Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

CVE(s) found #1605

Closed
github-actions bot opened this issue Jan 23, 2023 · 7 comments
Closed

CVE(s) found #1605

github-actions bot opened this issue Jan 23, 2023 · 7 comments
Labels
cve status/blocked Issue or PR that is blocked. See comments. type/bug Issue that reports an unexpected behaviour.

Comments

@github-actions
Copy link

Latest buildpacksio/pack v0.28.0 triggered CVE(s) from Grype. For further details, see: https://github.com/buildpacks/pack/actions/runs/3982774258
@github-actions github-actions bot added type/bug Issue that reports an unexpected behaviour. status/triage Issue or PR that requires contributor attention. cve labels Jan 23, 2023
@natalieparellano
Copy link
Member

Grype output:

{
  "version": "2.1.0",
  "$schema": "https://json.schemastore.org/sarif-2.1.0-rtm.5.json",
  "runs": [
    {
      "tool": {
        "driver": {
          "name": "Grype",
          "version": "0.50.2",
          "informationUri": "https://github.com/anchore/grype",
          "rules": [
            {
              "id": "CVE-2009-5155-libc6",
              "name": "DpkgMatcherExactIndirectMatch",
              "shortDescription": {
                "text": "CVE-2009-5155 low vulnerability for libc6 package"
              },
              "fullDescription": {
                "text": "Version 2.27-3ubuntu1.6 is affected with no fixes reported yet."
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability CVE-2009-5155\nSeverity: low\nPackage: libc6\nVersion: 2.27-3ubuntu1.6\nFix Version: \nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:18.04\nLink: [CVE-2009-5155](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2009-5155)",
                "markdown": "**Vulnerability CVE-2009-5155**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low  | libc6  | 2.27-3ubuntu1.6  |   | deb  | /usr/share/doc/libc6/copyright  | ubuntu:distro:ubuntu:18.04  | [CVE-2009-5155](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2009-5155)  |\n"
              },
              "properties": {
                "security-severity": "7.5"
              }
            },
            {
              "id": "CVE-2015-5237-google.golang.org/protobuf",
              "name": "GoModuleMatcherCpeMatch",
              "shortDescription": {
                "text": "CVE-2015-5237 high vulnerability for google.golang.org/protobuf package"
              },
              "fullDescription": {
                "text": "protobuf allows remote authenticated attackers to cause a heap-based buffer overflow."
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability CVE-2015-5237\nSeverity: high\nPackage: google.golang.org/protobuf\nVersion: v1.28.1\nFix Version: \nType: go-module\nLocation: /layers/paketo-buildpacks_go-build/targets/bin/pack\nData Namespace: nvd:cpe\nLink: [CVE-2015-5237](https://nvd.nist.gov/vuln/detail/CVE-2015-5237)",
                "markdown": "**Vulnerability CVE-2015-5237**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| high  | google.golang.org/protobuf  | v1.28.1  |   | go-module  | /layers/paketo-buildpacks_go-build/targets/bin/pack  | nvd:cpe  | [CVE-2015-5237](https://nvd.nist.gov/vuln/detail/CVE-2015-5237)  |\n"
              },
              "properties": {
                "security-severity": "8.8"
              }
            },
            {
              "id": "CVE-2015-8985-libc6",
              "name": "DpkgMatcherExactIndirectMatch",
              "shortDescription": {
                "text": "CVE-2015-8985 low vulnerability for libc6 package"
              },
              "fullDescription": {
                "text": "Version 2.27-3ubuntu1.6 is affected with no fixes reported yet."
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability CVE-2015-8985\nSeverity: low\nPackage: libc6\nVersion: 2.27-3ubuntu1.6\nFix Version: \nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:18.04\nLink: [CVE-2015-8985](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8985)",
                "markdown": "**Vulnerability CVE-2015-8985**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low  | libc6  | 2.27-3ubuntu1.6  |   | deb  | /usr/share/doc/libc6/copyright  | ubuntu:distro:ubuntu:18.04  | [CVE-2015-8985](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2015-8985)  |\n"
              },
              "properties": {
                "security-severity": "5.9"
              }
            },
            {
              "id": "CVE-2016-20013-libc6",
              "name": "DpkgMatcherExactIndirectMatch",
              "shortDescription": {
                "text": "CVE-2016-20013 low vulnerability for libc6 package"
              },
              "fullDescription": {
                "text": "Version 2.27-3ubuntu1.6 is affected with no fixes reported yet."
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability CVE-2016-20013\nSeverity: low\nPackage: libc6\nVersion: 2.27-3ubuntu1.6\nFix Version: \nType: deb\nLocation: /usr/share/doc/libc6/copyright\nData Namespace: ubuntu:distro:ubuntu:18.04\nLink: [CVE-2016-20013](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013)",
                "markdown": "**Vulnerability CVE-2016-20013**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| low  | libc6  | 2.27-3ubuntu1.6  |   | deb  | /usr/share/doc/libc6/copyright  | ubuntu:distro:ubuntu:18.04  | [CVE-2016-20013](http://people.ubuntu.com/~ubuntu-security/cve/CVE-2016-20013)  |\n"
              },
              "properties": {
                "security-severity": "7.5"
              }
            },
            {
              "id": "CVE-2021-22570-google.golang.org/protobuf",
              "name": "GoModuleMatcherCpeMatch",
              "shortDescription": {
                "text": "CVE-2021-22570 medium vulnerability for google.golang.org/protobuf package"
              },
              "fullDescription": {
                "text": "Nullptr dereference when a null char is present in a proto symbol. The symbol is parsed incorrectly, leading to an unchecked call into the proto file's name during generation of the resulting error message. Since the symbol is incorrectly parsed, the file is nullptr. We recommend upgrading to version 3.15.0 or greater."
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability CVE-2021-22570\nSeverity: medium\nPackage: google.golang.org/protobuf\nVersion: v1.28.1\nFix Version: \nType: go-module\nLocation: /layers/paketo-buildpacks_go-build/targets/bin/pack\nData Namespace: nvd:cpe\nLink: [CVE-2021-22570](https://nvd.nist.gov/vuln/detail/CVE-2021-22570)",
                "markdown": "**Vulnerability CVE-2021-22570**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium  | google.golang.org/protobuf  | v1.28.1  |   | go-module  | /layers/paketo-buildpacks_go-build/targets/bin/pack  | nvd:cpe  | [CVE-2021-22570](https://nvd.nist.gov/vuln/detail/CVE-2021-22570)  |\n"
              },
              "properties": {
                "security-severity": "5.5"
              }
            },
            {
              "id": "GHSA-2qjp-425j-52j9-github.com/containerd/containerd",
              "name": "GoModuleMatcherExactDirectMatch",
              "shortDescription": {
                "text": "GHSA-2qjp-425j-52j9 medium vulnerability for github.com/containerd/containerd package"
              },
              "fullDescription": {
                "text": "containerd CRI stream server vulnerable to host memory exhaustion via terminal"
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability GHSA-2qjp-425j-52j9\nSeverity: medium\nPackage: github.com/containerd/containerd\nVersion: v1.6.9\nFix Version: 1.6.12\nType: go-module\nLocation: /layers/paketo-buildpacks_go-build/targets/bin/pack\nData Namespace: github:language:go\nLink: [GHSA-2qjp-425j-52j9](https://github.com/advisories/GHSA-2qjp-425j-52j9)",
                "markdown": "**Vulnerability GHSA-2qjp-425j-52j9**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium  | github.com/containerd/containerd  | v1.6.9  | 1.6.12  | go-module  | /layers/paketo-buildpacks_go-build/targets/bin/pack  | github:language:go  | [GHSA-2qjp-425j-52j9](https://github.com/advisories/GHSA-2qjp-425j-52j9)  |\n"
              },
              "properties": {
                "security-severity": "6.5"
              }
            },
            {
              "id": "GHSA-f3fp-gc8g-vw66-github.com/opencontainers/runc",
              "name": "GoModuleMatcherExactDirectMatch",
              "shortDescription": {
                "text": "GHSA-f3fp-gc8g-vw66 medium vulnerability for github.com/opencontainers/runc package"
              },
              "fullDescription": {
                "text": "Default inheritable capabilities for linux container should be empty"
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability GHSA-f3fp-gc8g-vw66\nSeverity: medium\nPackage: github.com/opencontainers/runc\nVersion: v1.0.0-rc95\nFix Version: 1.1.2\nType: go-module\nLocation: /layers/paketo-buildpacks_go-build/targets/bin/pack\nData Namespace: github:language:go\nLink: [GHSA-f3fp-gc8g-vw66](https://github.com/advisories/GHSA-f3fp-gc8g-vw66)",
                "markdown": "**Vulnerability GHSA-f3fp-gc8g-vw66**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium  | github.com/opencontainers/runc  | v1.0.0-rc95  | 1.1.2  | go-module  | /layers/paketo-buildpacks_go-build/targets/bin/pack  | github:language:go  | [GHSA-f3fp-gc8g-vw66](https://github.com/advisories/GHSA-f3fp-gc8g-vw66)  |\n"
              },
              "properties": {
                "security-severity": "7.8"
              }
            },
            {
              "id": "GHSA-v95c-p5hm-xq8f-github.com/opencontainers/runc",
              "name": "GoModuleMatcherExactDirectMatch",
              "shortDescription": {
                "text": "GHSA-v95c-p5hm-xq8f medium vulnerability for github.com/opencontainers/runc package"
              },
              "fullDescription": {
                "text": "Overflow in netlink bytemsg length field allows attacker to override netlink-based container configuration"
              },
              "helpUri": "https://github.com/anchore/grype",
              "help": {
                "text": "Vulnerability GHSA-v95c-p5hm-xq8f\nSeverity: medium\nPackage: github.com/opencontainers/runc\nVersion: v1.0.0-rc95\nFix Version: 1.0.3\nType: go-module\nLocation: /layers/paketo-buildpacks_go-build/targets/bin/pack\nData Namespace: github:language:go\nLink: [GHSA-v95c-p5hm-xq8f](https://github.com/advisories/GHSA-v95c-p5hm-xq8f)",
                "markdown": "**Vulnerability GHSA-v95c-p5hm-xq8f**\n| Severity | Package | Version | Fix Version | Type | Location | Data Namespace | Link |\n| --- | --- | --- | --- | --- | --- | --- | --- |\n| medium  | github.com/opencontainers/runc  | v1.0.0-rc95  | 1.0.3  | go-module  | /layers/paketo-buildpacks_go-build/targets/bin/pack  | github:language:go  | [GHSA-v95c-p5hm-xq8f](https://github.com/advisories/GHSA-v95c-p5hm-xq8f)  |\n"
              },
              "properties": {
                "security-severity": "6.0"
              }
            }
          ]
        }
      },
      "results": [
        {
          "ruleId": "CVE-2009-5155-libc6",
          "message": {
            "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.27-3ubuntu1.6  which is a vulnerable (deb) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//usr/share/doc/libc6/copyright"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/usr/share/doc/libc6/copyright",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:897e8be8f2ca3fd189fdf6ea260ba7973474a4b98c6d59b9b9b58ff3fc930432:/usr/share/doc/libc6/copyright"
                },
                {
                  "name": "/var/lib/dpkg/status.d/libc6",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:897e8be8f2ca3fd189fdf6ea260ba7973474a4b98c6d59b9b9b58ff3fc930432:/var/lib/dpkg/status.d/libc6"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "CVE-2015-5237-google.golang.org/protobuf",
          "message": {
            "text": "The path /layers/paketo-buildpacks_go-build/targets/bin/pack reports google.golang.org/protobuf at version v1.28.1  which is a vulnerable (go-module) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//layers/paketo-buildpacks_go-build/targets/bin/pack"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/layers/paketo-buildpacks_go-build/targets/bin/pack",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:96d5b1e30e6a69c3a37f28064608dfe70253ce3fcdba2ae9f5b93a84abe724e5:/layers/paketo-buildpacks_go-build/targets/bin/pack"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "CVE-2015-8985-libc6",
          "message": {
            "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.27-3ubuntu1.6  which is a vulnerable (deb) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//usr/share/doc/libc6/copyright"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/usr/share/doc/libc6/copyright",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:897e8be8f2ca3fd189fdf6ea260ba7973474a4b98c6d59b9b9b58ff3fc930432:/usr/share/doc/libc6/copyright"
                },
                {
                  "name": "/var/lib/dpkg/status.d/libc6",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:897e8be8f2ca3fd189fdf6ea260ba7973474a4b98c6d59b9b9b58ff3fc930432:/var/lib/dpkg/status.d/libc6"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "CVE-2016-20013-libc6",
          "message": {
            "text": "The path /usr/share/doc/libc6/copyright reports libc6 at version 2.27-3ubuntu1.6  which is a vulnerable (deb) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//usr/share/doc/libc6/copyright"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/usr/share/doc/libc6/copyright",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:897e8be8f2ca3fd189fdf6ea260ba7973474a4b98c6d59b9b9b58ff3fc930432:/usr/share/doc/libc6/copyright"
                },
                {
                  "name": "/var/lib/dpkg/status.d/libc6",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:897e8be8f2ca3fd189fdf6ea260ba7973474a4b98c6d59b9b9b58ff3fc930432:/var/lib/dpkg/status.d/libc6"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "CVE-2021-22570-google.golang.org/protobuf",
          "message": {
            "text": "The path /layers/paketo-buildpacks_go-build/targets/bin/pack reports google.golang.org/protobuf at version v1.28.1  which is a vulnerable (go-module) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//layers/paketo-buildpacks_go-build/targets/bin/pack"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/layers/paketo-buildpacks_go-build/targets/bin/pack",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:96d5b1e30e6a69c3a37f28064608dfe70253ce3fcdba2ae9f5b93a84abe724e5:/layers/paketo-buildpacks_go-build/targets/bin/pack"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "GHSA-2qjp-425j-52j9-github.com/containerd/containerd",
          "message": {
            "text": "The path /layers/paketo-buildpacks_go-build/targets/bin/pack reports github.com/containerd/containerd at version v1.6.9  which is a vulnerable (go-module) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//layers/paketo-buildpacks_go-build/targets/bin/pack"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/layers/paketo-buildpacks_go-build/targets/bin/pack",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:96d5b1e30e6a69c3a37f28064608dfe70253ce3fcdba2ae9f5b93a84abe724e5:/layers/paketo-buildpacks_go-build/targets/bin/pack"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "GHSA-f3fp-gc8g-vw66-github.com/opencontainers/runc",
          "message": {
            "text": "The path /layers/paketo-buildpacks_go-build/targets/bin/pack reports github.com/opencontainers/runc at version v1.0.0-rc95  which is a vulnerable (go-module) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//layers/paketo-buildpacks_go-build/targets/bin/pack"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/layers/paketo-buildpacks_go-build/targets/bin/pack",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:96d5b1e30e6a69c3a37f28064608dfe70253ce3fcdba2ae9f5b93a84abe724e5:/layers/paketo-buildpacks_go-build/targets/bin/pack"
                }
              ]
            }
          ]
        },
        {
          "ruleId": "GHSA-v95c-p5hm-xq8f-github.com/opencontainers/runc",
          "message": {
            "text": "The path /layers/paketo-buildpacks_go-build/targets/bin/pack reports github.com/opencontainers/runc at version v1.0.0-rc95  which is a vulnerable (go-module) package installed in the container"
          },
          "locations": [
            {
              "physicalLocation": {
                "artifactLocation": {
                  "uri": "image//layers/paketo-buildpacks_go-build/targets/bin/pack"
                },
                "region": {
                  "startLine": 1,
                  "startColumn": 1,
                  "endLine": 1,
                  "endColumn": 1
                }
              },
              "logicalLocations": [
                {
                  "name": "/layers/paketo-buildpacks_go-build/targets/bin/pack",
                  "fullyQualifiedName": "buildpacksio/pack:0.28.0@sha256:96d5b1e30e6a69c3a37f28064608dfe70253ce3fcdba2ae9f5b93a84abe724e5:/layers/paketo-buildpacks_go-build/targets/bin/pack"
                }
              ]
            }
          ]
        }
      ]
    }
  ]
}

@jjbustamante
Copy link
Member

jjbustamante commented Jan 23, 2023
edited
Loading

I ran grype against the docker image of pack published at docker hub, after checking the latest 'go.mod' file, I noticed some of the CVEs should be fixed with the latest dependencies update. So I built pack from the main branch, and then scan that image.

Screenshot 2023-01-23 at 6 27 54 PM

As we can see 1 CVE is already fixed, the first one, but there one still open:

google.golang.org/protobuf v1.28.1 go-module CVE-2015-5237 High but it seems there is not fixe available yet

@jjbustamante
Copy link
Member

jjbustamante commented Jan 23, 2023
edited
Loading

Also I think the dependencies came from the lifecycle. see this imagre

Screenshot 2023-01-23 at 6 50 55 PM

And the scanning of the lifecycle

Screenshot 2023-01-23 at 6 52 59 PM

The problem is the lifecycle seems to be related to the dependency with Kaniko, see

@natalieparellano
Copy link
Member

Good catch @jjbustamante - in this case we might need to create a .grype.yaml file (as we do for the lifecycle) to exclude the ones that aren't possible to patch.

This may all go away if we can update the kaniko dependencies (as was suggested here) but we are still waiting for upstream changes to be released.

@jjbustamante jjbustamante mentioned this issue Feb 20, 2023
Closed
@jjbustamante jjbustamante added status/blocked Issue or PR that is blocked. See comments. and removed status/triage Issue or PR that requires contributor attention. labels Aug 14, 2023
@jjbustamante
Copy link
Member

We will check this one after 0.30.0 is released

@jjbustamante
Copy link
Member

I just built locally pack 0.30.0-RC2 and it looks fine.

➜  pack git:(c38f7da1) grype out/pack
 ✔ Vulnerability DB        [no update available]
New version of grype is available: 0.65.1 (currently running: 0.57.1)
 ✔ Indexed out/pack
 ✔ Cataloged packages      [100 packages]
 ✔ Scanned image           [2 vulnerabilities]
No vulnerabilities found

@jjbustamante
Copy link
Member

Closing this one, as pack 0.30.0 was released!

Screenshot 2023-08-18 at 11 26 49 AM

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
cve status/blocked Issue or PR that is blocked. See comments. type/bug Issue that reports an unexpected behaviour.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@jjbustamante @natalieparellano