1
0
mirror of https://github.com/SAP/jenkins-library.git synced 2024-12-16 11:09:33 +02:00
sap-jenkins-library/pkg/protecode/testdata/protecode_result_violations.json

1 line
1.4 MiB
JSON
Raw Normal View History

{"meta": {"code": 200}, "results": {"components": [{"extended-objects": [{"confidence": 1.0, "sha1": "6760d4578f89646425fa0cb8e519896eca8c69da", "name": "libacl.so.1.1.0", "timestamp": 1369299888, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "lib/x86_64-linux-gnu/libacl.so.1.1.0"], "type": "native"}], "objects": ["libacl.so.1.1.0"], "version": "2.2.52-1", "lib": "acl", "distro_version": "2.2.52-1", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 1, "exact": 0, "historical": 1}, "vulns": [{"vuln": {"cve": "CVE-2009-4411", "summary": "The (1) setfacl and (2) getfacl commands in XFS acl 2.2.47, when running in recursive (-R) mode, follow symbolic links even when the --physical (aka -P) or -L option is specified, which might allow local users to modify the ACL for arbitrary files or directories via a symlink attack.", "cvss": 3.7, "published": "2009-12-24T16:30:00", "modified": "2017-08-17T01:31:34", "published-epoch": "1261672200", "modified-epoch": "1502933494", "cwe": "CWE-264", "cvss_access_vector": "LOCAL", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2009-12-25T11:27:00", "cvss_created-epoch": "1261740420", "cvss2_vector": "AV:L/AC:H/Au:N:/C:P/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "timestamp-objects": []}], "tags": ["acl"], "short_version": "2.2.52-1", "latest_cmp": null, "homepage": null, "url": null, "codetype": "Native", "coverity_scan": null}, {"extended-objects": [{"confidence": 0.9620493358633776, "sha1": "b3bad620d363c6ca832559c0d6de51037a1608b8", "name": "libapt-pkg.so.4.12.0", "timestamp": 1426638505, "binary-type": "elf-shared-x86_64", "matching-method": "signature", "fullpath": ["whalesay.tar", "cc88f763e297503d2407d6b462b2b390a6fd006b30f51c8efa03dd88fa801b89/layer.tar", "usr/lib/x86_64-linux-gnu/libapt-pkg.so.4.12.0"], "type": "native"}], "objects": ["libapt-pkg.so.4.12.0"], "version": "1.0.1ubuntu2.7", "lib": "apt", "distro_version": "1.0.1ubuntu2.7", "distro": "ubuntu", "latest_version": null, "vuln-count": {"total": 16, "exact": 0, "historical": 16}, "vulns": [{"vuln": {"cve": "CVE-2014-0478", "summary": "APT before 1.0.4 does not properly validate source packages, which allows man-in-the-middle attackers to download and install Trojan horse packages by removing the Release signature.", "cvss": 4.0, "published": "2014-06-17T14:55:06", "modified": "2017-12-22T02:29:12", "published-epoch": "1403016906", "modified-epoch": "1513909752", "cwe": "CWE-20", "cvss_access_vector": "NETWORK", "cvss_access_complexity": "HIGH", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "NONE", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-06-17T11:39:17", "cvss_created-epoch": "1403005157", "cvss2_vector": "AV:N/AC:H/Au:N:/C:N/I:P/A:P", "cvss3_vector": null, "cvss3_score": "0"}, "exact": false, "invalidation": {"reason": "Vendor patched", "reason_text": "Distribution vendor has backported the fix for this vulnerability", "type": "distro-backport"}}, {"vuln": {"cve": "CVE-2014-0487", "summary": "APT before 1.0.9 does not verify downloaded files if they have been modified as indicated using the If-Modified-Since header, which has unspecified impact and attack vectors.", "cvss": 7.5, "published": "2014-11-03T22:55:07", "modified": "2014-11-04T22:13:31", "published-epoch": "1415055307", "modified-epoch": "1415139211", "cwe": null, "cvss_access_vector": "NETWORK", "cvss_access_complexity": "LOW", "cvss_authentication": "NONE", "cvss_confidentiality_impact": "PARTIAL", "cvss_integrity_impact": "PARTIAL", "cvss_availability_impact": "PARTIAL", "cvss_source": "http://nvd.nist.gov", "cvss_created": "2014-11-04T12:50:38", "cvss_created-epoch": "1415105438", "cvss2_vecto