Difference between revisions of "Gcloud beta container images describe"

From wikieduonline
Jump to navigation Jump to search
 
(4 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
{{lc}}
 
{{lc}}
  
  [[gcloud beta container]] images describe
+
  [[gcloud beta container images]] describe
 
  [[gcloud container images describe --help]]
 
  [[gcloud container images describe --help]]
  
 
  gcloud beta container images describe "$REPOSITORY/$image@$SHA" [[--show-package-vulnerability]] --format json | jq '.package_vulnerability_summary.vulnerabilities.CRITICAL | [[length]] ')
 
  gcloud beta container images describe "$REPOSITORY/$image@$SHA" [[--show-package-vulnerability]] --format json | jq '.package_vulnerability_summary.vulnerabilities.CRITICAL | [[length]] ')
 +
 +
== Examples ==
 +
gcloud beta container images describe "eu.[[gcr.io]]/project/nginx@sha256:358e251e4fdc3c10c95a254" --show-package-vulnerability
 +
discovery_summary:
 +
  discovery: []
 +
image_summary:
 +
  digest: sha256:358e251e4fdc3c10c95a254
 +
  fully_qualified_digest: eu.gcr.io/project/nginx@sha256:58e251e4fdc3c10c95a254
 +
  registry: eu.gcr.io
 +
  repository: project/nginx
 +
package_vulnerability_summary:
 +
  not_fixed_vulnerability_count: 0
 +
  total_vulnerability_found: 0
 +
  vulnerabilities: {}
 +
 +
=== Example with vulnerabilities ===
 +
<pre>
 +
{
 +
  "discovery_summary": {
 +
    "discovery": [
 +
      {
 +
        "createTime": "2022-08-29T15:03:58.530515Z",
 +
        "discovery": {
 +
          "analysisStatus": "FINISHED_SUCCESS",
 +
          "continuousAnalysis": "ACTIVE"
 +
        },
 +
        "kind": "DISCOVERY",
 +
        "name": "projects/your-project/occurrences/7dc8f0c2-c665-4955-b2ce-7cfe8d107595",
 +
        "noteName": "projects/goog-analysis/notes/PACKAGE_VULNERABILITY",
 +
        "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
        "updateTime": "2022-08-29T15:04:14.199537Z"
 +
      }
 +
    ]
 +
  },
 +
  "image_summary": {
 +
    "digest": "sha256:0123456789xxxxx",
 +
    "fully_qualified_digest": "eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
    "registry": "eu.gcr.io",
 +
    "repository": "your-project/nginx"
 +
  },
 +
  "package_vulnerability_summary": {
 +
    "not_fixed_vulnerability_count": 0,
 +
    "total_vulnerability_found": 17,
 +
    "vulnerabilities": {
 +
      "CRITICAL": [
 +
        {
 +
          "createTime": "2022-08-29T15:04:09.198853Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/9074cbfb-1c31-48b1-a47e-42f0d50f822c",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2019-2201",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:09.198853Z",
 +
          "vulnerability": {
 +
            "cvssScore": 9.3,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_LOCAL",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 7.8,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 1.8,
 +
              "impactScore": 5.9,
 +
              "integrityImpact": "IMPACT_HIGH",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_REQUIRED"
 +
            },
 +
            "effectiveSeverity": "CRITICAL",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:C/I:C/A:C",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libjpeg-turbo",
 +
                "affectedVersion": {
 +
                  "fullName": "2.0.2-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.0.2",
 +
                  "revision": "r0"
 +
                },
 +
                "effectiveSeverity": "CRITICAL",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libjpeg-turbo",
 +
                "fixedVersion": {
 +
                  "fullName": "2.0.4-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.0.4",
 +
                  "revision": "r0"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "CRITICAL",
 +
            "shortDescription": "CVE-2019-2201"
 +
          }
 +
        }
 +
      ],
 +
      "HIGH": [
 +
        {
 +
          "createTime": "2022-08-29T15:04:08.186141Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/0bb5da06-b5e2-44dc-9a0b-39254acd0995",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2021-3517",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:08.186141Z",
 +
          "vulnerability": {
 +
            "cvssScore": 7.5,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 8.6,
 +
              "confidentialityImpact": "IMPACT_LOW",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 4.7,
 +
              "integrityImpact": "IMPACT_LOW",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "HIGH",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:P/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxml2",
 +
                "affectedVersion": {
 +
                  "fullName": "2.9.9-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "HIGH",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxml2",
 +
                "fixedVersion": {
 +
                  "fullName": "2.9.9-r5",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r5"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "HIGH",
 +
            "shortDescription": "CVE-2021-3517"
 +
          }
 +
        }
 +
      ],
 +
      "LOW": [
 +
        {
 +
          "createTime": "2022-08-29T15:04:11.596301Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/15dcd9a7-183a-4fcc-a12c-e561ad30c5d1",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2019-13627",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:11.596301Z",
 +
          "vulnerability": {
 +
            "cvssScore": 2.6,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_HIGH",
 +
              "attackVector": "ATTACK_VECTOR_LOCAL",
 +
              "availabilityImpact": "IMPACT_NONE",
 +
              "baseScore": 6.3,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 1.0,
 +
              "impactScore": 5.2,
 +
              "integrityImpact": "IMPACT_HIGH",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_REQUIRED"
 +
            },
 +
            "effectiveSeverity": "LOW",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:L/AC:H/Au:N/C:P/I:P/A:N",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libgcrypt",
 +
                "affectedVersion": {
 +
                  "fullName": "1.8.4-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.8.4",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "LOW",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libgcrypt",
 +
                "fixedVersion": {
 +
                  "fullName": "1.8.5-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.8.5",
 +
                  "revision": "r0"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "LOW",
 +
            "shortDescription": "CVE-2019-13627"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:08.977888Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/fb37c640-aea0-459d-a8fd-c3dd3906e87a",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2020-28928",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:08.977888Z",
 +
          "vulnerability": {
 +
            "cvssScore": 2.1,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_LOCAL",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 5.5,
 +
              "confidentialityImpact": "IMPACT_NONE",
 +
              "exploitabilityScore": 1.8,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_LOW",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "LOW",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:L/AC:L/Au:N/C:N/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "musl",
 +
                "affectedVersion": {
 +
                  "fullName": "1.1.22-r3",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.22",
 +
                  "revision": "r3"
 +
                },
 +
                "effectiveSeverity": "LOW",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "musl",
 +
                "fixedVersion": {
 +
                  "fullName": "1.1.22-r4",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.22",
 +
                  "revision": "r4"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "LOW",
 +
            "shortDescription": "CVE-2020-28928"
 +
          }
 +
        }
 +
      ],
 +
      "MEDIUM": [
 +
        {
 +
          "createTime": "2022-08-29T15:04:10.473028Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/13bc32fd-c5b8-4d6e-9cfc-17ecbb40329b",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2019-18197",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:10.473028Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.1,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_HIGH",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 7.5,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 1.6,
 +
              "impactScore": 5.9,
 +
              "integrityImpact": "IMPACT_HIGH",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_REQUIRED"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:H/Au:N/C:P/I:P/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxslt",
 +
                "affectedVersion": {
 +
                  "fullName": "1.1.33-r1",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.33",
 +
                  "revision": "r1"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxslt",
 +
                "fixedVersion": {
 +
                  "fullName": "1.1.33-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.33",
 +
                  "revision": "r2"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2019-18197"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:10.216126Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/144f8f03-28d8-483b-a8f9-5cf83c768f36",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2020-15999",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:10.216126Z",
 +
          "vulnerability": {
 +
            "cvssScore": 4.3,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 6.5,
 +
              "confidentialityImpact": "IMPACT_NONE",
 +
              "exploitabilityScore": 2.8,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_REQUIRED"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "freetype",
 +
                "affectedVersion": {
 +
                  "fullName": "2.10.0-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.10.0",
 +
                  "revision": "r0"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "freetype",
 +
                "fixedVersion": {
 +
                  "fullName": "2.10.0-r1",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.10.0",
 +
                  "revision": "r1"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2020-15999"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T23:07:18.026936Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/297b644c-fd28-4664-9d66-b5fbd0ad3299",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2020-13790",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T23:07:18.026936Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.8,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 8.1,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 2.8,
 +
              "impactScore": 5.2,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_REQUIRED"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libjpeg-turbo",
 +
                "affectedVersion": {
 +
                  "fullName": "2.0.2-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.0.2",
 +
                  "revision": "r0"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libjpeg-turbo",
 +
                "fixedVersion": {
 +
                  "fullName": "2.0.4-r1",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.0.4",
 +
                  "revision": "r1"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2020-13790"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:09.511045Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/36df747b-f5ac-4c4f-8640-0d881f165443",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2021-28831",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:09.511045Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.0,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 7.5,
 +
              "confidentialityImpact": "IMPACT_NONE",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "busybox",
 +
                "affectedVersion": {
 +
                  "fullName": "1.30.1-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.30.1",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "busybox",
 +
                "fixedVersion": {
 +
                  "fullName": "1.30.1-r5",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.30.1",
 +
                  "revision": "r5"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2021-28831"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:11.829970Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/65b7a19e-69da-48ce-a2e1-64df188f44cc",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2019-13117",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:11.829970Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.0,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_NONE",
 +
              "baseScore": 7.5,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxslt",
 +
                "affectedVersion": {
 +
                  "fullName": "1.1.33-r1",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.33",
 +
                  "revision": "r1"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxslt",
 +
                "fixedVersion": {
 +
                  "fullName": "1.1.33-r3",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.33",
 +
                  "revision": "r3"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2019-13117"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:12.268580Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/7f6024da-cca4-45de-9644-9aefde690fae",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2020-14155",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:12.268580Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.0,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_LOW",
 +
              "baseScore": 5.3,
 +
              "confidentialityImpact": "IMPACT_NONE",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 1.4,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "pcre",
 +
                "affectedVersion": {
 +
                  "fullName": "8.43-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "8.43",
 +
                  "revision": "r0"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "pcre",
 +
                "fixedVersion": {
 +
                  "fullName": "8.43-r1",
 +
                  "kind": "NORMAL",
 +
                  "name": "8.43",
 +
                  "revision": "r1"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2020-14155"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:11.717313Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/84ee2281-a769-4e8a-9cbf-93a063bb4ef2",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2019-13118",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:11.717313Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.0,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_NONE",
 +
              "baseScore": 7.5,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxslt",
 +
                "affectedVersion": {
 +
                  "fullName": "1.1.33-r1",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.33",
 +
                  "revision": "r1"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxslt",
 +
                "fixedVersion": {
 +
                  "fullName": "1.1.33-r3",
 +
                  "kind": "NORMAL",
 +
                  "name": "1.1.33",
 +
                  "revision": "r3"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2019-13118"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:07.821209Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/8ea01410-6451-4750-b66a-287014eb6f82",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2020-24977",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:07.821209Z",
 +
          "vulnerability": {
 +
            "cvssScore": 6.4,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_LOW",
 +
              "baseScore": 6.5,
 +
              "confidentialityImpact": "IMPACT_LOW",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 2.5,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxml2",
 +
                "affectedVersion": {
 +
                  "fullName": "2.9.9-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxml2",
 +
                "fixedVersion": {
 +
                  "fullName": "2.9.9-r4",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r4"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2020-24977"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:09.824398Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/9c687953-b27f-4531-a84a-49046fe33461",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2021-36159",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:09.824398Z",
 +
          "vulnerability": {
 +
            "cvssScore": 6.4,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 9.1,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 5.2,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "apk-tools",
 +
                "affectedVersion": {
 +
                  "fullName": "2.10.4-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.10.4",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "apk-tools",
 +
                "fixedVersion": {
 +
                  "fullName": "2.10.7-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.10.7",
 +
                  "revision": "r0"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2021-36159"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:10.970746Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/c6d1235b-bd30-4468-875c-affc7dbbe007",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2019-19956",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:10.970746Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.0,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 7.5,
 +
              "confidentialityImpact": "IMPACT_NONE",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxml2",
 +
                "affectedVersion": {
 +
                  "fullName": "2.9.9-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxml2",
 +
                "fixedVersion": {
 +
                  "fullName": "2.9.9-r3",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r3"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2019-19956"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:11.132973Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/d058e0cf-cabd-4c5b-bc47-70692c981717",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2021-30139",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:11.132973Z",
 +
          "vulnerability": {
 +
            "cvssScore": 5.0,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 7.5,
 +
              "confidentialityImpact": "IMPACT_NONE",
 +
              "exploitabilityScore": 3.9,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "apk-tools",
 +
                "affectedVersion": {
 +
                  "fullName": "2.10.4-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.10.4",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "apk-tools",
 +
                "fixedVersion": {
 +
                  "fullName": "2.10.6-r0",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.10.6",
 +
                  "revision": "r0"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2021-30139"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:07.396688Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/d23e70ae-ca3e-46e7-a198-340f794cde4a",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2021-3537",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:07.396688Z",
 +
          "vulnerability": {
 +
            "cvssScore": 4.3,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_HIGH",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 5.9,
 +
              "confidentialityImpact": "IMPACT_NONE",
 +
              "exploitabilityScore": 2.2,
 +
              "impactScore": 3.6,
 +
              "integrityImpact": "IMPACT_NONE",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_NONE"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxml2",
 +
                "affectedVersion": {
 +
                  "fullName": "2.9.9-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxml2",
 +
                "fixedVersion": {
 +
                  "fullName": "2.9.9-r5",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r5"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2021-3537"
 +
          }
 +
        },
 +
        {
 +
          "createTime": "2022-08-29T15:04:08.546833Z",
 +
          "kind": "VULNERABILITY",
 +
          "name": "projects/your-project/occurrences/ec3c4e4a-a271-4328-939e-ba2621bc9c9b",
 +
          "noteName": "projects/goog-vulnz/notes/CVE-2021-3518",
 +
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
 +
          "updateTime": "2022-08-29T15:04:08.546833Z",
 +
          "vulnerability": {
 +
            "cvssScore": 6.8,
 +
            "cvssv3": {
 +
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
 +
              "attackVector": "ATTACK_VECTOR_NETWORK",
 +
              "availabilityImpact": "IMPACT_HIGH",
 +
              "baseScore": 8.8,
 +
              "confidentialityImpact": "IMPACT_HIGH",
 +
              "exploitabilityScore": 2.8,
 +
              "impactScore": 5.9,
 +
              "integrityImpact": "IMPACT_HIGH",
 +
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
 +
              "scope": "SCOPE_UNCHANGED",
 +
              "userInteraction": "USER_INTERACTION_REQUIRED"
 +
            },
 +
            "effectiveSeverity": "MEDIUM",
 +
            "fixAvailable": true,
 +
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:P/A:P",
 +
            "packageIssue": [
 +
              {
 +
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "affectedPackage": "libxml2",
 +
                "affectedVersion": {
 +
                  "fullName": "2.9.9-r2",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r2"
 +
                },
 +
                "effectiveSeverity": "MEDIUM",
 +
                "fixAvailable": true,
 +
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
 +
                "fixedPackage": "libxml2",
 +
                "fixedVersion": {
 +
                  "fullName": "2.9.9-r5",
 +
                  "kind": "NORMAL",
 +
                  "name": "2.9.9",
 +
                  "revision": "r5"
 +
                },
 +
                "packageType": "OS"
 +
              }
 +
            ],
 +
            "severity": "MEDIUM",
 +
            "shortDescription": "CVE-2021-3518"
 +
          }
 +
        }
 +
      ]
 +
    }
 +
  }
 +
}
 +
</pre>
  
 
== See also ==
 
== See also ==

Latest revision as of 08:49, 30 August 2022

gcloud beta container images describe
gcloud container images describe --help
gcloud beta container images describe "$REPOSITORY/$image@$SHA" --show-package-vulnerability --format json | jq '.package_vulnerability_summary.vulnerabilities.CRITICAL | length ')

Examples[edit]

gcloud beta container images describe "eu.gcr.io/project/nginx@sha256:358e251e4fdc3c10c95a254" --show-package-vulnerability
discovery_summary:
  discovery: []
image_summary:
  digest: sha256:358e251e4fdc3c10c95a254
  fully_qualified_digest: eu.gcr.io/project/nginx@sha256:58e251e4fdc3c10c95a254
  registry: eu.gcr.io
  repository: project/nginx
package_vulnerability_summary:
  not_fixed_vulnerability_count: 0
  total_vulnerability_found: 0
  vulnerabilities: {}

Example with vulnerabilities[edit]

{
  "discovery_summary": {
    "discovery": [
      {
        "createTime": "2022-08-29T15:03:58.530515Z",
        "discovery": {
          "analysisStatus": "FINISHED_SUCCESS",
          "continuousAnalysis": "ACTIVE"
        },
        "kind": "DISCOVERY",
        "name": "projects/your-project/occurrences/7dc8f0c2-c665-4955-b2ce-7cfe8d107595",
        "noteName": "projects/goog-analysis/notes/PACKAGE_VULNERABILITY",
        "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
        "updateTime": "2022-08-29T15:04:14.199537Z"
      }
    ]
  },
  "image_summary": {
    "digest": "sha256:0123456789xxxxx",
    "fully_qualified_digest": "eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
    "registry": "eu.gcr.io",
    "repository": "your-project/nginx"
  },
  "package_vulnerability_summary": {
    "not_fixed_vulnerability_count": 0,
    "total_vulnerability_found": 17,
    "vulnerabilities": {
      "CRITICAL": [
        {
          "createTime": "2022-08-29T15:04:09.198853Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/9074cbfb-1c31-48b1-a47e-42f0d50f822c",
          "noteName": "projects/goog-vulnz/notes/CVE-2019-2201",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:09.198853Z",
          "vulnerability": {
            "cvssScore": 9.3,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_LOCAL",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 7.8,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 1.8,
              "impactScore": 5.9,
              "integrityImpact": "IMPACT_HIGH",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_REQUIRED"
            },
            "effectiveSeverity": "CRITICAL",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:C/I:C/A:C",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libjpeg-turbo",
                "affectedVersion": {
                  "fullName": "2.0.2-r0",
                  "kind": "NORMAL",
                  "name": "2.0.2",
                  "revision": "r0"
                },
                "effectiveSeverity": "CRITICAL",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libjpeg-turbo",
                "fixedVersion": {
                  "fullName": "2.0.4-r0",
                  "kind": "NORMAL",
                  "name": "2.0.4",
                  "revision": "r0"
                },
                "packageType": "OS"
              }
            ],
            "severity": "CRITICAL",
            "shortDescription": "CVE-2019-2201"
          }
        }
      ],
      "HIGH": [
        {
          "createTime": "2022-08-29T15:04:08.186141Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/0bb5da06-b5e2-44dc-9a0b-39254acd0995",
          "noteName": "projects/goog-vulnz/notes/CVE-2021-3517",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:08.186141Z",
          "vulnerability": {
            "cvssScore": 7.5,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 8.6,
              "confidentialityImpact": "IMPACT_LOW",
              "exploitabilityScore": 3.9,
              "impactScore": 4.7,
              "integrityImpact": "IMPACT_LOW",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "HIGH",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:P/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxml2",
                "affectedVersion": {
                  "fullName": "2.9.9-r2",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r2"
                },
                "effectiveSeverity": "HIGH",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxml2",
                "fixedVersion": {
                  "fullName": "2.9.9-r5",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r5"
                },
                "packageType": "OS"
              }
            ],
            "severity": "HIGH",
            "shortDescription": "CVE-2021-3517"
          }
        }
      ],
      "LOW": [
        {
          "createTime": "2022-08-29T15:04:11.596301Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/15dcd9a7-183a-4fcc-a12c-e561ad30c5d1",
          "noteName": "projects/goog-vulnz/notes/CVE-2019-13627",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:11.596301Z",
          "vulnerability": {
            "cvssScore": 2.6,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_HIGH",
              "attackVector": "ATTACK_VECTOR_LOCAL",
              "availabilityImpact": "IMPACT_NONE",
              "baseScore": 6.3,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 1.0,
              "impactScore": 5.2,
              "integrityImpact": "IMPACT_HIGH",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_REQUIRED"
            },
            "effectiveSeverity": "LOW",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:L/AC:H/Au:N/C:P/I:P/A:N",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libgcrypt",
                "affectedVersion": {
                  "fullName": "1.8.4-r2",
                  "kind": "NORMAL",
                  "name": "1.8.4",
                  "revision": "r2"
                },
                "effectiveSeverity": "LOW",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libgcrypt",
                "fixedVersion": {
                  "fullName": "1.8.5-r0",
                  "kind": "NORMAL",
                  "name": "1.8.5",
                  "revision": "r0"
                },
                "packageType": "OS"
              }
            ],
            "severity": "LOW",
            "shortDescription": "CVE-2019-13627"
          }
        },
        {
          "createTime": "2022-08-29T15:04:08.977888Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/fb37c640-aea0-459d-a8fd-c3dd3906e87a",
          "noteName": "projects/goog-vulnz/notes/CVE-2020-28928",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:08.977888Z",
          "vulnerability": {
            "cvssScore": 2.1,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_LOCAL",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 5.5,
              "confidentialityImpact": "IMPACT_NONE",
              "exploitabilityScore": 1.8,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_LOW",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "LOW",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:L/AC:L/Au:N/C:N/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "musl",
                "affectedVersion": {
                  "fullName": "1.1.22-r3",
                  "kind": "NORMAL",
                  "name": "1.1.22",
                  "revision": "r3"
                },
                "effectiveSeverity": "LOW",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "musl",
                "fixedVersion": {
                  "fullName": "1.1.22-r4",
                  "kind": "NORMAL",
                  "name": "1.1.22",
                  "revision": "r4"
                },
                "packageType": "OS"
              }
            ],
            "severity": "LOW",
            "shortDescription": "CVE-2020-28928"
          }
        }
      ],
      "MEDIUM": [
        {
          "createTime": "2022-08-29T15:04:10.473028Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/13bc32fd-c5b8-4d6e-9cfc-17ecbb40329b",
          "noteName": "projects/goog-vulnz/notes/CVE-2019-18197",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:10.473028Z",
          "vulnerability": {
            "cvssScore": 5.1,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_HIGH",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 7.5,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 1.6,
              "impactScore": 5.9,
              "integrityImpact": "IMPACT_HIGH",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_REQUIRED"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:H/Au:N/C:P/I:P/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxslt",
                "affectedVersion": {
                  "fullName": "1.1.33-r1",
                  "kind": "NORMAL",
                  "name": "1.1.33",
                  "revision": "r1"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxslt",
                "fixedVersion": {
                  "fullName": "1.1.33-r2",
                  "kind": "NORMAL",
                  "name": "1.1.33",
                  "revision": "r2"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2019-18197"
          }
        },
        {
          "createTime": "2022-08-29T15:04:10.216126Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/144f8f03-28d8-483b-a8f9-5cf83c768f36",
          "noteName": "projects/goog-vulnz/notes/CVE-2020-15999",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:10.216126Z",
          "vulnerability": {
            "cvssScore": 4.3,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 6.5,
              "confidentialityImpact": "IMPACT_NONE",
              "exploitabilityScore": 2.8,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_REQUIRED"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "freetype",
                "affectedVersion": {
                  "fullName": "2.10.0-r0",
                  "kind": "NORMAL",
                  "name": "2.10.0",
                  "revision": "r0"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "freetype",
                "fixedVersion": {
                  "fullName": "2.10.0-r1",
                  "kind": "NORMAL",
                  "name": "2.10.0",
                  "revision": "r1"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2020-15999"
          }
        },
        {
          "createTime": "2022-08-29T23:07:18.026936Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/297b644c-fd28-4664-9d66-b5fbd0ad3299",
          "noteName": "projects/goog-vulnz/notes/CVE-2020-13790",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T23:07:18.026936Z",
          "vulnerability": {
            "cvssScore": 5.8,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 8.1,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 2.8,
              "impactScore": 5.2,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_REQUIRED"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libjpeg-turbo",
                "affectedVersion": {
                  "fullName": "2.0.2-r0",
                  "kind": "NORMAL",
                  "name": "2.0.2",
                  "revision": "r0"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libjpeg-turbo",
                "fixedVersion": {
                  "fullName": "2.0.4-r1",
                  "kind": "NORMAL",
                  "name": "2.0.4",
                  "revision": "r1"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2020-13790"
          }
        },
        {
          "createTime": "2022-08-29T15:04:09.511045Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/36df747b-f5ac-4c4f-8640-0d881f165443",
          "noteName": "projects/goog-vulnz/notes/CVE-2021-28831",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:09.511045Z",
          "vulnerability": {
            "cvssScore": 5.0,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 7.5,
              "confidentialityImpact": "IMPACT_NONE",
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "busybox",
                "affectedVersion": {
                  "fullName": "1.30.1-r2",
                  "kind": "NORMAL",
                  "name": "1.30.1",
                  "revision": "r2"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "busybox",
                "fixedVersion": {
                  "fullName": "1.30.1-r5",
                  "kind": "NORMAL",
                  "name": "1.30.1",
                  "revision": "r5"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2021-28831"
          }
        },
        {
          "createTime": "2022-08-29T15:04:11.829970Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/65b7a19e-69da-48ce-a2e1-64df188f44cc",
          "noteName": "projects/goog-vulnz/notes/CVE-2019-13117",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:11.829970Z",
          "vulnerability": {
            "cvssScore": 5.0,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_NONE",
              "baseScore": 7.5,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxslt",
                "affectedVersion": {
                  "fullName": "1.1.33-r1",
                  "kind": "NORMAL",
                  "name": "1.1.33",
                  "revision": "r1"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxslt",
                "fixedVersion": {
                  "fullName": "1.1.33-r3",
                  "kind": "NORMAL",
                  "name": "1.1.33",
                  "revision": "r3"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2019-13117"
          }
        },
        {
          "createTime": "2022-08-29T15:04:12.268580Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/7f6024da-cca4-45de-9644-9aefde690fae",
          "noteName": "projects/goog-vulnz/notes/CVE-2020-14155",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:12.268580Z",
          "vulnerability": {
            "cvssScore": 5.0,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_LOW",
              "baseScore": 5.3,
              "confidentialityImpact": "IMPACT_NONE",
              "exploitabilityScore": 3.9,
              "impactScore": 1.4,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "pcre",
                "affectedVersion": {
                  "fullName": "8.43-r0",
                  "kind": "NORMAL",
                  "name": "8.43",
                  "revision": "r0"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "pcre",
                "fixedVersion": {
                  "fullName": "8.43-r1",
                  "kind": "NORMAL",
                  "name": "8.43",
                  "revision": "r1"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2020-14155"
          }
        },
        {
          "createTime": "2022-08-29T15:04:11.717313Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/84ee2281-a769-4e8a-9cbf-93a063bb4ef2",
          "noteName": "projects/goog-vulnz/notes/CVE-2019-13118",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:11.717313Z",
          "vulnerability": {
            "cvssScore": 5.0,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_NONE",
              "baseScore": 7.5,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:N",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxslt",
                "affectedVersion": {
                  "fullName": "1.1.33-r1",
                  "kind": "NORMAL",
                  "name": "1.1.33",
                  "revision": "r1"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxslt",
                "fixedVersion": {
                  "fullName": "1.1.33-r3",
                  "kind": "NORMAL",
                  "name": "1.1.33",
                  "revision": "r3"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2019-13118"
          }
        },
        {
          "createTime": "2022-08-29T15:04:07.821209Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/8ea01410-6451-4750-b66a-287014eb6f82",
          "noteName": "projects/goog-vulnz/notes/CVE-2020-24977",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:07.821209Z",
          "vulnerability": {
            "cvssScore": 6.4,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_LOW",
              "baseScore": 6.5,
              "confidentialityImpact": "IMPACT_LOW",
              "exploitabilityScore": 3.9,
              "impactScore": 2.5,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxml2",
                "affectedVersion": {
                  "fullName": "2.9.9-r2",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r2"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxml2",
                "fixedVersion": {
                  "fullName": "2.9.9-r4",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r4"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2020-24977"
          }
        },
        {
          "createTime": "2022-08-29T15:04:09.824398Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/9c687953-b27f-4531-a84a-49046fe33461",
          "noteName": "projects/goog-vulnz/notes/CVE-2021-36159",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:09.824398Z",
          "vulnerability": {
            "cvssScore": 6.4,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 9.1,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 3.9,
              "impactScore": 5.2,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "apk-tools",
                "affectedVersion": {
                  "fullName": "2.10.4-r2",
                  "kind": "NORMAL",
                  "name": "2.10.4",
                  "revision": "r2"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "apk-tools",
                "fixedVersion": {
                  "fullName": "2.10.7-r0",
                  "kind": "NORMAL",
                  "name": "2.10.7",
                  "revision": "r0"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2021-36159"
          }
        },
        {
          "createTime": "2022-08-29T15:04:10.970746Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/c6d1235b-bd30-4468-875c-affc7dbbe007",
          "noteName": "projects/goog-vulnz/notes/CVE-2019-19956",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:10.970746Z",
          "vulnerability": {
            "cvssScore": 5.0,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 7.5,
              "confidentialityImpact": "IMPACT_NONE",
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxml2",
                "affectedVersion": {
                  "fullName": "2.9.9-r2",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r2"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxml2",
                "fixedVersion": {
                  "fullName": "2.9.9-r3",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r3"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2019-19956"
          }
        },
        {
          "createTime": "2022-08-29T15:04:11.132973Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/d058e0cf-cabd-4c5b-bc47-70692c981717",
          "noteName": "projects/goog-vulnz/notes/CVE-2021-30139",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:11.132973Z",
          "vulnerability": {
            "cvssScore": 5.0,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 7.5,
              "confidentialityImpact": "IMPACT_NONE",
              "exploitabilityScore": 3.9,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "apk-tools",
                "affectedVersion": {
                  "fullName": "2.10.4-r2",
                  "kind": "NORMAL",
                  "name": "2.10.4",
                  "revision": "r2"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "apk-tools",
                "fixedVersion": {
                  "fullName": "2.10.6-r0",
                  "kind": "NORMAL",
                  "name": "2.10.6",
                  "revision": "r0"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2021-30139"
          }
        },
        {
          "createTime": "2022-08-29T15:04:07.396688Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/d23e70ae-ca3e-46e7-a198-340f794cde4a",
          "noteName": "projects/goog-vulnz/notes/CVE-2021-3537",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:07.396688Z",
          "vulnerability": {
            "cvssScore": 4.3,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_HIGH",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 5.9,
              "confidentialityImpact": "IMPACT_NONE",
              "exploitabilityScore": 2.2,
              "impactScore": 3.6,
              "integrityImpact": "IMPACT_NONE",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_NONE"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:N/I:N/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxml2",
                "affectedVersion": {
                  "fullName": "2.9.9-r2",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r2"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxml2",
                "fixedVersion": {
                  "fullName": "2.9.9-r5",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r5"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2021-3537"
          }
        },
        {
          "createTime": "2022-08-29T15:04:08.546833Z",
          "kind": "VULNERABILITY",
          "name": "projects/your-project/occurrences/ec3c4e4a-a271-4328-939e-ba2621bc9c9b",
          "noteName": "projects/goog-vulnz/notes/CVE-2021-3518",
          "resourceUri": "https://eu.gcr.io/your-project/nginx@sha256:0123456789xxxxx",
          "updateTime": "2022-08-29T15:04:08.546833Z",
          "vulnerability": {
            "cvssScore": 6.8,
            "cvssv3": {
              "attackComplexity": "ATTACK_COMPLEXITY_LOW",
              "attackVector": "ATTACK_VECTOR_NETWORK",
              "availabilityImpact": "IMPACT_HIGH",
              "baseScore": 8.8,
              "confidentialityImpact": "IMPACT_HIGH",
              "exploitabilityScore": 2.8,
              "impactScore": 5.9,
              "integrityImpact": "IMPACT_HIGH",
              "privilegesRequired": "PRIVILEGES_REQUIRED_NONE",
              "scope": "SCOPE_UNCHANGED",
              "userInteraction": "USER_INTERACTION_REQUIRED"
            },
            "effectiveSeverity": "MEDIUM",
            "fixAvailable": true,
            "longDescription": "NIST vectors: AV:N/AC:M/Au:N/C:P/I:P/A:P",
            "packageIssue": [
              {
                "affectedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "affectedPackage": "libxml2",
                "affectedVersion": {
                  "fullName": "2.9.9-r2",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r2"
                },
                "effectiveSeverity": "MEDIUM",
                "fixAvailable": true,
                "fixedCpeUri": "cpe:/o:alpine:alpine_linux:3.10",
                "fixedPackage": "libxml2",
                "fixedVersion": {
                  "fullName": "2.9.9-r5",
                  "kind": "NORMAL",
                  "name": "2.9.9",
                  "revision": "r5"
                },
                "packageType": "OS"
              }
            ],
            "severity": "MEDIUM",
            "shortDescription": "CVE-2021-3518"
          }
        }
      ]
    }
  }
}

See also[edit]

Advertising: