Difference between revisions of "Gcloud beta container images describe"
Jump to navigation
Jump to search
(6 intermediate revisions by the same user not shown) | |||
Line 1: | Line 1: | ||
{{lc}} | {{lc}} | ||
− | [[gcloud beta container]] | + | [[gcloud beta container images]] describe |
[[gcloud container images describe --help]] | [[gcloud container images describe --help]] | ||
gcloud beta container images describe "$REPOSITORY/$image@$SHA" [[--show-package-vulnerability]] --format json | jq '.package_vulnerability_summary.vulnerabilities.CRITICAL | [[length]] ') | gcloud beta container images describe "$REPOSITORY/$image@$SHA" [[--show-package-vulnerability]] --format json | jq '.package_vulnerability_summary.vulnerabilities.CRITICAL | [[length]] ') | ||
+ | == Examples == | ||
+ | gcloud beta container images describe "eu.[[gcr.io]]/project/nginx@sha256:358e251e4fdc3c10c95a254" --show-package-vulnerability | ||
+ | discovery_summary: | ||
+ | discovery: [] | ||
+ | image_summary: | ||
+ | digest: sha256:358e251e4fdc3c10c95a254 | ||
+ | fully_qualified_digest: eu.gcr.io/project/nginx@sha256:58e251e4fdc3c10c95a254 | ||
+ | registry: eu.gcr.io | ||
+ | repository: project/nginx | ||
+ | package_vulnerability_summary: | ||
+ | not_fixed_vulnerability_count: 0 | ||
+ | total_vulnerability_found: 0 | ||
+ | vulnerabilities: {} | ||
− | {{gcloud container}} | + | === Example with vulnerabilities === |
+ | <pre> | ||
+ | { | ||
+ | "discovery_summary": { | ||
+ | "discovery": [ | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:03:58.530515Z", | ||
+ | "discovery": { | ||
+ | "analysisStatus": "FINISHED_SUCCESS", | ||
+ | "continuousAnalysis": "ACTIVE" | ||
+ | }, | ||
+ | "kind": "DISCOVERY", | ||
+ | "name": "projects/your-project/occurrences/7dc8f0c2-c665-4955-b2ce-7cfe8d107595", | ||
+ | "noteName": "projects/goog-analysis/notes/PACKAGE_VULNERABILITY", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:14.199537Z" | ||
+ | } | ||
+ | ] | ||
+ | }, | ||
+ | "image_summary": { | ||
+ | "digest": "sha256:0123456789xxxxx", | ||
+ | "fully_qualified_digest": "eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "registry": "eu.gcr.io", | ||
+ | "repository": "your-project/nginx" | ||
+ | }, | ||
+ | "package_vulnerability_summary": { | ||
+ | "not_fixed_vulnerability_count": 0, | ||
+ | "total_vulnerability_found": 17, | ||
+ | "vulnerabilities": { | ||
+ | "CRITICAL": [ | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:09.198853Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/9074cbfb-1c31-48b1-a47e-42f0d50f822c", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2019-2201", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:09.198853Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 9.3, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_LOCAL", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 7.8, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 1.8, | ||
+ | "impactScore": 5.9, | ||
+ | "integrityImpact": "IMPACT_HIGH", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_REQUIRED" | ||
+ | }, | ||
+ | "effectiveSeverity": "CRITICAL", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:C/I:C/A:C", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libjpeg-turbo", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.0.2-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.0.2", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "effectiveSeverity": "CRITICAL", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libjpeg-turbo", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.0.4-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.0.4", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "CRITICAL", | ||
+ | "shortDescription": "CVE-2019-2201" | ||
+ | } | ||
+ | } | ||
+ | ], | ||
+ | "HIGH": [ | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:08.186141Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/0bb5da06-b5e2-44dc-9a0b-39254acd0995", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2021-3517", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:08.186141Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 7.5, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 8.6, | ||
+ | "confidentialityImpact": "IMPACT_LOW", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 4.7, | ||
+ | "integrityImpact": "IMPACT_LOW", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "HIGH", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:P/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxml2", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.9.9-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "HIGH", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxml2", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.9.9-r5", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r5" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "HIGH", | ||
+ | "shortDescription": "CVE-2021-3517" | ||
+ | } | ||
+ | } | ||
+ | ], | ||
+ | "LOW": [ | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:11.596301Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/15dcd9a7-183a-4fcc-a12c-e561ad30c5d1", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2019-13627", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:11.596301Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 2.6, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_HIGH", | ||
+ | "attackVector": "ATTACK_VECTOR_LOCAL", | ||
+ | "availabilityImpact": "IMPACT_NONE", | ||
+ | "baseScore": 6.3, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 1.0, | ||
+ | "impactScore": 5.2, | ||
+ | "integrityImpact": "IMPACT_HIGH", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_REQUIRED" | ||
+ | }, | ||
+ | "effectiveSeverity": "LOW", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:L/AC:H/Au:N/C:P/I:P/A:N", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libgcrypt", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "1.8.4-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.8.4", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "LOW", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libgcrypt", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "1.8.5-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.8.5", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "LOW", | ||
+ | "shortDescription": "CVE-2019-13627" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:08.977888Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/fb37c640-aea0-459d-a8fd-c3dd3906e87a", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2020-28928", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:08.977888Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 2.1, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_LOCAL", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 5.5, | ||
+ | "confidentialityImpact": "IMPACT_NONE", | ||
+ | "exploitabilityScore": 1.8, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_LOW", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "LOW", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:L/AC:L/Au:N/C:N/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "musl", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "1.1.22-r3", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.22", | ||
+ | "revision": "r3" | ||
+ | }, | ||
+ | "effectiveSeverity": "LOW", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "musl", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "1.1.22-r4", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.22", | ||
+ | "revision": "r4" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "LOW", | ||
+ | "shortDescription": "CVE-2020-28928" | ||
+ | } | ||
+ | } | ||
+ | ], | ||
+ | "MEDIUM": [ | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:10.473028Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/13bc32fd-c5b8-4d6e-9cfc-17ecbb40329b", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2019-18197", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:10.473028Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.1, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_HIGH", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 7.5, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 1.6, | ||
+ | "impactScore": 5.9, | ||
+ | "integrityImpact": "IMPACT_HIGH", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_REQUIRED" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:H/Au:N/C:P/I:P/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxslt", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "1.1.33-r1", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.33", | ||
+ | "revision": "r1" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxslt", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "1.1.33-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.33", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2019-18197" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:10.216126Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/144f8f03-28d8-483b-a8f9-5cf83c768f36", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2020-15999", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:10.216126Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 4.3, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 6.5, | ||
+ | "confidentialityImpact": "IMPACT_NONE", | ||
+ | "exploitabilityScore": 2.8, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_REQUIRED" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "freetype", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.10.0-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.10.0", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "freetype", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.10.0-r1", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.10.0", | ||
+ | "revision": "r1" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2020-15999" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T23:07:18.026936Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/297b644c-fd28-4664-9d66-b5fbd0ad3299", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2020-13790", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T23:07:18.026936Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.8, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 8.1, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 2.8, | ||
+ | "impactScore": 5.2, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_REQUIRED" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libjpeg-turbo", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.0.2-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.0.2", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libjpeg-turbo", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.0.4-r1", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.0.4", | ||
+ | "revision": "r1" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2020-13790" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:09.511045Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/36df747b-f5ac-4c4f-8640-0d881f165443", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2021-28831", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:09.511045Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.0, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 7.5, | ||
+ | "confidentialityImpact": "IMPACT_NONE", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "busybox", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "1.30.1-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.30.1", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "busybox", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "1.30.1-r5", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.30.1", | ||
+ | "revision": "r5" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2021-28831" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:11.829970Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/65b7a19e-69da-48ce-a2e1-64df188f44cc", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2019-13117", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:11.829970Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.0, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_NONE", | ||
+ | "baseScore": 7.5, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxslt", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "1.1.33-r1", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.33", | ||
+ | "revision": "r1" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxslt", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "1.1.33-r3", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.33", | ||
+ | "revision": "r3" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2019-13117" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:12.268580Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/7f6024da-cca4-45de-9644-9aefde690fae", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2020-14155", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:12.268580Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.0, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_LOW", | ||
+ | "baseScore": 5.3, | ||
+ | "confidentialityImpact": "IMPACT_NONE", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 1.4, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "pcre", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "8.43-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "8.43", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "pcre", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "8.43-r1", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "8.43", | ||
+ | "revision": "r1" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2020-14155" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:11.717313Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/84ee2281-a769-4e8a-9cbf-93a063bb4ef2", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2019-13118", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:11.717313Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.0, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_NONE", | ||
+ | "baseScore": 7.5, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxslt", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "1.1.33-r1", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.33", | ||
+ | "revision": "r1" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxslt", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "1.1.33-r3", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "1.1.33", | ||
+ | "revision": "r3" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2019-13118" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:07.821209Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/8ea01410-6451-4750-b66a-287014eb6f82", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2020-24977", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:07.821209Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 6.4, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_LOW", | ||
+ | "baseScore": 6.5, | ||
+ | "confidentialityImpact": "IMPACT_LOW", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 2.5, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxml2", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.9.9-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxml2", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.9.9-r4", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r4" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2020-24977" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:09.824398Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/9c687953-b27f-4531-a84a-49046fe33461", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2021-36159", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:09.824398Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 6.4, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 9.1, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 5.2, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "apk-tools", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.10.4-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.10.4", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "apk-tools", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.10.7-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.10.7", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2021-36159" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:10.970746Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/c6d1235b-bd30-4468-875c-affc7dbbe007", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2019-19956", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:10.970746Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.0, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 7.5, | ||
+ | "confidentialityImpact": "IMPACT_NONE", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxml2", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.9.9-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxml2", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.9.9-r3", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r3" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2019-19956" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:11.132973Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/d058e0cf-cabd-4c5b-bc47-70692c981717", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2021-30139", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:11.132973Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 5.0, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 7.5, | ||
+ | "confidentialityImpact": "IMPACT_NONE", | ||
+ | "exploitabilityScore": 3.9, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "apk-tools", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.10.4-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.10.4", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "apk-tools", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.10.6-r0", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.10.6", | ||
+ | "revision": "r0" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2021-30139" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:07.396688Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/d23e70ae-ca3e-46e7-a198-340f794cde4a", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2021-3537", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:07.396688Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 4.3, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_HIGH", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 5.9, | ||
+ | "confidentialityImpact": "IMPACT_NONE", | ||
+ | "exploitabilityScore": 2.2, | ||
+ | "impactScore": 3.6, | ||
+ | "integrityImpact": "IMPACT_NONE", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_NONE" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxml2", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.9.9-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxml2", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.9.9-r5", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r5" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2021-3537" | ||
+ | } | ||
+ | }, | ||
+ | { | ||
+ | "createTime": "2022-08-29T15:04:08.546833Z", | ||
+ | "kind": "VULNERABILITY", | ||
+ | "name": "projects/your-project/occurrences/ec3c4e4a-a271-4328-939e-ba2621bc9c9b", | ||
+ | "noteName": "projects/goog-vulnz/notes/CVE-2021-3518", | ||
+ | "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", | ||
+ | "updateTime": "2022-08-29T15:04:08.546833Z", | ||
+ | "vulnerability": { | ||
+ | "cvssScore": 6.8, | ||
+ | "cvssv3": { | ||
+ | "attackComplexity": "ATTACK_COMPLEXITY_LOW", | ||
+ | "attackVector": "ATTACK_VECTOR_NETWORK", | ||
+ | "availabilityImpact": "IMPACT_HIGH", | ||
+ | "baseScore": 8.8, | ||
+ | "confidentialityImpact": "IMPACT_HIGH", | ||
+ | "exploitabilityScore": 2.8, | ||
+ | "impactScore": 5.9, | ||
+ | "integrityImpact": "IMPACT_HIGH", | ||
+ | "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", | ||
+ | "scope": "SCOPE_UNCHANGED", | ||
+ | "userInteraction": "USER_INTERACTION_REQUIRED" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:P/A:P", | ||
+ | "packageIssue": [ | ||
+ | { | ||
+ | "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "affectedPackage": "libxml2", | ||
+ | "affectedVersion": { | ||
+ | "fullName": "2.9.9-r2", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r2" | ||
+ | }, | ||
+ | "effectiveSeverity": "MEDIUM", | ||
+ | "fixAvailable": true, | ||
+ | "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", | ||
+ | "fixedPackage": "libxml2", | ||
+ | "fixedVersion": { | ||
+ | "fullName": "2.9.9-r5", | ||
+ | "kind": "NORMAL", | ||
+ | "name": "2.9.9", | ||
+ | "revision": "r5" | ||
+ | }, | ||
+ | "packageType": "OS" | ||
+ | } | ||
+ | ], | ||
+ | "severity": "MEDIUM", | ||
+ | "shortDescription": "CVE-2021-3518" | ||
+ | } | ||
+ | } | ||
+ | ] | ||
+ | } | ||
+ | } | ||
+ | } | ||
+ | </pre> | ||
+ | |||
+ | == See also == | ||
+ | * {{gcloud beta}} | ||
+ | * {{gcloud container}} | ||
+ | |||
+ | [[Category:GCP]] |
Latest revision as of 08:49, 30 August 2022
gcloud beta container images describe gcloud container images describe --help
gcloud beta container images describe "$REPOSITORY/$image@$SHA" --show-package-vulnerability --format json | jq '.package_vulnerability_summary.vulnerabilities.CRITICAL | length ')
Examples[edit]
gcloud beta container images describe "eu.gcr.io/project/nginx@sha256:358e251e4fdc3c10c95a254" --show-package-vulnerability discovery_summary: discovery: [] image_summary: digest: sha256:358e251e4fdc3c10c95a254 fully_qualified_digest: eu.gcr.io/project/nginx@sha256:58e251e4fdc3c10c95a254 registry: eu.gcr.io repository: project/nginx package_vulnerability_summary: not_fixed_vulnerability_count: 0 total_vulnerability_found: 0 vulnerabilities: {}
Example with vulnerabilities[edit]
{ "discovery_summary": { "discovery": [ { "createTime": "2022-08-29T15:03:58.530515Z", "discovery": { "analysisStatus": "FINISHED_SUCCESS", "continuousAnalysis": "ACTIVE" }, "kind": "DISCOVERY", "name": "projects/your-project/occurrences/7dc8f0c2-c665-4955-b2ce-7cfe8d107595", "noteName": "projects/goog-analysis/notes/PACKAGE_VULNERABILITY", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:14.199537Z" } ] }, "image_summary": { "digest": "sha256:0123456789xxxxx", "fully_qualified_digest": "eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "registry": "eu.gcr.io", "repository": "your-project/nginx" }, "package_vulnerability_summary": { "not_fixed_vulnerability_count": 0, "total_vulnerability_found": 17, "vulnerabilities": { "CRITICAL": [ { "createTime": "2022-08-29T15:04:09.198853Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/9074cbfb-1c31-48b1-a47e-42f0d50f822c", "noteName": "projects/goog-vulnz/notes/CVE-2019-2201", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:09.198853Z", "vulnerability": { "cvssScore": 9.3, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_LOCAL", "availabilityImpact": "IMPACT_HIGH", "baseScore": 7.8, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 1.8, "impactScore": 5.9, "integrityImpact": "IMPACT_HIGH", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_REQUIRED" }, "effectiveSeverity": "CRITICAL", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:C/I:C/A:C", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libjpeg-turbo", "affectedVersion": { "fullName": "2.0.2-r0", "kind": "NORMAL", "name": "2.0.2", "revision": "r0" }, "effectiveSeverity": "CRITICAL", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libjpeg-turbo", "fixedVersion": { "fullName": "2.0.4-r0", "kind": "NORMAL", "name": "2.0.4", "revision": "r0" }, "packageType": "OS" } ], "severity": "CRITICAL", "shortDescription": "CVE-2019-2201" } } ], "HIGH": [ { "createTime": "2022-08-29T15:04:08.186141Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/0bb5da06-b5e2-44dc-9a0b-39254acd0995", "noteName": "projects/goog-vulnz/notes/CVE-2021-3517", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:08.186141Z", "vulnerability": { "cvssScore": 7.5, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 8.6, "confidentialityImpact": "IMPACT_LOW", "exploitabilityScore": 3.9, "impactScore": 4.7, "integrityImpact": "IMPACT_LOW", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "HIGH", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:P/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxml2", "affectedVersion": { "fullName": "2.9.9-r2", "kind": "NORMAL", "name": "2.9.9", "revision": "r2" }, "effectiveSeverity": "HIGH", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxml2", "fixedVersion": { "fullName": "2.9.9-r5", "kind": "NORMAL", "name": "2.9.9", "revision": "r5" }, "packageType": "OS" } ], "severity": "HIGH", "shortDescription": "CVE-2021-3517" } } ], "LOW": [ { "createTime": "2022-08-29T15:04:11.596301Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/15dcd9a7-183a-4fcc-a12c-e561ad30c5d1", "noteName": "projects/goog-vulnz/notes/CVE-2019-13627", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:11.596301Z", "vulnerability": { "cvssScore": 2.6, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_HIGH", "attackVector": "ATTACK_VECTOR_LOCAL", "availabilityImpact": "IMPACT_NONE", "baseScore": 6.3, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 1.0, "impactScore": 5.2, "integrityImpact": "IMPACT_HIGH", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_REQUIRED" }, "effectiveSeverity": "LOW", "fixAvailable": true, "longDescription": "NIST vectors: AV:L/AC:H/Au:N/C:P/I:P/A:N", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libgcrypt", "affectedVersion": { "fullName": "1.8.4-r2", "kind": "NORMAL", "name": "1.8.4", "revision": "r2" }, "effectiveSeverity": "LOW", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libgcrypt", "fixedVersion": { "fullName": "1.8.5-r0", "kind": "NORMAL", "name": "1.8.5", "revision": "r0" }, "packageType": "OS" } ], "severity": "LOW", "shortDescription": "CVE-2019-13627" } }, { "createTime": "2022-08-29T15:04:08.977888Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/fb37c640-aea0-459d-a8fd-c3dd3906e87a", "noteName": "projects/goog-vulnz/notes/CVE-2020-28928", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:08.977888Z", "vulnerability": { "cvssScore": 2.1, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_LOCAL", "availabilityImpact": "IMPACT_HIGH", "baseScore": 5.5, "confidentialityImpact": "IMPACT_NONE", "exploitabilityScore": 1.8, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_LOW", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "LOW", "fixAvailable": true, "longDescription": "NIST vectors: AV:L/AC:L/Au:N/C:N/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "musl", "affectedVersion": { "fullName": "1.1.22-r3", "kind": "NORMAL", "name": "1.1.22", "revision": "r3" }, "effectiveSeverity": "LOW", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "musl", "fixedVersion": { "fullName": "1.1.22-r4", "kind": "NORMAL", "name": "1.1.22", "revision": "r4" }, "packageType": "OS" } ], "severity": "LOW", "shortDescription": "CVE-2020-28928" } } ], "MEDIUM": [ { "createTime": "2022-08-29T15:04:10.473028Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/13bc32fd-c5b8-4d6e-9cfc-17ecbb40329b", "noteName": "projects/goog-vulnz/notes/CVE-2019-18197", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:10.473028Z", "vulnerability": { "cvssScore": 5.1, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_HIGH", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 7.5, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 1.6, "impactScore": 5.9, "integrityImpact": "IMPACT_HIGH", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_REQUIRED" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:H/Au:N/C:P/I:P/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxslt", "affectedVersion": { "fullName": "1.1.33-r1", "kind": "NORMAL", "name": "1.1.33", "revision": "r1" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxslt", "fixedVersion": { "fullName": "1.1.33-r2", "kind": "NORMAL", "name": "1.1.33", "revision": "r2" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2019-18197" } }, { "createTime": "2022-08-29T15:04:10.216126Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/144f8f03-28d8-483b-a8f9-5cf83c768f36", "noteName": "projects/goog-vulnz/notes/CVE-2020-15999", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:10.216126Z", "vulnerability": { "cvssScore": 4.3, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 6.5, "confidentialityImpact": "IMPACT_NONE", "exploitabilityScore": 2.8, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_REQUIRED" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "freetype", "affectedVersion": { "fullName": "2.10.0-r0", "kind": "NORMAL", "name": "2.10.0", "revision": "r0" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "freetype", "fixedVersion": { "fullName": "2.10.0-r1", "kind": "NORMAL", "name": "2.10.0", "revision": "r1" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2020-15999" } }, { "createTime": "2022-08-29T23:07:18.026936Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/297b644c-fd28-4664-9d66-b5fbd0ad3299", "noteName": "projects/goog-vulnz/notes/CVE-2020-13790", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T23:07:18.026936Z", "vulnerability": { "cvssScore": 5.8, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 8.1, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 2.8, "impactScore": 5.2, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_REQUIRED" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libjpeg-turbo", "affectedVersion": { "fullName": "2.0.2-r0", "kind": "NORMAL", "name": "2.0.2", "revision": "r0" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libjpeg-turbo", "fixedVersion": { "fullName": "2.0.4-r1", "kind": "NORMAL", "name": "2.0.4", "revision": "r1" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2020-13790" } }, { "createTime": "2022-08-29T15:04:09.511045Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/36df747b-f5ac-4c4f-8640-0d881f165443", "noteName": "projects/goog-vulnz/notes/CVE-2021-28831", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:09.511045Z", "vulnerability": { "cvssScore": 5.0, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 7.5, "confidentialityImpact": "IMPACT_NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "busybox", "affectedVersion": { "fullName": "1.30.1-r2", "kind": "NORMAL", "name": "1.30.1", "revision": "r2" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "busybox", "fixedVersion": { "fullName": "1.30.1-r5", "kind": "NORMAL", "name": "1.30.1", "revision": "r5" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2021-28831" } }, { "createTime": "2022-08-29T15:04:11.829970Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/65b7a19e-69da-48ce-a2e1-64df188f44cc", "noteName": "projects/goog-vulnz/notes/CVE-2019-13117", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:11.829970Z", "vulnerability": { "cvssScore": 5.0, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_NONE", "baseScore": 7.5, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxslt", "affectedVersion": { "fullName": "1.1.33-r1", "kind": "NORMAL", "name": "1.1.33", "revision": "r1" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxslt", "fixedVersion": { "fullName": "1.1.33-r3", "kind": "NORMAL", "name": "1.1.33", "revision": "r3" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2019-13117" } }, { "createTime": "2022-08-29T15:04:12.268580Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/7f6024da-cca4-45de-9644-9aefde690fae", "noteName": "projects/goog-vulnz/notes/CVE-2020-14155", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:12.268580Z", "vulnerability": { "cvssScore": 5.0, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_LOW", "baseScore": 5.3, "confidentialityImpact": "IMPACT_NONE", "exploitabilityScore": 3.9, "impactScore": 1.4, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "pcre", "affectedVersion": { "fullName": "8.43-r0", "kind": "NORMAL", "name": "8.43", "revision": "r0" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "pcre", "fixedVersion": { "fullName": "8.43-r1", "kind": "NORMAL", "name": "8.43", "revision": "r1" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2020-14155" } }, { "createTime": "2022-08-29T15:04:11.717313Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/84ee2281-a769-4e8a-9cbf-93a063bb4ef2", "noteName": "projects/goog-vulnz/notes/CVE-2019-13118", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:11.717313Z", "vulnerability": { "cvssScore": 5.0, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_NONE", "baseScore": 7.5, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxslt", "affectedVersion": { "fullName": "1.1.33-r1", "kind": "NORMAL", "name": "1.1.33", "revision": "r1" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxslt", "fixedVersion": { "fullName": "1.1.33-r3", "kind": "NORMAL", "name": "1.1.33", "revision": "r3" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2019-13118" } }, { "createTime": "2022-08-29T15:04:07.821209Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/8ea01410-6451-4750-b66a-287014eb6f82", "noteName": "projects/goog-vulnz/notes/CVE-2020-24977", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:07.821209Z", "vulnerability": { "cvssScore": 6.4, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_LOW", "baseScore": 6.5, "confidentialityImpact": "IMPACT_LOW", "exploitabilityScore": 3.9, "impactScore": 2.5, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxml2", "affectedVersion": { "fullName": "2.9.9-r2", "kind": "NORMAL", "name": "2.9.9", "revision": "r2" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxml2", "fixedVersion": { "fullName": "2.9.9-r4", "kind": "NORMAL", "name": "2.9.9", "revision": "r4" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2020-24977" } }, { "createTime": "2022-08-29T15:04:09.824398Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/9c687953-b27f-4531-a84a-49046fe33461", "noteName": "projects/goog-vulnz/notes/CVE-2021-36159", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:09.824398Z", "vulnerability": { "cvssScore": 6.4, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 9.1, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 3.9, "impactScore": 5.2, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "apk-tools", "affectedVersion": { "fullName": "2.10.4-r2", "kind": "NORMAL", "name": "2.10.4", "revision": "r2" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "apk-tools", "fixedVersion": { "fullName": "2.10.7-r0", "kind": "NORMAL", "name": "2.10.7", "revision": "r0" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2021-36159" } }, { "createTime": "2022-08-29T15:04:10.970746Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/c6d1235b-bd30-4468-875c-affc7dbbe007", "noteName": "projects/goog-vulnz/notes/CVE-2019-19956", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:10.970746Z", "vulnerability": { "cvssScore": 5.0, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 7.5, "confidentialityImpact": "IMPACT_NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxml2", "affectedVersion": { "fullName": "2.9.9-r2", "kind": "NORMAL", "name": "2.9.9", "revision": "r2" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxml2", "fixedVersion": { "fullName": "2.9.9-r3", "kind": "NORMAL", "name": "2.9.9", "revision": "r3" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2019-19956" } }, { "createTime": "2022-08-29T15:04:11.132973Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/d058e0cf-cabd-4c5b-bc47-70692c981717", "noteName": "projects/goog-vulnz/notes/CVE-2021-30139", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:11.132973Z", "vulnerability": { "cvssScore": 5.0, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 7.5, "confidentialityImpact": "IMPACT_NONE", "exploitabilityScore": 3.9, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "apk-tools", "affectedVersion": { "fullName": "2.10.4-r2", "kind": "NORMAL", "name": "2.10.4", "revision": "r2" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "apk-tools", "fixedVersion": { "fullName": "2.10.6-r0", "kind": "NORMAL", "name": "2.10.6", "revision": "r0" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2021-30139" } }, { "createTime": "2022-08-29T15:04:07.396688Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/d23e70ae-ca3e-46e7-a198-340f794cde4a", "noteName": "projects/goog-vulnz/notes/CVE-2021-3537", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:07.396688Z", "vulnerability": { "cvssScore": 4.3, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_HIGH", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 5.9, "confidentialityImpact": "IMPACT_NONE", "exploitabilityScore": 2.2, "impactScore": 3.6, "integrityImpact": "IMPACT_NONE", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_NONE" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxml2", "affectedVersion": { "fullName": "2.9.9-r2", "kind": "NORMAL", "name": "2.9.9", "revision": "r2" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxml2", "fixedVersion": { "fullName": "2.9.9-r5", "kind": "NORMAL", "name": "2.9.9", "revision": "r5" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2021-3537" } }, { "createTime": "2022-08-29T15:04:08.546833Z", "kind": "VULNERABILITY", "name": "projects/your-project/occurrences/ec3c4e4a-a271-4328-939e-ba2621bc9c9b", "noteName": "projects/goog-vulnz/notes/CVE-2021-3518", "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx", "updateTime": "2022-08-29T15:04:08.546833Z", "vulnerability": { "cvssScore": 6.8, "cvssv3": { "attackComplexity": "ATTACK_COMPLEXITY_LOW", "attackVector": "ATTACK_VECTOR_NETWORK", "availabilityImpact": "IMPACT_HIGH", "baseScore": 8.8, "confidentialityImpact": "IMPACT_HIGH", "exploitabilityScore": 2.8, "impactScore": 5.9, "integrityImpact": "IMPACT_HIGH", "privilegesRequired": "PRIVILEGES_REQUIRED_NONE", "scope": "SCOPE_UNCHANGED", "userInteraction": "USER_INTERACTION_REQUIRED" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:P/A:P", "packageIssue": [ { "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "affectedPackage": "libxml2", "affectedVersion": { "fullName": "2.9.9-r2", "kind": "NORMAL", "name": "2.9.9", "revision": "r2" }, "effectiveSeverity": "MEDIUM", "fixAvailable": true, "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10", "fixedPackage": "libxml2", "fixedVersion": { "fullName": "2.9.9-r5", "kind": "NORMAL", "name": "2.9.9", "revision": "r5" }, "packageType": "OS" } ], "severity": "MEDIUM", "shortDescription": "CVE-2021-3518" } } ] } } }
See also[edit]
gcloud beta [ monitoring | container ]
gcloud container [ clusters | images | get-server-config | subnets ]
Advertising: