CloseScan results for 20.12.541
OpenSCAP and vulnerability scan report:
-
Prisma Cloud Compute release: 20.12 Update 2 (20.12.541)
-
Base image: registry.access.redhat.com/ubi8/ubi-minimal:8.2-349
-
Benchmark URL: scap-security-guide-0.1.54/ssg-rhel8-ds.xml
-
Benchmark ID: xccdf_org.ssgproject.content_benchmark_RHEL-8
-
Profile ID: xccdf_org.ssgproject.content_profile_stig
-
Compared to IronBank’s UBI8-minimal, Version 8.3 - Build 159602 - Approved, Build Date: 2021-02-12T00:45:02.855Z
twistlock/private:console_20_12_541
Findings for Prisma Cloud Compute Console.
OpenSCAP report
| Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy |
Pass |
Fail |
/etc/pki/tls/openssl.cnf configured according to check |
xccdf_org.ssgproject.content_rule_banner_etc_issue |
Fail |
Pass |
Application is a non-interactive container. There is no interactive console session with the container. |
Vulnerabilities report
| CVE | Package | Version | Fix Status | Justification |
|---|---|---|---|---|
CVE-2019-25013 |
glibc |
2.28-127.el8 |
RedHat has not released patch |
|
CVE-2021-3326 |
glibc |
2.28-127.el8 |
RedHat has not released patch |
|
CVE-2020-29361 |
p11-kit |
0.23.14-5.el8_0 |
RedHat has not released patch |
|
CVE-2020-29363 |
p11-kit |
0.23.14-5.el8_0 |
RedHat has not released patch |
|
CVE-2020-29362 |
p11-kit |
0.23.14-5.el8_0 |
RedHat has not released patch |
|
CVE-2020-8927 |
brotli |
1.0.6-2.el8 |
RedHat has not released patch |
|
CVE-2020-8284 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |
|
CVE-2020-8285 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |
|
CVE-2020-8286 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |
|
CVE-2020-8231 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |
twistlock/private:defender_20_12_541
Findings for Prisma Cloud Compute Defender.
OpenSCAP report
| Rule_ID | Compute finding | IronBank finding | Justification |
|---|---|---|---|
xccdf_org.ssgproject.content_rule_configure_openssl_crypto_policy |
Pass |
Fail |
/etc/pki/tls/openssl.cnf configured according to check |
xccdf_org.ssgproject.content_rule_banner_etc_issue |
Fail |
Pass |
Application is a non-interactive container. There is no interactive console session with the container. |
Vulnerabilities report
| CVE | Package | Version | Fix Status | Justification |
|---|---|---|---|---|
CVE-2019-25013 |
glibc |
2.28-127.el8 |
RedHat has not released patch |
|
CVE-2021-3326 |
glibc |
2.28-127.el8 |
RedHat has not released patch |
|
CVE-2020-29361 |
p11-kit |
0.23.14-5.el8_0 |
RedHat has not released patch |
|
CVE-2020-29363 |
p11-kit |
0.23.14-5.el8_0 |
RedHat has not released patch |
|
CVE-2020-29362 |
p11-kit |
0.23.14-5.el8_0 |
RedHat has not released patch |
|
CVE-2020-8927 |
brotli |
1.0.6-2.el8 |
RedHat has not released patch |
|
CVE-2020-8284 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |
|
CVE-2020-8285 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |
|
CVE-2020-8286 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |
|
CVE-2020-8231 |
curl |
7.61.1-14.el8_3.1 |
RedHat has not released patch |