Teste

paulo@paulo:~$ ssh paulo@10.200.14.
21
paulo@10.200.14.21's password:
Last login: Tue May 24 09:10:01 2022 from 10.19.14.246
paulo@PC991006948900:~$
paulo@PC991006948900:~$ cd s
s4s/ spring4shell/
paulo@PC991006948900:~$ cd s4s/
paulo@PC991006948900:~/s4s$ ls
find_vuln.py repositories.py todo-nexus.txt vulnerabilities.py
paulo@PC991006948900:~/s4s$ ls -lh
total 52K
-rw-rw-r-- 1 paulo paulo 2,3K mai 6 10:23 find_vuln.py
-rw-rw-r-- 1 paulo paulo 586 abr 6 15:05 repositories.py
-rw-rw-r-- 1 paulo paulo 4,9K mai 6 11:07 todo-nexus.txt
-rw-rw-r-- 1 paulo paulo 1009 abr 6 15:02 vulnerabilities.py
paulo@PC991006948900:~/s4s$ cat find_vuln.py
import requests
from urllib3.exceptions import InsecureRequestWarning
import json
import sys
def get_repositories(project):
requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
url="https://harbor.pbh.gov.br/api/v2.0/search?q=" + project
headers = {
"accept": "application/json",
"authorization": "Basic YWRtaW46I2hwIUBLaEs0NQ=="
}
response = requests.get(url, headers = headers, verify = False)
response_json = json.loads(response.text)
repositories = []
for repository in response_json["repository"]:
repository_name = repository["repository_name"][len(project)
+1:].replace("/", "%252F")
repositories.append(repository_name)
return repositories
def get_vuln_urls(project, repository_name):

requests.packages.urllib3.disable_warnings(category=InsecureRequestWarning)
url = "https://harbor.pbh.gov.br/api/v2.0/projects/" + project +
"/repositories/" + repository_name + "/artifacts?
page=1&page_size=0&with_tag=true&with_label=false&with_scan_overview=false&with_sig
nature=false&with_immutable_status=false"
headers = {
"X-Accept-Vulnerabilities":
"application/vnd.security.vulnerability.report; version=1.1,
application/vnd.scanner.adapter.vuln.report.harbor+json; version=1.0",
}
response = requests.get(url, headers = headers, verify = False)
response_json = json.loads(response.text)
vuln_urls = []
for i in range (0, len(response_json)):
vuln_url = "https://harbor.pbh.gov.br" + response_json[i]
["addition_links"]["vulnerabilities"]["href"]
vuln_urls.append(vuln_url)
return vuln_urls
if len(sys.argv) == 3:
# buscar por "id":"CVE-2022-22965"
cve = "\"id\":\"" + sys.argv[1].upper() + "\""
project = sys.argv[2]
repositories = get_repositories(project)
headers = {
}
for repository in repositories:
vuln_urls = get_vuln_urls(project, repository)
path = project + "/" + repository.replace("%252F", "/")
#print("Procurando em:", path)
for url in vuln_urls:
rsp = requests.get(url, headers = headers, verify = False)
if rsp.text.find(cve) != -1:
pos = url.find("sha256")
artifact = url[pos:pos+15]
print("Achou em:", path, artifact, flush=True)
#print(rsp.text)
paulo@PC991006948900:~/s4s$
paulo@PC991006948900:~/s4s$ ssh paulolucio.oliveira@harbor.pbh.gov.br
Enter passphrase for key '/home/paulo/.ssh/id_rsa':
Linux vlcp-harbor01 5.10.0-10-amd64 #1 SMP Debian 5.10.84-1 (2021-12-08) x86_64
The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.
Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

permitted by applicable law.
Last login: Wed May 4 15:14:52 2022 from 10.19.14.13
paulolucio.oliveira@vlcp-harbor01:~$ ls
paulolucio.oliveira@vlcp-harbor01:~$ cd /home/
adm/ custodio/ gpmi/ jgeraldo/
linari/ mfonseca/ rodrigo.alonso/
alisson/ diogofernandes/ harbor01/ jose.apereira/
lucas.c.santos/ operur6/ ruas/
arthur.augusto/ felipemarques/ importacaodc/ lcappai/
luchesi/ paulolucio.oliveira/ tiago.jcosta/
carlos.matias/ filiphe.dsouza/ jackson.lima/ leandro.liborio/
luciano.almeida/ pedroft/ weverton.ti/
celsokenji/ flavio.junio/ jamilton/ leonan/
luiz.f.martins/ PREFEITURA/ wilma/
cesar.lgoncalves/ glayber.junco/ jenkins/ lfatima/
marcusvs/ rluiz/
paulolucio.oliveira@vlcp-harbor01:~$ cd /home/gpmi
paulolucio.oliveira@vlcp-harbor01:/home/gpmi$ ls
harbor harbor.pbh.gov.br.crt old_files pbh.gov.br.pem v3.ext
paulolucio.oliveira@vlcp-harbor01:/home/gpmi$ cd harbor
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ ls
LICENSE common common.sh docker-compose.yml harbor.v2.4.1.tar.gz harbor.yml
harbor.yml.tmpl install.sh prepare
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ cat docker-compose.yml
version: '2.3'
services:
log:
image: goharbor/harbor-log:v2.4.1
container_name: harbor-log
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /var/log/harbor/:/var/log/docker/:z
- type: bind
source: ./common/config/log/logrotate.conf
target: /etc/logrotate.d/logrotate.conf
- type: bind
source: ./common/config/log/rsyslog_docker.conf
target: /etc/rsyslog.d/rsyslog_docker.conf
ports:
- 127.0.0.1:1514:10514
networks:
- harbor
registry:
image: goharbor/registry-photon:v2.4.1
container_name: registry
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: /data/secret/registry/root.crt
target: /etc/registry/root.crt
- type: bind
source: ./common/config/shared/trust-certificates
target: /harbor_cust_cert
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
syslog-address: "tcp://localhost:1514"
tag: "registry"
registryctl:
image: goharbor/harbor-registryctl:v2.4.1
container_name: registryctl
env_file:
- ./common/config/registryctl/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/registry:/storage:z
- ./common/config/registry/:/etc/registry/:z
- type: bind
source: ./common/config/registryctl/config.yml
target: /etc/registryctl/config.yml
- type: bind
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
tag: "registryctl"
postgresql:
image: goharbor/harbor-db:v2.4.1
container_name: harbor-db
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- DAC_OVERRIDE
- SETGID
- SETUID
volumes:
- /data/database:/var/lib/postgresql/data:z
networks:
harbor:
env_file:
- ./common/config/db/env
depends_on:
- log
logging:
driver: "syslog"
options:
tag: "postgresql"
shm_size: '1gb'
core:
image: goharbor/harbor-core:v2.4.1
container_name: harbor-core
env_file:
- ./common/config/core/env
restart: always
cap_drop:
- ALL
cap_add:
- SETGID
- SETUID
volumes:
- /data/ca_download/:/etc/core/ca/:z
- /data/:/data/:z
- ./common/config/core/certificates/:/etc/core/certificates/:z
- type: bind
source: ./common/config/core/app.conf
target: /etc/core/app.conf
- type: bind
source: /data/secret/core/private_key.pem
target: /etc/core/private_key.pem
- type: bind
source: /data/secret/keys/secretkey
target: /etc/core/key
- type: bind
networks:
harbor:
depends_on:
- log
- registry
- redis
- postgresql
logging:
driver: "syslog"
options:
tag: "core"
portal:
image: goharbor/harbor-portal:v2.4.1
container_name: harbor-portal
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- type: bind
source: ./common/config/portal/nginx.conf
target: /etc/nginx/nginx.conf
networks:
- harbor
depends_on:
- log
logging:
driver: "syslog"
options:
tag: "portal"
jobservice:
image: goharbor/harbor-jobservice:v2.4.1
container_name: harbor-jobservice
env_file:
- ./common/config/jobservice/env
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/job_logs:/var/log/jobs:z
- type: bind
source: ./common/config/jobservice/config.yml
target: /etc/jobservice/config.yml
- type: bind
networks:
- harbor
depends_on:
- core
logging:
driver: "syslog"
options:
tag: "jobservice"
redis:
image: goharbor/redis-photon:v2.4.1
container_name: redis
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
volumes:
- /data/redis:/var/lib/redis
networks:
harbor:
depends_on:
- log
logging:
driver: "syslog"
options:
tag: "redis"
proxy:
image: goharbor/nginx-photon:v2.4.1
container_name: nginx
restart: always
cap_drop:
- ALL
cap_add:
- CHOWN
- SETGID
- SETUID
- NET_BIND_SERVICE
volumes:
- ./common/config/nginx:/etc/nginx:z
- /data/secret/cert:/etc/cert:z
- type: bind
networks:
- harbor
ports:
- 80:8080
- 443:8443
depends_on:
- registry
- core
- portal
- log
logging:
driver: "syslog"
options:
tag: "proxy"
trivy-adapter:
container_name: trivy-adapter
image: goharbor/trivy-adapter-photon:v2.4.1
restart: always
cap_drop:
- ALL
depends_on:
- log
- redis
networks:
- harbor
volumes:
- type: bind
source: /data/trivy-adapter/trivy
target: /home/scanner/.cache/trivy
- type: bind
source: /data/trivy-adapter/reports
target: /home/scanner/.cache/reports
- type: bind
logging:
driver: "syslog"
options:
tag: "trivy-adapter"
env_file:
./common/config/trivy-adapter/env
networks:
harbor:
external: false
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ curl localhost
-bash: curl: command not found
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ wget localhost
--2022-05-25 15:28:52-- http://localhost/
Resolving localhost (localhost)... ::1, 127.0.0.1
Connecting to localhost (localhost)|::1|:80... failed: Connection refused.
Connecting to localhost (localhost)|127.0.0.1|:80... connected.
HTTP request sent, awaiting response... 308 Permanent Redirect
Location: https://localhost:443/ [following]
--2022-05-25 15:28:52-- https://localhost/
Connecting to localhost (localhost)|127.0.0.1|:443... connected.
ERROR: The certificate of 'localhost' is not trusted.
ERROR: The certificate of 'localhost' doesn't have a known issuer.
The certificate's owner does not match hostname 'localhost'
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ nmap -p 80 localhost
-bash: nmap: command not found
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ telnet -p 80 localhost
telnet: invalid option -- 'p'
Usage: telnet [-4] [-6] [-8] [-E] [-L] [-a] [-d] [-e char] [-l user]
[-n tracefile] [ -b addr ] [-r] [host-name [port]]
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ telnet localhost 80
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> Connection closed.
Trying ::1...
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
^]
telnet> Connection closed.
Trying ::1...
Trying 127.0.0.1...
telnet: Unable to connect to remote host: Connection refused
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at
unix:///var/run/docker.sock: Get
"http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json": dial unix
/var/run/docker.sock: connect: permission denied
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$
paulolucio.oliveira@vlcp-harbor01:/home/gpmi/harbor$ sudo su
root@vlcp-harbor01:/home/gpmi/harbor# docker ps
CONTAINER ID IMAGE COMMAND
CREATED STATUS PORTS
NAMES
8d8d10dc4ccb goharbor/harbor-jobservice:v2.4.1 "/harbor/entrypoint.…" 7
weeks ago Up 6 weeks (healthy)
harbor-jobservice
394852a1da35 goharbor/nginx-photon:v2.4.1 "nginx -g 'daemon of…" 7
weeks ago Up 6 weeks (healthy) 0.0.0.0:80->8080/tcp, 0.0.0.0:443->8443/tcp
nginx
e61aaa6d6799 goharbor/harbor-core:v2.4.1 "/harbor/entrypoint.…" 7
harbor-core
adf5e167f5a9 goharbor/trivy-adapter-photon:v2.4.1 "/home/scanner/entry…" 7
trivy-adapter
0839fb90c8bf goharbor/harbor-portal:v2.4.1 "nginx -g 'daemon of…" 7
harbor-portal
e3fb85f60a8c goharbor/harbor-registryctl:v2.4.1 "/home/harbor/start.…" 7
registryctl
fbf7d7df9862 goharbor/redis-photon:v2.4.1 "redis-server /etc/r…" 7
redis
1f510f838ee1 goharbor/harbor-db:v2.4.1 "/docker-entrypoint.…" 7
harbor-db
40c16f93c1cd goharbor/registry-photon:v2.4.1 "/home/harbor/entryp…" 7
registry
6552d5f55520 goharbor/harbor-log:v2.4.1 "/bin/sh -c /usr/loc…" 7
weeks ago Up 6 weeks (healthy) 127.0.0.1:1514->10514/tcp
harbor-log
root@vlcp-harbor01:/home/gpmi/harbor# docker exec -ti harbor-db sh
sh-5.0$ ls
bin dev docker-entrypoint.sh etc initdb.sh lib64 mnt root
sbin sys upgrade.sh var
boot docker-entrypoint-initdb.d docker-healthcheck.sh home lib media
proc run srv tmp usr
sh-5.0$ psql
psql (13.5)
Type "help" for help.
No entry for terminal type "xterm";

using dumb terminal settings.
postgres=# \dt
Did not find any relations.
postgres=# ^D\q
sh-5.0$ cat /etc/
.pwd.lock group ld.so.cache machine-id pam.d/
rpc sudo_logsrvd.conf xdg/
X11/ group- ld.so.conf modprobe.d/ passwd
rpm/ sudoers yum.repos.d/
bash.bashrc gshadow ld.so.conf.d/ modules-load.d/ passwd-
security/ sudoers.d/
binfmt.d/ gshadow- limits motdgen.d/ photon-
release shadow sysconfig/
default/ hostname locale-gen.conf mtab pki/
shadow- sysctl.d/
dircolors hosts localtime nsswitch.conf profile
shells systemd/
environment inputrc login.access openldap/
profile.d/ skel/ tdnf/
fstab issue login.defs opt/ rc.d/
ssl/ tmpfiles.d/
gnutls/ issue.net lsb-release os-release
resolv.conf sudo.conf xattr.conf
sh-5.0$ cat /etc/shadow
cat: /etc/shadow: Permission denied
sh-5.0$ sudo su
We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.

#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for postgres

sudo: a password is required
sh-5.0$ whoami
postgres
sh-5.0$ ls
bin dev docker-entrypoint.sh etc initdb.sh lib64 mnt root
sbin sys upgrade.sh var
boot docker-entrypoint-initdb.d docker-healthcheck.sh home lib media
proc run srv tmp usr
sh-5.0$ cat initdb.sh
#!/bin/bash
set -e
# usage: file_env VAR [DEFAULT]

# ie: file_env 'XYZ_DB_PASSWORD' 'example'
# (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
# "$XYZ_DB_PASSWORD" from a file, especially for Docker's secrets feature)
function file_env() {
local var="$1"
local fileVar="${var}_FILE"
local def="${2:-}"
if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
echo >&2 "error: both $var and $fileVar are set (but are
exclusive)"
exit 1
fi
local val="$def"
if [ "${!var:-}" ]; then
val="${!var}"
elif [ "${!fileVar:-}" ]; then
val="$(< "${!fileVar}")"
fi
export "$var"="$val"
unset "$fileVar"
}
# usage: initPG $Dir $initSql

# Use $Dir to index where to init the postgres db
# Use $initSql to indicate whether to execute the sql under docker-entrypoint-
initdb.d, default is not.
function initPG() {
file_env 'POSTGRES_INITDB_ARGS'
if [ "$POSTGRES_INITDB_XLOGDIR" ]; then
export POSTGRES_INITDB_ARGS="$POSTGRES_INITDB_ARGS --xlogdir
$POSTGRES_INITDB_XLOGDIR"
fi
initdb -D $1 -U postgres -E UTF-8 --lc-collate=en_US.UTF-8 --lc-
ctype=en_US.UTF-8 $POSTGRES_INITDB_ARGS
# check password first so we can output the warning before postgres
# messes it up
file_env 'POSTGRES_PASSWORD'
if [ "$POSTGRES_PASSWORD" ]; then
pass="PASSWORD '$POSTGRES_PASSWORD'"
authMethod=md5
else
# The - option suppresses leading tabs but *not* spaces. :)
cat >&2 <<-EOF
****************************************************
WARNING: No password has been set for the database.
This will allow anyone with access to the
Postgres port to access your database. In
Docker's default configuration, this is
effectively any other container on the same
system.
Use "-e POSTGRES_PASSWORD=password" to set
it in "docker run".
****************************************************
EOF
pass=
authMethod=trust
fi
{
echo
echo "host all all all $authMethod"
} >> "$1/pg_hba.conf"
echo `whoami`
# internal start of server in order to allow set-up using psql-client
# does not listen on external TCP/IP and waits until start finishes
pg_ctl -D "$1" -o "-c listen_addresses=''" -w start
file_env 'POSTGRES_USER' 'postgres'

file_env 'POSTGRES_DB' "$POSTGRES_USER"
psql=( psql -v ON_ERROR_STOP=1 )
if [ "$POSTGRES_DB" != 'postgres' ]; then

"${psql[@]}" --username postgres <<-EOSQL
CREATE DATABASE "$POSTGRES_DB" ;
EOSQL
echo
fi
if [ "$POSTGRES_USER" = 'postgres' ]; then

op='ALTER'
else
op='CREATE'
fi
"${psql[@]}" --username postgres <<-EOSQL
$op USER "$POSTGRES_USER" WITH SUPERUSER $pass ;
EOSQL
echo
psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )
echo
if [ $2 == "true" ]; then
for f in /docker-entrypoint-initdb.d/*; do
case "$f" in
*.sh) echo "$0: running $f"; . "$f" ;;
*.sql) echo "$0: running $f"; "${psql[@]}" -f
"$f"; echo ;;
*.sql.gz) echo "$0: running $f"; gunzip -c "$f" |
"${psql[@]}"; echo ;;
*) echo "$0: ignoring $f" ;;
esac
echo
done
fi
PGUSER="${PGUSER:-postgres}" \
pg_ctl -D "$1" -m fast -w stop
echo
echo 'PostgreSQL init process complete; ready for start up.'
echo
}sh-5.0$ vi initdb.sh
sh: vi: command not found
sh-5.0$
sh-5.0$ env
HOSTNAME=1f510f838ee1
POSTGRES_PASSWORD=RO07123@
PWD=/
HOME=/home/postgres
TERM=xterm
SHLVL=1
PGDATA=/var/lib/postgresql/data
PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin
_=/usr/bin/env
sh-5.0$ psql -U postgres -w
psql (13.5)

postgres=# ^D\q
sh-5.0$ psql -U postgres
psql (13.5)

postgres=# ^D\q
sh-5.0$ psql -U postgres -W
Password:
psql (13.5)

postgres=# \dt
postgres=# \
Display all 104 possibilities? (y or n)
\! \d \dD \dFd \do \dT
\else \gx \lo_list \s \warn
\? \dA \dd \dFp \dP \dt
\encoding \H \lo_unlink \set \watch
\a \da \ddp \dFt \dp \du
\endif \h \o \setenv \x
\C \dAc \dE \dg \dPi \dv
\errverbose \help \p \sf \z
\cd \dAf \des \di \dPt \dx
\ev \i \password \sv
\connect \dAo \det \dL \drds \dy
\f \if \prompt \t
\conninfo \dAp \deu \dl \dRp \e
\g \ir \pset \T
\copy \db \dew \dm \dRs \echo
\gdesc \l \q \timing
\copyright \dC \dF \dn \dS \ef
\gexec \lo_export \qecho \unset
\crosstabview \dc \df \dO \ds \elif
\gset \lo_import \r \w
postgres=# \dt+
postgres=# \d
postgres=# \d
\d \da \dAf \dAp \dC \dD \ddp \des \deu \dF \dFd \dFt
\di \dl \dn \do \dp \dPt \dRp \ds \dt \du \dx
\dA \dAc \dAo \db \dc \dd \dE \det \dew \df \dFp \dg
\dL \dm \dO \dP \dPi \drds \dRs \dS \dT \dv \dy
postgres=# \d
\d \da \dAf \dAp \dc \dd \ddp \des \deu \df \dFd \dFt
\di \dL \dn \dO \dp \dPt \dRp \ds \dT \du \dx
\dA \dAc \dAo \db \dC \dD \dE \det \dew \dF \dFp \dg
\dl \dm \do \dP \dPi \drds \dRs \dS \dt \dv \dy
postgres=# \d
\d \da \dAf \dAp \dc \dD \ddp \des \deu \df \dFd \dFt
\di \dl \dn \do \dp \dPt \dRp \ds \dT \du \dx
\dA \dAc \dAo \db \dC \dd \dE \det \dew \dF \dFp \dg
\dL \dm \dO \dP \dPi \drds \dRs \dS \dt \dv \dy
postgres=# \d+
postgres=# \db
List of tablespaces
Name | Owner | Location
------------+----------+----------
pg_default | postgres |
pg_global | postgres |
(2 rows)
postgres=# \l
List of databases
Name | Owner | Encoding | Collate | Ctype | Access
privileges
--------------+----------+----------+-------------+-------------
+-----------------------
notaryserver | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres
+
| | | | |
postgres=CTc/postgres+
| | | | |
server=CTc/postgres
notarysigner | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =Tc/postgres
+
| | | | |
| | | | |
signer=CTc/postgres
postgres | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
registry | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 |
template0 | postgres | UTF8 | en_US.UTF-8 | en_US.UTF-8 | =c/postgres
+
| | | | |
postgres=CTc/postgres
+
| | | | |
(6 rows)
postgres=# \c postgres
Password:
You are now connected to database "postgres" as user "postgres".
postgres=# \dt
postgres=# ^D\q
sh-5.0$ psql -U postgres -W
Password:
psql (13.5)

postgres=# \l
List of databases
privileges
--------------+----------+----------+-------------+-------------
+-----------------------
+
| | | | |
| | | | |
server=CTc/postgres
+
| | | | |
| | | | |
signer=CTc/postgres
+
| | | | |
+
| | | | |
(6 rows)
postgres=# \c registry
Password:
You are now connected to database "registry" as user "postgres".
registry=# \dt
List of relations
Schema | Name | Type | Owner
--------+-----------------------------+-------+----------
public | access | table | postgres
public | alembic_version | table | postgres
public | artifact | table | postgres
public | artifact_blob | table | postgres
public | artifact_reference | table | postgres
public | artifact_trash | table | postgres
public | audit_log | table | postgres
public | blob | table | postgres
public | cve_allowlist | table | postgres
public | data_migrations | table | postgres
public | execution | table | postgres
public | harbor_label | table | postgres
public | harbor_resource_label | table | postgres
public | harbor_user | table | postgres
public | immutable_tag_rule | table | postgres
public | job_log | table | postgres
public | label_reference | table | postgres
public | notification_job | table | postgres
public | notification_policy | table | postgres
public | oidc_user | table | postgres
public | p2p_preheat_instance | table | postgres
public | p2p_preheat_policy | table | postgres
public | permission_policy | table | postgres
public | project | table | postgres
public | project_blob | table | postgres
public | project_member | table | postgres
public | project_metadata | table | postgres
public | properties | table | postgres
public | quota | table | postgres
public | quota_usage | table | postgres
public | registry | table | postgres
public | replication_policy | table | postgres
public | report_vulnerability_record | table | postgres
public | repository | table | postgres
public | retention_policy | table | postgres
public | robot | table | postgres
public | role | table | postgres
public | role_permission | table | postgres
public | scan_report | table | postgres
public | scanner_registration | table | postgres
public | schedule | table | postgres
public | schema_migrations | table | postgres
public | tag | table | postgres
public | task | table | postgres
public | user_group | table | postgres
public | vulnerability_record | table | postgres
(46 rows)
registry=# select * from scan_report;

id | uuid |
digest | registration_uuid |
mime_type |
report
------+--------------------------------------
+-------------------------------------------------------------------------
+--------------------------------------
+------------------------------------------------------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-
7748 | b9aad19b-6d2f-4280-932f-224a8c25d80d |
sha256:973d46518fa19d0b01995c2aec318d9cee43af8e8f522691ce817b66695d7af0 | f624ecb2-
ab99-11ec-b0e3-0242ac130008 | application/vnd.security.vulnerability.report;
version=1.1 | {"generated_at":"2022-05-24T21:47:48.150587766Z","scanner":
{"name":"Trivy","vendor":"Aqua
Security","version":"v0.20.1"},"severity":"Critical","vulnerabilities":[]}
7749 | 5df475d0-64c1-46b9-a841-b98e90a4540c |
sha256:77cd5ad38e8bff8a0692e4f5d67904e7a32b70edb64b43a8a4778c514b9c8a89 | f624ecb2-
7753 | 8fdce160-2833-409f-a7b2-e98d1ac1b33b |
sha256:3730e73ff2e059d4d324b59ba4a5800df78dd113d33ef7561836dd1366f2c198 | f624ecb2-
ab99-11ec-b0e3-0242ac130008 | applicatiregistry=# rity.vulnerability.report;
version=1.1 | {"generated_at":"20--More--
registry=#
registry=#
registry=#
registry=# select * from scan_report limit 1;
id | uuid |
mime_type |
report
------+--------------------------------------
+-------------------------------------------------------------------------
+--------------------------------------
+------------------------------------------------------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-
7748 | b9aad19b-6d2f-4280-932f-224a8c25d80d |
(1 row)
registry=# select * from replication_policy limit 1;

id | name | dest_registry_id | enabled | description | deleted |
trigger | filters
| replicate_deletion | start_time | creation_time | update_time
| creator | src_registry_id | dest_namespace | override |
dest_namespace_replace_count | speed_kb
----+------------------------+------------------+---------+-------------+---------
+----------------------------------------------------------------
+-------------------------------------------------------+--------------------
+------------+----------------------------+----------------------------+---------
+-----------------+------------------------+----------
+------------------------------+----------
9 | arrecadacao-tributaria | 0 | t | | f |
{"type":"scheduled","trigger_settings":{"cron":"0 0 2 * * *"}} |
[{"type":"name","value":"arrecadacao-tributaria/**"}] | f |
| 2022-05-23 18:13:54.488645 | 2022-05-23 18:13:54.488648 | admin |
2 | arrecadacao-tributaria | t | 1 | 0(1
row)
registry=# select * from scan_report limit 10;
id | uuid |
mime_type |
report
------+--------------------------------------
+-------------------------------------------------------------------------
+--------------------------------------
+------------------------------------------------------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-
7748 | b9aad19b-6d2f-4280-932f-224a8c25d80d |
7749 | 5df475d0-64c1-46b9-a841-b98e90a4540c |
sha256:77cd5ad38e8bff8a0692e4f5d67904e7a32b70edb64b43a8a4778c514b9c8a89 | f624ecb2-
7753 | 8fdce160-2833-409f-a7b2-e98d1ac1b33b |
sha256:3730e73ff2e059d4d324b59ba4a5800df78dd113d33ef7561836dd1366f2c198 | f624ecb2-
ab99-11ec-b0e3-0242ac130008 |
applicati,"version":"v0.20.1"},"severity":"Critical","vulnerabilities":[]}"Aqua
Security"--More--
7788 | 203f57c8-7bde-448f-a7a8-115455ae018f |
sha256:a0f489f312c05a0f24d3444c94531e6efc84740d7042b95a0fd87edfd3800370 | f624ecb2-
7804 | a26cbd31-0138-4cf0-bd79-3d22b01c3195 |
sha256:2c84f228177a0712ab06aac3e31168fa4793c34fb4c6023a49a3471df218b304 | f624ecb2-
8862 | 39d8c519-a05d-4c26-8a4d-ad7727e5d4b2 |
sha256:430fffa0e293b009e5cdd3b2c1ed05bd12b876f5394a7a26b870db24857ae355 | f624ecb2-
8879 | d823a565-4f7a-4b8d-a721-f442ffcebc1a |
sha256:108082efb25a21c59a8e44601ab2875d81f53d5d7891d953f31f49a5627eb231 | f624ecb2-
application/vnd.security.vulnerability.report; version=1.1 | {"generated_at":"2022-
05-24T22:03:19.636676689Z","scanner":{"name":"Trivy","vendor":"Aqua
8896 | 211758b6-fbb7-414e-a2df-01501735d40f |
sha256:5f679610b9e6297c12ec6eaa40507a05f2afdb5ddb79c42226783313cd9b375b | f624ecb2-
8900 | 0d83fd55-aebe-4b1c-88b1-4562e104c415 |
sha256:b33ffca8788d61e57ca78ef097f1fcd1f1d1f2451696f8b0e665f4aa4cbf7782 | f624ecb2-
(10 rows)
registry=# show columns from scan_report;

ERROR: syntax error at or near "from"
LINE 1: show columns from scan_report;
^
registry=# \d+ scan_report;
Table
"public.scan_report"
Column | Type | Collation | Nullable |
Default | Storage | Stats target | Description
-------------------+------------------------+-----------+----------
+-----------------------------------------+----------+--------------+-------------
id | integer | | not null |
nextval('scan_report_id_seq'::regclass) | plain | |
uuid | character varying(64) | | not null |
| extended | |
digest | character varying(256) | | not null |
| extended | |
registration_uuid | character varying(64) | | not null |
| extended | |
mime_type | character varying(256) | | not null |
| extended | |
report | json | | |
| extended | |
Indexes:
"scan_report_pkey" PRIMARY KEY, btree (id)
"scan_report_digest_registration_uuid_mime_type_key" UNIQUE CONSTRAINT, btree
(digest, registration_uuid, mime_type)
"scan_report_uuid_key" UNIQUE CONSTRAINT, btree (uuid)
Referenced by:
TABLE "report_vulnerability_record" CONSTRAINT "fk_report_uuid" FOREIGN KEY
(report_uuid) REFERENCES scan_report(uuid) ON DELETE CASCADE
Access method: heap
registry=# \d+ report_vulnerability_record

Table
"public.report_vulnerability_record"
Column | Type | Collation | Nullable | Default
| Storage | Stats target | Description
----------------+---------+-----------+----------
+---------------------------------------------------------+----------
+--------------+-------------
nextval('report_vulnerability_record_id_seq'::regclass) | plain | |
report_uuid | text | | not null | ''::text
| extended | |
vuln_record_id | bigint | | not null | 0
| plain | |
Indexes:
"report_vulnerability_record_pkey" PRIMARY KEY, btree (id)
"report_vulnerability_record_report_uuid_vuln_record_id_key" UNIQUE CONSTRAINT,
btree (report_uuid, vuln_record_id)
Foreign-key constraints:
"fk_report_uuid" FOREIGN KEY (report_uuid) REFERENCES scan_report(uuid) ON
DELETE CASCADE
"fk_vuln_record_id" FOREIGN KEY (vuln_record_id) REFERENCES
vulnerability_record(id) ON DELETE CASCADE
Access method: heap
registry=# select * from report_vulnerability_record limit 1;

id | report_uuid | vuln_record_id
---------+--------------------------------------+----------------
2064052 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 95
(1 row)
registry=# select * from report_vulnerability_record limit 5;

id | report_uuid | vuln_record_id
---------+--------------------------------------+----------------
2064052 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 95
2064053 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 98
2064054 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 105
2064055 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 106
2064056 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 107
(5 rows)
registry=# select * from vulnerability_record limit 1;

id | cve_id | registration_uuid | package |
package_version | package_type | severity | fixed_version | urls
| cvss_score_v3 | cvss_score_v2 | cvss_vector_v3 | cvss_vector_v2 |
description
| cwe_ids |
vendor_attributes
----+----------------+--------------------------------------+---------
+-----------------+--------------+----------+---------------
+--------------------------------------------+---------------+---------------
+----------------+----------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--+---------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
----------------------------------------------------------------
1 | CVE-2019-18276 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | bash | 5.0-
6ubuntu1.1 | Unknown | Low | |
https://avd.aquasec.com/nvd/cve-2019-18276 | | |
| | An issue was discovered in disable_priv_mode in shell.c in GNU
Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not
equal to its real UID, it will drop privileges by setting its effective UID to its
real UID. However, it does so incorrectly. On Linux and other systems that support
"saved UID" functionality, the saved UID is not dropped. An attacker with command
execution in the shell can use "enable -f" for runtime loading of a new builtin,
which can be a shared object that calls setuid() and therefore regains privileges.
However, binaries running with an effective UID of 0 are unaffected. | CWE-273 |
{"CVSS":{"nvd":{"V2Score":7.2,"V2Vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","V3Score":7.8
,"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"redhat":
{"V3Score":7.8,"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}}
(1 row)
registry=# select * from vulnerability_record limit 5;

id | cve_id | registration_uuid | package |
package_version | package_type | severity | fixed_version |
urls | cvss_score_v3 | cvss_score_v2 | cvss_vector_v3 |
cvss_vector_v2 |
description
| cwe_ids |
vendor_attributes
----+----------------+--------------------------------------+-------------------
+---------------------+--------------+----------+---------------
+--------------------------------------------+---------------+---------------
+----------------+----------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-------------------------------------------------------------------------------
+---------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------
1 | CVE-2019-18276 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | bash |
5.0-6ubuntu1.1 | Unknown | Low | |
| | An issue was discovered in disable_priv_mode in shell.c in GNU
Bash through 5.0 patch 11. By default, if Bash is run with its effective UID not
equal to its real UID, it will drop privileges by setting its effective UID to its
real UID. However, it does so incorrectly. On Linux and other systems that support
"saved UID" functionality, the saved UID is not dropped. An attacker with command
execution in the shell can use "enable -f" for runtime loading of a new builtin,
which can be a shared object that calls setuid() and therefore regains privileges.
However, binaries running with an effective UID of 0 are unaffected. | CWE-273 |
{"CVSS":{"nvd":{"V2Score":7.2,"V2Vector":"AV:L/AC:L/Au:N/C:C/I:C/A:C","V3Score":7.8
,"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"},"redhat":
{"V3Score":7.8,"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}}
| 8.30-3ubuntu2 | Unknown | Low | |
| | chroot in GNU coreutils, when used with --userspec, allows local
users to escape to the parent session via a crafted TIOCSTI ioctl call, which
pushes characters to the terminal's input buffer.
| CWE-20 |
{"CVSS":{"nvd":{"V2Score":2.1,"V2Vector":"AV:L/AC:L/Au:N/C:N/I:P/A:N","V3Score":6.5
,"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N"},"redhat":
{"V2Score":6.2,"V2Vector":"AV:L/AC:H/Au:N/C:C/I:C/
A:C","V3Score":8.6,"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H"}}}
3 | CVE-2021-3671 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | libasn1-8-heimdal |
7.7.0+dfsg-1ubuntu1 | Unknown | Low | |
| | A null pointer de-reference was found in the way samba kerberos
server handled missing sname in TGS-REQ (Ticket Granting Server - Request). An
authenticated user could use this flaw to crash the samba server.
| CWE-476 |
{"CVSS":{"nvd":{"V2Score":4,"V2Vector":"AV:N/AC:L/Au:S/C:N/I:N/A:P","V3Score":6.5,"
V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"},"redhat":
{"V3Score":6.5,"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}}}
4 | CVE-2019-8842 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | libcups2 |
2.3.1-9ubuntu1.1 | Unknown | Low | |
| | A buffer overflow was addressed with improved bounds checking.
This issue is fixed in macOS Catalina 10.15.2, Security Update 2019-002 Mojave, and
Security Update 2019-007 High Sierra. In certain configurations, a remote attacker
may be able to submit arbitrary print jobs.
| CWE-120 |
{"CVSS":{"nvd":{"V2Score":2.6,"V2Vector":"AV:N/AC:H/Au:N/C:N/I:P/A:N","V3Score":3.3
,"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N"}}}
5 | CVE-2020-10001 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | libcups2 |
2.3.1-9ubuntu1.1 | Unknown | Low | |
| | An input validation issue was addressed with improved memory
handling. This issuelina, Security Update 2020-007 Mojave. A malicious application
may be able to read restricted memory.
| CWE-20 |
{"CVSS":{"nvd":{"V2Score":4.3,"V2Vector":"AV:N/AC:M/Au:N/C:P/I:N/A:N","V3Score":5.5
,"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"},"redhat":
{"V3Score":5.5,"V3Vector":"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}}}
(5 rows)
registry=# select cve_id from vulnerability_record limit 5;

cve_id
----------------
CVE-2019-18276
CVE-2016-2781
CVE-2021-3671
CVE-2019-8842
CVE-2020-10001
(5 rows)
registry=# select cve_id from vulnerability_record limit 50;

cve_id
---------------
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2001-1534
CVE-2002-1976
CVE-2002-2439
CVE-2002-2439
CVE-2002-2439
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
CVE-2003-1307
(50 rows)
registry=# \d+ vulnerability_record

Table
"public.vulnerability_record"
-------------------+------------------+-----------+----------
+--------------------------------------------------+----------+--------------
+-------------
nextval('vulnerability_record_id_seq'::regclass) | plain | |
cve_id | text | | not null | ''::text
| extended | |
registration_uuid | text | | not null | ''::text
| extended | |
package | text | | not null | ''::text
| extended | |
package_version | text | | not null | ''::text
| extended | |
package_type | text | | not null | ''::text
| extended | |
severity | text | | not null | ''::text
| extended | |
fixed_version | text | | |
| extended | |
urls | text | | |
| extended | |
cvss_score_v3 | double precision | | |
| plain | |
cvss_score_v2 | double precision | | |
| plain | |
cvss_vector_v3 | text | | |
| extended | |
cvss_vector_v2 | text | | |
| extended | |
description | text | | |
| extended | |
cwe_ids | text | | |
| extended | |
vendor_attributes | json | | |
| extended | |
Indexes:
"vulnerability_record_pkey" PRIMARY KEY, btree (id)
"vulnerability_record_cve_id_registration_uuid_package_packa_key" UNIQUE
CONSTRAINT, btree (cve_id, registration_uuid, package, package_version)
"fk_registration_uuid" FOREIGN KEY (registration_uuid) REFERENCES
scanner_registration(uuid) ON DELETE CASCADE
Referenced by:
TABLE "report_vulnerability_record" CONSTRAINT "fk_vuln_record_id" FOREIGN KEY
(vuln_record_id) REFERENCES vulnerability_record(id) ON DELETE CASCADE
Access method: heap
registry=# \d+ report_vulnerability_record

Table
"public.report_vulnerability_record"
Column | Type | Collation | Nullable | Default
| Storage | Stats target | Description
----------------+---------+-----------+----------
+---------------------------------------------------------+----------
+--------------+-------------
nextval('report_vulnerability_record_id_seq'::regclass) | plain | |
report_uuid | text | | not null | ''::text
| extended | |
vuln_record_id | bigint | | not null | 0
| plain | |
Indexes:
"report_vulnerability_record_pkey" PRIMARY KEY, btree (id)
"report_vulnerability_record_report_uuid_vuln_record_id_key" UNIQUE CONSTRAINT,
btree (report_uuid, vuln_record_id)
"fk_report_uuid" FOREIGN KEY (report_uuid) REFERENCES scan_report(uuid) ON
DELETE CASCADE
"fk_vuln_record_id" FOREIGN KEY (vuln_record_id) REFERENCES
vulnerability_record(id) ON DELETE CASCADE
Access method: heap
registry=# \d+ scan_report

Table
-------------------+------------------------+-----------+----------
+-----------------------------------------+----------+--------------+-------------
| extended | |
| extended | |
| extended | |
| extended | |
report | json | | |
| extended | |
Indexes:
Referenced by:
Access method: heap
registry=# select * from scan_report sr, report_vulnerability_record rvr,

vulnerability_record vr where sr.uuid = rvr.report_uuid and rvr.vuln_record_id =
vr.id limit 1;
id | uuid |
mime_type |
report
| id | report_uuid | vuln_record_id | id | cve_id
| registration_uuid | package | package_version |
package_type | severity | fixed_version | urls
| cvss_score_v3 | cvss_score_v2 | cvss_vector_v3 | cvss_vector_v2 |
description | cwe_ids |
vendor_attributes
------+--------------------------------------
+-------------------------------------------------------------------------
+--------------------------------------
+------------------------------------------------------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-+---------+--------------------------------------+----------------+----
+----------------+--------------------------------------+------------
+-----------------+--------------+----------+---------------
+--------------------------------------------+---------------+---------------
+----------------------------------------------------------------------------------
---------------------+---------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
--------------------------------------------------------------
7240 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f |
sha256:e3918b244a52e99bf05332f4b903c7987c4ebc7d554e20aac8c694af2300ad45 | f624ecb2-
Security","version":"v0.20.1"},"severity":"Critical","vulnerabilities":[]} |
2064052 | 0d01b3a1-de63-49a4-b1ab-415975a3f86f | 95 | 95 | CVE-2019-
12900 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | bzip2-libs | 1.0.6-26.el8 |
Unknown | Low | | https://avd.aquasec.com/nvd/cve-2019-
12900 | | | | |
BZ2_decompress in decompress.c in bzip2 through 1.0.6 has an out-of-bounds write
when there are many selectors. | CWE-787 | {"CVSS":{"nvd":
{"V2Score":7.5,"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Score":9.8,"V3Vector":"CV
SS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"redhat":
{"V3Score":4,"V3Vector":"CVSS:3.0/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}}}
(1 row)

vr.id limit 1;
vr.id limit 1;
vr.id limit 1;
registry=#
registry=#
registry=#
registry=#
registry=#
registry=#
vr.id limit 1;
vr.id alimit 11
vr.id anlimit
vr.id andlimit
vr.id and limii
vr.id and slimm
vr.id and limii
vr.id andlimitt
vr.id anlimit
vr.id alimit 1
vr.id limit 1;;
vr.idlimit 1;
vr.i limit 11
registry=#
registry=#
registry=#
registry=#
registry=#
registry=#
registry=#
registry=#
registry=#
registry=#
registry=#
vr.id and cve_
id = 'CVE-2022-22965' limit 1;
id | uuid |
mime_type |
report
| id | report_uuid | vuln_record_id | id |
cve_id | registration_uuid | package
| package_version | package_type | severity | fixed_version |
urls | cvss_score_v3 | cvss_score_v2 | cvss_vector_v3 |
cvss_vector_v2 |
description
| cwe_ids |
vendor_attributes
------+--------------------------------------
+-------------------------------------------------------------------------
+--------------------------------------
+------------------------------------------------------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------
+----------------+-------+----------------+--------------------------------------
+----------------------------------+-----------------+--------------+----------
+----------------+--------------------------------------------+---------------
+---------------+----------------+----------------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
-------------------+---------
+----------------------------------------------------------------------------------
-----------------------------------------------------------------------------------
----------------------------------------------------------------
7403 | 49143f8f-344a-46d1-837b-a6e99cba7a1e |
sha256:7dee656957447ca78d83cfacb09c2c2d0bee8c27ccf7ac024b0cf90d1392316b | f624ecb2-
Security","version":"v0.20.1"},"severity":"Critical","vulnerabilities":[]} |
2130935 | 49143f8f-344a-46d1-837b-a6e99cba7a1e | 21979 | 21979 | CVE-2022-
22965 | f624ecb2-ab99-11ec-b0e3-0242ac130008 | org.springframework:spring-beans |
2.5.5 | Unknown | Critical | 5.3.18, 5.2.20 |
https://avd.aquasec.com/nvd/cve-2022-22965 | | ble to remote code
execution (RCE) via data binding. The specific exploit requires the application to
run on Tomcat as a WAR deployment. If the application is deployed as a Spring Boot
executable jar, i.e. the default, it is not vulnerable to the exploit. However, the
nature of the vulnerability is more general, and there may be other ways to exploit
it. | CWE-94 |
{"CVSS":{"nvd":{"V2Score":7.5,"V2Vector":"AV:N/AC:L/Au:N/C:P/I:P/A:P","V3Score":9.8
,"V3Vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"},"redhat":
{"V3Score":8.1,"V3Vector":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}}
(1 row)

vr.id and cve_
registry=#
registry=#
registry=#
registry=#
registry=#
Table
-------------------+------------------------+-----------+----------
+-----------------------------------------+----------+--------------+-------------
| extended | |
| extended | |
| extended | |
| extended | |
report | json | | |
| extended | |
Indexes:
Referenced by:
Access method: heap
registry=# \dt
List of relations
--------+-----------------------------+-------+----------
(46 rows)
registry=# \d+ artifact

Table
"public.artifact"
---------------------+-----------------------------+-----------+----------
+--------------------------------------+----------+--------------+-------------
nextval('artifact_id_seq'::regclass) | plain | |
project_id | integer | | not null |
| plain | |
repository_name | character varying(255) | | not null |
| extended | |
| extended | |
type | character varying(255) | | not null |
| extended | |
pull_time | timestamp without time zone | | |
| plain | |
push_time | timestamp without time zone | | |
| plain | |
repository_id | integer | | not null |
| plain | |
media_type | character varying(255) | | not null |
| extended | |
manifest_media_type | character varying(255) | | not null |
| extended | |
size | bigint | | |
| plain | |
extra_attrs | text | | |
| extended | |
annotations | jsonb | | |
| extended | |
icon | character varying(255) | | |
| extended | |
Indexes:
"artifact_pkey" PRIMARY KEY, btree (id)
"idx_artifact_push_time" btree (push_time)
"unique_artifact" UNIQUE CONSTRAINT, btree (repository_id, digest)
Referenced by:
TABLE "artifact_reference" CONSTRAINT "artifact_reference_child_id_fkey"
FOREIGN KEY (child_id) REFERENCES artifact(id)
TABLE "artifact_reference" CONSTRAINT "artifact_reference_parent_id_fkey"
FOREIGN KEY (parent_id) REFERENCES artifact(id)
TABLE "label_reference" CONSTRAINT "label_reference_artifact_id_fkey" FOREIGN
KEY (artifact_id) REFERENCES artifact(id)
TABLE "tag" CONSTRAINT "tag_artifact_id_fkey" FOREIGN KEY (artifact_id)
REFERENCES artifact(id)
Access method: heap

vulnerability_record vr, artifact a where sr.uuid = rvr.report_uuid and
rvr.vuln_record_id = vr
registry=#
registry=# select a.repository_name from scan_report sr,
report_vulnerability_record rvr, vulnerability_record vr, artifact a where sr.uuid
= rvr.report_uuid and rvr.vul
n_record_id = vr.id and a.digest = sr.digest and cve_id = 'CVE-2022-22965' limit 1;
repository_name
----------------------------------------------------------
politicas-sociais/sistema-de-informacao-e-gestao/sigps-3
(1 row)
registry=# \l
List of databases
privileges
--------------+----------+----------+-------------+-------------
+-----------------------
+
| | | | |
| | | | |
server=CTc/postgres
+
| | | | |
| | | | |
signer=CTc/postgres
+
| | | | |
+
| | | | |
(6 rows)
registry=# \dt
List of relations
--------+-----------------------------+-------+----------
(46 rows)
registry=# \d+ artifact_reference

Table
"public.artifact_reference"
--------------+-------------------------+-----------+----------
+------------------------------------------------+----------+--------------
+-------------
nextval('artifact_reference_id_seq'::regclass) | plain | |
parent_id | integer | | not null |
| plain | |
child_id | integer | | not null |
| plain | |
child_digest | character varying(255) | | not null |
| extended | |
platform | character varying(255) | | |
| extended | |
urls | character varying(1024) | | |
| extended | |
annotations | jsonb | | |
| extended | |
Indexes:
"artifact_reference_pkey" PRIMARY KEY, btree (id)
"idx_artifact_reference_child_id" btree (child_id)
"unique_reference" UNIQUE CONSTRAINT, btree (parent_id, child_id)
"artifact_reference_child_id_fkey" FOREIGN KEY (child_id) REFERENCES
artifact(id)
"artifact_reference_parent_id_fkey" FOREIGN KEY (parent_id) REFERENCES
artifact(id)
Access method: heap
registry=# \d+ tag

Table "public.tag"
---------------+-----------------------------+-----------+----------
+---------------------------------+----------+--------------+-------------
nextval('tag_id_seq'::regclass) | plain | |
repository_id | integer | | not null |
| plain | |
artifact_id | integer | | not null |
| plain | |
name | character varying(255) | | not null |
| extended | |
push_time | timestamp without time zone | | |
CURRENT_TIMESTAMP | plain | |
pull_time | timestamp without time zone | | |
| plain | |
Indexes:
"tag_pkey" PRIMARY KEY, btree (id)
"idx_tag_artifact_id" btree (artifact_id)
"idx_tag_push_time" btree (push_time)
"unique_tag" UNIQUE CONSTRAINT, btree (repository_id, name)
"tag_artifact_id_fkey" FOREIGN KEY (artifact_id) REFERENCES artifact(id)
Access method: heap
registry=# \d+ tag

registry=#
registry=#
registry=#
registry=# select a.repository_name, t.name from scan_report sr,
= rvr.report_uuid and
rvr.vuln_record_id = vr.id and a.digest = sr.digest and t.artifact_id = a.id and
cve_id = 'CVE-2022-22965' limit 1;
ERROR: missing FROM-clause entry for table "t"
LINE 1: select a.repository_name, t.name from scan_report sr, report...
^
= rvr.report_uuid and
registry=#
report_vulnerability_record rvr, vulnerability_record vr, artifact a, tag t where
sr.uuid = rvr.report_u
uid and rvr.vuln_record_id = vr.id and a.digest = sr.digest and t.artifact_id =
a.id and cve_id = 'CVE-2022-22965' limit 1;
repository_name | name
----------------------------------------------------------+---------
politicas-sociais/sistema-de-informacao-e-gestao/sigps-3 | 3.7.163
(1 row)

uid and rvr.vuln_record_id = vr.id and a.digest = sr.digest and t.artifact_id =
a.id and cve_id = 'CVE-2022-22965';
repository_name | name
------------------------------------------------------------------+-------------
planejamento/sgee/links-assinados-backend | 1.0.0
estruturantes/sisctm/api | 1.0.1-rc.8
estruturantes/sisctm/api | ocp-eicv2-3
estruturantes/sisctm/proxy | 1.0.0-rc.2
estruturantes/sisctm/api | 1.0.0
estruturantes/sisctm/proxy | ocp-eicv2-1
estruturantes/sisctm/backup | ocp-rc4
estruturantes/sisctm/proxy | latest
estruturantes/sice/sice | v1.0.1
estruturantes/sisctm/proxy | 1.0.0
estruturantes/sisctm/backup | ocp-eicv2-2
estruturantes/sisctm/geoserver | ocp-rc7
estruturantes/sisctm/api-monitoramento | ocp-rc1
estruturantes/sisctm/backup | latest
estruturantes/sisctm/backup | cache
estruturantes/sisctm/backup | 1.0.1-rc.2
estruturantes/sisctm/api-monitoramento | ocp-eicv2-2
estruturantes/sisctm/backup | 1.0.0
estruturantes/sisctm/api-monitoramento | latest
estruturantes/sisctm/api-monitoramento | 1.0.0-rc.3
estruturantes/sisctm/geoserver | ocp-eicv2-1
estruturantes/sisctm/geoserver | ocp-eicv2-1
estruturantes/sice/sice | 2.0.30
estruturantes/sisctm/api-monitoramento | 1.0.0
estruturantes/sisctm-poc-prodabel/geoserver | latest
estruturantes/sisctm-poc-prodabel/geoserver | cache
estruturantes/estrutura-hierarquica/siom | cache
estruturantes/sice/logar | v1.0.1
estruturantes/estrutura-hierarquica/siom | latest
estruturantes/germem/germem | cache
estruturantes/estrutura-hierarquica/siom-ws | 0.0.3
estruturantes/germem/germem | latest
tecnologia-da-informacao/saaa/jsecurity | latest
estruturantes/estrutura-hierarquica/siomws | latest
estruturantes/estrutura-hierarquica/siomws | cache
estruturantes/estrutura-hierarquica/siom | 0.0.12-test
estruturantes/bhmap/bhmap | latest
estruturantes/bhmap/bhmap | cache
estruturantes/bhmap/bhmap | latest
estruturantes/bhmap/bhmap | cache
tecnologia-da-informacao/dados-abertos/verificador-dados-abertos | latest
tecnologia-da-informacao/dados-abertos/verificador-dados-abertos | 1.0.2
tecnologia-da-informacao/dados-abertos/verificador-dados-abertos | cache
tecnologia-da-informacao/saaa/jsecurity | cache
tecnologia-da-informacao/assinatura-digital/portal-da-assinatura | 2.9.5
tecnologia-da-informacao/assinatura-digital/portal-da-assinatura | latest
saude/sigbases/services | 5.0.19
tecnologia-da-informacao/assinatura-digital/portal-da-assinatura | cache
tecnologia-da-informacao/assinatura-digital/portal-da-assinatura | 2.10.15-ocp
saude/sigbases/services | 5.0.20
(267 rows)

registry=#
registry=#
registry=#

Teste

Uploaded by

Document Information

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Teste

Uploaded by

Copyright:

Available Formats

paulo@paulo:~$ ssh paulo@10.200.14.

def get_vuln_urls(project, repository_name):

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent

No entry for terminal type "xterm";

#1) Respect the privacy of others.

[sudo] password for postgres

# usage: file_env VAR [DEFAULT]

# usage: initPG $Dir $initSql

file_env 'POSTGRES_USER' 'postgres'

psql=( psql -v ON_ERROR_STOP=1 )

if [ "$POSTGRES_DB" != 'postgres' ]; then

if [ "$POSTGRES_USER" = 'postgres' ]; then

psql+=( --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" )

No entry for terminal type "xterm";

No entry for terminal type "xterm";

No entry for terminal type "xterm";

No entry for terminal type "xterm";

registry=# select * from scan_report;

registry=# select * from replication_policy limit 1;

registry=# show columns from scan_report;

registry=# \d+ report_vulnerability_record

registry=# select * from report_vulnerability_record limit 1;

registry=# select * from report_vulnerability_record limit 5;

registry=# select * from vulnerability_record limit 1;

registry=# select * from vulnerability_record limit 5;

registry=# select cve_id from vulnerability_record limit 5;

registry=# select cve_id from vulnerability_record limit 50;

registry=# \d+ vulnerability_record

registry=# \d+ report_vulnerability_record

registry=# \d+ scan_report

registry=# select * from scan_report sr, report_vulnerability_record rvr,

registry=# select * from scan_report sr, report_vulnerability_record rvr,

registry=# select * from scan_report sr, report_vulnerability_record rvr,

registry=# \d+ artifact

registry=# select * from scan_report sr, report_vulnerability_record rvr,

registry=# \d+ artifact_reference

registry=# \d+ tag

registry=# \d+ tag

registry=# select a.repository_name, t.name from scan_report sr,

registry=# select a.repository_name, t.name from scan_report sr,

You might also like