerability in binutils-x86-64-linux-gnu

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Run Image Scan for Amazon CloudWatch Observability Helm Chart #83

Summary