Dependency-Check Report

Dependency-Check is an open source tool performing a best effort analysis of 3rd party dependencies; false positives and false negatives may exist in the analysis performed by the tool. Use of the tool and the reporting provided constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to the analysis or its use. Any use of the tool and the reporting provided is at the user’s risk. In no event shall the copyright holder or OWASP be held liable for any damages whatsoever arising out of or in connection with the use of this tool, the analysis performed, or the resulting report.

Scan Information (show all):

dependency-check version: 6.0.3
Report Generated On: Tue, 6 Apr 2021 08:54:59 GMT
Dependencies Scanned: 96 (96 unique)
Vulnerable Dependencies: 0
Vulnerabilities Found: 0
Vulnerabilities Suppressed: 116
...
NVD CVE Checked: 2021-04-06T07:17:49
NVD CVE Modified: 2021-04-06T05:01:46
VersionCheckOn: 2021-03-15T15:02:51

Summary

Display: Showing Vulnerable Dependencies (click to show all)

Dependency	Vulnerability IDs	Package	Confidence	Evidence Count
apache-mime4j-0.6.jar	cpe:2.3:a:apache:james:0.6:::::::*	pkg:maven/org.apache.james/apache-mime4j@0.6	Highest	44
apiguardian-api-1.1.0.jar		pkg:maven/org.apiguardian/apiguardian-api@1.1.0		28
arc-1.2.0.Final.jar	cpe:2.3:a:arc_project:arc:1.2.0:::::::* cpe:2.3:a:quarkus:quarkus:1.2.0:::::::*	pkg:maven/io.quarkus.arc/arc@1.2.0.Final	Highest	31
automaton-1.11-8.jar		pkg:maven/dk.brics.automaton/automaton@1.11-8		24
bcpkix-jdk15on-1.60.jar		pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.60		58
bcprov-jdk15on-1.68.jar	cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.68:::::::* cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.68:::::::*	pkg:maven/org.bouncycastle/bcprov-jdk15on@1.68	Low	53
btf-1.2.jar		pkg:maven/com.github.fge/btf@1.2		21
checker-qual-2.5.2.jar		pkg:maven/org.checkerframework/checker-qual@2.5.2		24
commons-codec-1.13.jar		pkg:maven/commons-codec/commons-codec@1.13		42
commons-io-2.6.jar		pkg:maven/commons-io/commons-io@2.6		40
commons-lang3-3.9.jar		pkg:maven/org.apache.commons/commons-lang3@3.9		41
commons-logging-1.2.jar		pkg:maven/commons-logging/commons-logging@1.2		36
entando-k8s-custom-model-6.3.4.jar	cpe:2.3:a:quarkus:quarkus:6.3.4:::::::*	pkg:maven/org.entando/entando-k8s-custom-model@6.3.4	Low	36
entando-k8s-operator-common-6.3.19.jar	cpe:2.3:a:quarkus:quarkus:6.3.19:::::::*	pkg:maven/org.entando/entando-k8s-operator-common@6.3.19	Low	32
failureaccess-1.0.1.jar		pkg:maven/com.google.guava/failureaccess@1.0.1		32
generex-1.0.2.jar		pkg:maven/com.github.mifmif/generex@1.0.2		25
graal-sdk-19.2.1.jar		pkg:maven/org.graalvm.sdk/graal-sdk@19.2.1		16
guava-30.1-jre.jar	cpe:2.3:a:google:guava:30.1:::::::*	pkg:maven/com.google.guava/guava@30.1-jre	Highest	27
hamcrest-core-1.3.jar		pkg:maven/org.hamcrest/hamcrest-core@1.3		26
httpclient-4.5.13.jar	cpe:2.3:a:apache:httpclient:4.5.13:::::::*	pkg:maven/org.apache.httpcomponents/httpclient@4.5.13	Highest	34
httpcore-4.4.13.jar		pkg:maven/org.apache.httpcomponents/httpcore@4.4.13		34
istack-commons-runtime-3.0.10.jar		pkg:maven/com.sun.istack/istack-commons-runtime@3.0.10		39
jackson-annotations-2.12.0.jar		pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.12.0		40
jackson-core-2.12.0.jar		pkg:maven/com.fasterxml.jackson.core/jackson-core@2.12.0		47
jackson-coreutils-1.6.jar		pkg:maven/com.github.fge/jackson-coreutils@1.6		23
jackson-databind-2.12.0.jar	cpe:2.3:a:fasterxml:jackson-databind:2.12.0:::::::*	pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.0	Highest	41
jackson-dataformat-yaml-2.12.0.jar	cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.12.0:::::::*	pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.12.0	Highest	43
jackson-datatype-jdk8-2.12.0.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.0:::::::*	pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.12.0	Low	41
jackson-datatype-jsr310-2.12.0.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.0:::::::*	pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.12.0	Low	41
jackson-jaxrs-base-2.12.0.jar		pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.12.0		44
jackson-jaxrs-json-provider-2.12.0.jar		pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.12.0		44
jackson-module-jaxb-annotations-2.12.0.jar		pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.12.0		46
jackson-module-parameter-names-2.12.0.jar	cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.0:::::::*	pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.12.0	Low	39
jakarta.activation-1.2.1.jar		pkg:maven/com.sun.activation/jakarta.activation@1.2.1		37
jakarta.activation-api-1.2.1.jar		pkg:maven/jakarta.activation/jakarta.activation-api@1.2.1		32
jakarta.annotation-api-1.3.5.jar		pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5		32
jakarta.el-api-3.0.3.jar		pkg:maven/jakarta.el/jakarta.el-api@3.0.3		34
jakarta.enterprise.cdi-api-2.0.2.jar		pkg:maven/jakarta.enterprise/jakarta.enterprise.cdi-api@2.0.2		31
jakarta.inject-api-1.0.jar		pkg:maven/jakarta.inject/jakarta.inject-api@1.0		22
jakarta.interceptor-api-1.2.5.jar		pkg:maven/jakarta.interceptor/jakarta.interceptor-api@1.2.5		37
jakarta.mail-1.6.5.jar		pkg:maven/com.sun.mail/jakarta.mail@1.6.5		48
jakarta.transaction-api-1.3.3.jar		pkg:maven/jakarta.transaction/jakarta.transaction-api@1.3.3		39
jakarta.validation-api-2.0.2.jar		pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2		29
javax.servlet-api-3.0.1.jar		pkg:maven/javax.servlet/javax.servlet-api@3.0.1		39
jaxb-runtime-2.3.3-b01.jar		pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.3-b01		31
jaxp-api-1.4.jar		pkg:maven/javax.xml.parsers/jaxp-api@1.4		21
jaxp-ri-1.4.jar		pkg:maven/com.sun.org.apache/jaxp-ri@1.4		20
jboss-jaxb-api_2.3_spec-2.0.0.Final.jar		pkg:maven/org.jboss.spec.javax.xml.bind/jboss-jaxb-api_2.3_spec@2.0.0.Final		51
jboss-jaxrs-api_2.1_spec-2.0.1.Final.jar		pkg:maven/org.jboss.spec.javax.ws.rs/jboss-jaxrs-api_2.1_spec@2.0.1.Final		49
jboss-logging-3.3.2.Final.jar		pkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final		45
jboss-logging-annotations-2.1.0.Final.jar		pkg:maven/org.jboss.logging/jboss-logging-annotations@2.1.0.Final		34
jboss-logmanager-embedded-1.0.4.jar		pkg:maven/org.jboss.logmanager/jboss-logmanager-embedded@1.0.4		38
jboss-threads-3.0.0.Final.jar		pkg:maven/org.jboss.threads/jboss-threads@3.0.0.Final		37
jcip-annotations-1.0-1.jar		pkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1		21
json-patch-1.9.jar	cpe:2.3:a:json-patch_project:json-patch:1.9:::::::*	pkg:maven/com.github.fge/json-patch@1.9	Highest	21
junit-4.13.1.jar		pkg:maven/junit/junit@4.13.1		28
junit-jupiter-api-5.7.0.jar		pkg:maven/org.junit.jupiter/junit-jupiter-api@5.7.0		36
junit-jupiter-engine-5.7.0.jar		pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.7.0		36
junit-jupiter-migrationsupport-5.7.0.jar		pkg:maven/org.junit.jupiter/junit-jupiter-migrationsupport@5.7.0		36
junit-jupiter-params-5.7.0.jar		pkg:maven/org.junit.jupiter/junit-jupiter-params@5.7.0		36
junit-platform-commons-1.7.0.jar		pkg:maven/org.junit.platform/junit-platform-commons@1.7.0		39
junit-platform-engine-1.7.0.jar		pkg:maven/org.junit.platform/junit-platform-engine@1.7.0		37
junit-platform-launcher-1.7.0.jar		pkg:maven/org.junit.platform/junit-platform-launcher@1.7.0		36
keycloak-admin-client-9.0.3.jar	cpe:2.3:a:keycloak:keycloak:9.0.3:::::::* cpe:2.3:a:redhat:keycloak:9.0.3:::::::*	pkg:maven/org.keycloak/keycloak-admin-client@9.0.3	Highest	35
keycloak-common-9.0.3.jar	cpe:2.3:a:keycloak:keycloak:9.0.3:::::::* cpe:2.3:a:redhat:keycloak:9.0.3:::::::*	pkg:maven/org.keycloak/keycloak-common@9.0.3	Highest	41
keycloak-core-9.0.3.jar	cpe:2.3:a:keycloak:keycloak:9.0.3:::::::* cpe:2.3:a:redhat:keycloak:9.0.3:::::::*	pkg:maven/org.keycloak/keycloak-core@9.0.3	Highest	39
kubernetes-client-4.7.0.jar	cpe:2.3:a:kubernetes:java:4.7.0:::::::*	pkg:maven/io.fabric8/kubernetes-client@4.7.0	Low	22
kubernetes-model-4.7.0.jar	cpe:2.3:a:kubernetes:java:4.7.0:::::::*	pkg:maven/io.fabric8/kubernetes-model@4.7.0	Low	42
kubernetes-model-common-4.7.0.jar		pkg:maven/io.fabric8/kubernetes-model-common@4.7.0		36
listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar		pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava		15
logging-interceptor-3.12.1.jar	cpe:2.3:a:squareup:okhttp:3.12.1:::::::* cpe:2.3:a:squareup:okhttp3:3.12.1:::::::*	pkg:maven/com.squareup.okhttp3/logging-interceptor@3.12.1	Highest	21
microprofile-config-api-1.3.jar		pkg:maven/org.eclipse.microprofile.config/microprofile-config-api@1.3		26
microprofile-context-propagation-api-1.0.1.jar		pkg:maven/org.eclipse.microprofile.context-propagation/microprofile-context-propagation-api@1.0.1		27
msg-simple-1.1.jar		pkg:maven/com.github.fge/msg-simple@1.1		21
okhttp-3.12.1.jar	cpe:2.3:a:squareup:okhttp:3.12.1:::::::* cpe:2.3:a:squareup:okhttp3:3.12.1:::::::*	pkg:maven/com.squareup.okhttp3/okhttp@3.12.1	Highest	19
okio-1.15.0.jar		pkg:maven/com.squareup.okio/okio@1.15.0		19
opentest4j-1.2.0.jar		pkg:maven/org.opentest4j/opentest4j@1.2.0		32
postgresql-42.2.14.jar	cpe:2.3:a:postgresql:postgresql:42.2.14:::::::* cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.14:::::::*	pkg:maven/org.postgresql/postgresql@42.2.14	Highest	45
quarkus-arc-1.2.0.Final.jar	cpe:2.3:a:arc_project:arc:1.2.0:::::::* cpe:2.3:a:quarkus:quarkus:1.2.0:::::::*	pkg:maven/io.quarkus/quarkus-arc@1.2.0.Final	Highest	33
quarkus-core-1.2.0.Final.jar	cpe:2.3:a:quarkus:quarkus:1.2.0:::::::*	pkg:maven/io.quarkus/quarkus-core@1.2.0.Final	Highest	31
quarkus-jackson-1.2.0.Final.jar	cpe:2.3:a:quarkus:quarkus:1.2.0:::::::*	pkg:maven/io.quarkus/quarkus-jackson@1.2.0.Final	Highest	31
quarkus-kubernetes-client-1.2.0.Final.jar	cpe:2.3:a:quarkus:quarkus:1.2.0:::::::* cpe:2.3:a:redhat:kubernetes-client:1.2.0:::::::*	pkg:maven/io.quarkus/quarkus-kubernetes-client@1.2.0.Final	Highest	33
reactive-streams-1.0.3.jar		pkg:maven/org.reactivestreams/reactive-streams@1.0.3		25
resteasy-client-3.15.0.Final.jar	cpe:2.3:a:redhat:resteasy:3.15.0:::::::*	pkg:maven/org.jboss.resteasy/resteasy-client@3.15.0.Final	Highest	36
resteasy-jackson2-provider-3.15.0.Final.jar	cpe:2.3:a:redhat:resteasy:3.15.0:::::::*	pkg:maven/org.jboss.resteasy/resteasy-jackson2-provider@3.15.0.Final	Highest	32
resteasy-jaxb-provider-3.15.0.Final.jar	cpe:2.3:a:redhat:resteasy:3.15.0:::::::*	pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.15.0.Final	Highest	32
resteasy-jaxrs-3.15.0.Final.jar	cpe:2.3:a:redhat:resteasy:3.15.0:::::::*	pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.0.Final	Highest	34
resteasy-multipart-provider-3.15.0.Final.jar	cpe:2.3:a:redhat:resteasy:3.15.0:::::::*	pkg:maven/org.jboss.resteasy/resteasy-multipart-provider@3.15.0.Final	Highest	32
slf4j-api-1.7.16.jar		pkg:maven/org.slf4j/slf4j-api@1.7.16		27
slf4j-jboss-logging-1.2.0.Final.jar		pkg:maven/org.jboss.slf4j/slf4j-jboss-logging@1.2.0.Final		35
smallrye-config-1.5.1.jar		pkg:maven/io.smallrye.config/smallrye-config@1.5.1		20
smallrye-config-common-1.5.1.jar		pkg:maven/io.smallrye.config/smallrye-config-common@1.5.1		22
snakeyaml-1.27.jar	cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:::::::*	pkg:maven/org.yaml/snakeyaml@1.27	Highest	28
txw2-2.3.3-b01.jar		pkg:maven/org.glassfish.jaxb/txw2@2.3.3-b01		33
wildfly-common-1.5.0.Final-format-001.jar		pkg:maven/org.wildfly.common/wildfly-common@1.5.0.Final-format-001		35
zjsonpatch-0.3.0.jar		pkg:maven/io.fabric8/zjsonpatch@0.3.0		37

Dependencies

apache-mime4j-0.6.jar

Description:

Java stream based MIME message parser

License:

http://www.apache.org/licenses/LICENSE-2.0.html

File Path: /home/jenkins/.mvnrepository/org/apache/james/apache-mime4j/0.6/apache-mime4j-0.6.jar
MD5: e90fb1ab3f8145ad00def6359da22faf
SHA1: 945007627e8d12275d755081a9e609c018e1210d
SHA256:fd7dde90195ba1aea3cfacb95b3022b2499adf676d1bc896d0fa5c257b596c6c
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-docurl	http://www.apache.org	Low
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	pom	artifactid	apache-mime4j	Low
Vendor	jar	package name	mime4j	Highest
Vendor	pom	groupid	org.apache.james	Highest
Vendor	pom	parent-groupid	org.apache.james	Medium
Vendor	pom	parent-artifactid	james-project	Low
Vendor	jar	package name	parser	Highest
Vendor	pom	url	http://james.apache.org/mime4j	Highest
Vendor	jar	package name	message	Highest
Vendor	Manifest	url	http://james.apache.org/mime4j	Low
Vendor	jar	package name	james	Highest
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	Manifest	originally-created-by	1.6.0_10 (Sun Microsystems Inc.)	Low
Vendor	Manifest	bundle-symbolicname	org.apache.james.apache-mime4j	Medium
Vendor	file	name	apache-mime4j	High
Vendor	pom	groupid	apache.james	Highest
Vendor	pom	name	Apache JAMES Mime4j	High
Product	Manifest	bundle-docurl	http://www.apache.org	Low
Product	Manifest	Bundle-Name	Apache JAMES Mime4j	Medium
Product	pom	parent-artifactid	james-project	Medium
Product	pom	artifactid	apache-mime4j	Highest
Product	jar	package name	mime4j	Highest
Product	pom	parent-groupid	org.apache.james	Medium
Product	jar	package name	parser	Highest
Product	jar	package name	message	Highest
Product	Manifest	url	http://james.apache.org/mime4j	Low
Product	Manifest	Implementation-Title	Apache Mime4j	High
Product	jar	package name	james	Highest
Product	jar	package name	apache	Highest
Product	Manifest	specification-title	Apache Mime4j	Medium
Product	Manifest	originally-created-by	1.6.0_10 (Sun Microsystems Inc.)	Low
Product	pom	url	http://james.apache.org/mime4j	Medium
Product	Manifest	bundle-symbolicname	org.apache.james.apache-mime4j	Medium
Product	file	name	apache-mime4j	High
Product	pom	groupid	apache.james	Highest
Product	pom	name	Apache JAMES Mime4j	High
Version	file	version	0.6	High
Version	pom	version	0.6	Highest
Version	Manifest	Bundle-Version	0.6	High
Version	Manifest	Implementation-Version	0.6	High
Version	pom	parent-version	0.6	Low

Identifiers

pkg:maven/org.apache.james/apache-mime4j@0.6 (Confidence:High)
cpe:2.3:a:apache:james:0.6:*:*:*:*:*:*:* (Confidence:Highest)

apiguardian-api-1.1.0.jar

Description:

@API Guardian

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/apiguardian/apiguardian-api/1.1.0/apiguardian-api-1.1.0.jar
MD5: 944805817b648e558ed6be6fc7f054f3
SHA1: fc9dff4bb36d627bdc553de77e1f17efd790876c
SHA256:a9aae9ff8ae3e17a2a18f79175e82b16267c246fbbd3ca9dfbbb290b08dcfdd4
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	build-revision	e7f98b22d3b2a54033711e2666a047d1066b0b25	Low
Vendor	Manifest	build-time	21:07:38.516+0200	Low
Vendor	pom	groupid	apiguardian	Highest
Vendor	Manifest	Implementation-Vendor	apiguardian.org	High
Vendor	jar	package name	apiguardian	Highest
Vendor	pom	artifactid	apiguardian-api	Low
Vendor	Manifest	build-date	2019-06-06	Low
Vendor	Manifest	specification-vendor	apiguardian.org	Low
Vendor	pom	groupid	org.apiguardian	Highest
Vendor	pom	name	org.apiguardian:apiguardian-api	High
Vendor	jar	package name	api	Highest
Vendor	pom	url	apiguardian-team/apiguardian	Highest
Vendor	file	name	apiguardian-api	High
Product	Manifest	build-revision	e7f98b22d3b2a54033711e2666a047d1066b0b25	Low
Product	Manifest	build-time	21:07:38.516+0200	Low
Product	pom	groupid	apiguardian	Highest
Product	pom	artifactid	apiguardian-api	Highest
Product	pom	url	apiguardian-team/apiguardian	High
Product	jar	package name	apiguardian	Highest
Product	Manifest	build-date	2019-06-06	Low
Product	Manifest	Implementation-Title	apiguardian-api	High
Product	pom	name	org.apiguardian:apiguardian-api	High
Product	jar	package name	api	Highest
Product	Manifest	specification-title	apiguardian-api	Medium
Product	file	name	apiguardian-api	High
Version	pom	version	1.1.0	Highest
Version	file	version	1.1.0	High
Version	Manifest	Implementation-Version	1.1.0	High

Identifiers

pkg:maven/org.apiguardian/apiguardian-api@1.1.0 (Confidence:High)

arc-1.2.0.Final.jar

File Path: /home/jenkins/.mvnrepository/io/quarkus/arc/arc/1.2.0.Final/arc-1.2.0.Final.jar
MD5: 407b54e2c412dfa51b8dc739149def9e
SHA1: 8ca3834e147a87ef27da11abcbf4da73fa3f4e7f
SHA256:2b86becbf25944307b5b6b442b749d6a79dbd206afc338ab776183d332d2007e
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	arc	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	groupid	io.quarkus.arc	Highest
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	jar	package name	arc	Highest
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus.arc	Medium
Vendor	pom	artifactid	arc	Low
Vendor	Manifest	implementation-url	http://www.jboss.org/arc-parent/arc	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	name	ArC - Runtime	High
Vendor	pom	parent-artifactid	arc-parent	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	parent-artifactid	arc-parent	Medium
Product	pom	artifactid	arc	Highest
Product	file	name	arc	High
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	quarkus	Highest
Product	pom	groupid	io.quarkus.arc	Highest
Product	jar	package name	arc	Highest
Product	jar	package name	io	Highest
Product	Manifest	implementation-url	http://www.jboss.org/arc-parent/arc	Low
Product	Manifest	Implementation-Title	ArC - Runtime	High
Product	Manifest	specification-title	ArC - Runtime	Medium
Product	pom	name	ArC - Runtime	High
Product	Manifest	os-name	Linux	Medium
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Identifiers

pkg:maven/io.quarkus.arc/arc@1.2.0.Final (Confidence:High)
cpe:2.3:a:arc_project:arc:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:quarkus:quarkus:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)

automaton-1.11-8.jar

Description:

A DFA/NFA (finite-state automata) implementation with
		Unicode alphabet (UTF16) and support for the standard regular
		expression operations (concatenation, union, Kleene star) and a number
		of non-standard ones (intersection, complement, etc.)

License:

BSD: http://www.opensource.org/licenses/bsd-license.php

File Path: /home/jenkins/.mvnrepository/dk/brics/automaton/automaton/1.11-8/automaton-1.11-8.jar
MD5: 3467dcbbba2fe68a4e07a5826988e034
SHA1: 6ebfa65eb431ff4b715a23be7a750cbc4cc96d0f
SHA256:a24475f6ccfe1cc7a4fe9e34e05ce687b0ce0c6e8cb781e0eced3b186482c61e
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	url	http://www.brics.dk/automaton/	Highest
Vendor	pom	name	Automaton	High
Vendor	pom	groupid	dk.brics.automaton	Highest
Vendor	pom	artifactid	automaton	Low
Vendor	jar	package name	state	Highest
Vendor	jar	package name	automaton	Highest
Vendor	jar	package name	brics	Low
Vendor	jar	package name	brics	Highest
Vendor	jar	package name	automaton	Low
Vendor	file	name	automaton	High
Vendor	jar	package name	dk	Highest
Vendor	jar	package name	dk	Low
Product	pom	url	http://www.brics.dk/automaton/	Medium
Product	jar	package name	automaton	Highest
Product	jar	package name	brics	Low
Product	pom	name	Automaton	High
Product	pom	groupid	dk.brics.automaton	Highest
Product	jar	package name	brics	Highest
Product	jar	package name	automaton	Low
Product	file	name	automaton	High
Product	pom	artifactid	automaton	Highest
Product	jar	package name	dk	Highest
Product	jar	package name	state	Highest
Version	pom	version	1.11-8	Highest

Identifiers

pkg:maven/dk.brics.automaton/automaton@1.11-8 (Confidence:High)

bcpkix-jdk15on-1.60.jar

Description:

The Bouncy Castle Java APIs for CMS, PKCS, EAC, TSP, CMP, CRMF, OCSP, and certificate generation. This jar contains APIs for JDK 1.5 to JDK 1.8. The APIs can be used in conjunction with a JCE/JCA provider such as the one provided with the Bouncy Castle Cryptography APIs.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html

File Path: /home/jenkins/.mvnrepository/org/bouncycastle/bcpkix-jdk15on/1.60/bcpkix-jdk15on-1.60.jar
MD5: edc6f012c19cf74d70964187a4ab32ba
SHA1: d0c46320fbc07be3a24eb13a56cee4e3d38e0c75
SHA256:a82ac5bc24bcbf6ba9eb70f334d6782e25245c8da36d9848ad553b5b7b68efd1
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	bcpkix	Medium
Vendor	pom	groupid	org.bouncycastle	Highest
Vendor	Manifest	application-library-allowable-codebase	*	Low
Vendor	jar	package name	cmp	Highest
Vendor	file	name	bcpkix-jdk15on	High
Vendor	jar	package name	crmf	Highest
Vendor	jar	package name	bouncycastle	Highest
Vendor	jar	package name	cms	Highest
Vendor	Manifest	specification-vendor	BouncyCastle.org	Low
Vendor	pom	groupid	bouncycastle	Highest
Vendor	Manifest	trusted-library	true	Low
Vendor	Manifest	Implementation-Vendor	BouncyCastle.org	High
Vendor	Manifest	permissions	all-permissions	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	Manifest	originally-created-by	25.171-b11 (Oracle Corporation)	Low
Vendor	Manifest	Implementation-Vendor-Id	org.bouncycastle	Medium
Vendor	Manifest	application-name	Bouncy Castle PKIX API	Medium
Vendor	jar	package name	pkcs	Highest
Vendor	jar	package name	tsp	Highest
Vendor	Manifest	caller-allowable-codebase	*	Low
Vendor	pom	url	http://www.bouncycastle.org/java.html	Highest
Vendor	jar	package name	pkix	Highest
Vendor	pom	artifactid	bcpkix-jdk15on	Low
Vendor	Manifest	automatic-module-name	org.bouncycastle.pkix	Medium
Vendor	Manifest	extension-name	org.bouncycastle.bcpkix	Medium
Vendor	Manifest	codebase	*	Low
Vendor	jar	package name	eac	Highest
Vendor	jar	package name	ocsp	Highest
Vendor	pom	name	Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs	High
Product	Manifest	bundle-symbolicname	bcpkix	Medium
Product	Manifest	application-library-allowable-codebase	*	Low
Product	jar	package name	cmp	Highest
Product	file	name	bcpkix-jdk15on	High
Product	jar	package name	crmf	Highest
Product	jar	package name	bouncycastle	Highest
Product	jar	package name	cms	Highest
Product	pom	groupid	bouncycastle	Highest
Product	Manifest	trusted-library	true	Low
Product	Manifest	permissions	all-permissions	Low
Product	pom	url	http://www.bouncycastle.org/java.html	Medium
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	Manifest	originally-created-by	25.171-b11 (Oracle Corporation)	Low
Product	pom	artifactid	bcpkix-jdk15on	Highest
Product	Manifest	application-name	Bouncy Castle PKIX API	Medium
Product	jar	package name	pkcs	Highest
Product	jar	package name	tsp	Highest
Product	Manifest	caller-allowable-codebase	*	Low
Product	Manifest	Bundle-Name	bcpkix	Medium
Product	jar	package name	pkix	Highest
Product	Manifest	automatic-module-name	org.bouncycastle.pkix	Medium
Product	Manifest	extension-name	org.bouncycastle.bcpkix	Medium
Product	Manifest	codebase	*	Low
Product	jar	package name	eac	Highest
Product	jar	package name	ocsp	Highest
Product	pom	name	Bouncy Castle PKIX, CMS, EAC, TSP, PKCS, OCSP, CMP, and CRMF APIs	High
Version	Manifest	Bundle-Version	1.60	High
Version	pom	version	1.60	Highest
Version	file	version	1.60	High

Identifiers

pkg:maven/org.bouncycastle/bcpkix-jdk15on@1.60 (Confidence:High)

bcprov-jdk15on-1.68.jar

Description:

The Bouncy Castle Crypto package is a Java implementation of cryptographic algorithms. This jar contains JCE provider and lightweight API for the Bouncy Castle Cryptography APIs for JDK 1.5 and up.

License:

Bouncy Castle Licence: http://www.bouncycastle.org/licence.html

File Path: /home/jenkins/.mvnrepository/org/bouncycastle/bcprov-jdk15on/1.68/bcprov-jdk15on-1.68.jar
MD5: f34043ac8be2793843364b4406a15543
SHA1: 46a080368d38b428d237a59458f9bc915222894d
SHA256:f732a46c8de7e2232f2007c682a21d1f4cc8a8a0149b6b7bd6aa1afdc65a0f8d
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.bouncycastle	Highest
Vendor	Manifest	application-library-allowable-codebase	*	Low
Vendor	jar	package name	org	Highest
Vendor	jar	package name	bouncycastle	Highest
Vendor	Manifest	specification-vendor	BouncyCastle.org	Low
Vendor	file	name	bcprov-jdk15on	High
Vendor	pom	groupid	bouncycastle	Highest
Vendor	Manifest	trusted-library	true	Low
Vendor	Manifest	extension-name	org.bouncycastle.bcprovider	Medium
Vendor	Manifest	Implementation-Vendor	BouncyCastle.org	High
Vendor	Manifest	permissions	all-permissions	Low
Vendor	pom	artifactid	bcprov-jdk15on	Low
Vendor	Manifest	originally-created-by	25.275-b01 (Private Build)	Low
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	pom	name	Bouncy Castle Provider	High
Vendor	Manifest	Implementation-Vendor-Id	org.bouncycastle	Medium
Vendor	jar	package name	provider	Highest
Vendor	Manifest	bundle-symbolicname	bcprov	Medium
Vendor	Manifest	caller-allowable-codebase	*	Low
Vendor	Manifest	multi-release	true	Low
Vendor	jar	package name	crypto	Highest
Vendor	Manifest	application-name	Bouncy Castle Provider	Medium
Vendor	jar	package name	jce	Highest
Vendor	pom	url	http://www.bouncycastle.org/java.html	Highest
Vendor	Manifest	codebase	*	Low
Vendor	Manifest	automatic-module-name	org.bouncycastle.provider	Medium
Product	Manifest	application-library-allowable-codebase	*	Low
Product	Manifest	Bundle-Name	bcprov	Medium
Product	jar	package name	org	Highest
Product	jar	package name	bouncycastle	Highest
Product	file	name	bcprov-jdk15on	High
Product	pom	groupid	bouncycastle	Highest
Product	Manifest	trusted-library	true	Low
Product	Manifest	extension-name	org.bouncycastle.bcprovider	Medium
Product	Manifest	permissions	all-permissions	Low
Product	Manifest	originally-created-by	25.275-b01 (Private Build)	Low
Product	pom	url	http://www.bouncycastle.org/java.html	Medium
Product	hint analyzer	product	legion-of-the-bouncy-castle-java-crytography-api	High
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	pom	name	Bouncy Castle Provider	High
Product	jar	package name	provider	Highest
Product	Manifest	bundle-symbolicname	bcprov	Medium
Product	Manifest	caller-allowable-codebase	*	Low
Product	Manifest	multi-release	true	Low
Product	jar	package name	crypto	Highest
Product	Manifest	application-name	Bouncy Castle Provider	Medium
Product	jar	package name	jce	Highest
Product	pom	artifactid	bcprov-jdk15on	Highest
Product	Manifest	codebase	*	Low
Product	Manifest	automatic-module-name	org.bouncycastle.provider	Medium
Version	Manifest	Bundle-Version	1.68	High
Version	pom	version	1.68	Highest
Version	file	version	1.68	High

Identifiers

pkg:maven/org.bouncycastle/bcprov-jdk15on@1.68 (Confidence:High)
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle:1.68:*:*:*:*:*:*:* (Confidence:Low)
cpe:2.3:a:bouncycastle:legion-of-the-bouncy-castle-java-crytography-api:1.68:*:*:*:*:*:*:* (Confidence:Low)

btf-1.2.jar

Description:

null

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/com/github/fge/btf/1.2/btf-1.2.jar
MD5: 5c91cd1157e0bb99e77a33b6f42a457c
SHA1: 9e66651022eb86301b348d57e6f59459effc343b
SHA256:38a380577a186718cb97ee8af58d4f40f7fbfdc23ff68b5f4b3c2c68a1d5c05d
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	fge	Highest
Vendor	pom	name	null	High
Vendor	jar	package name	github	Highest
Vendor	pom	groupid	com.github.fge	Highest
Vendor	file	name	btf	High
Vendor	pom	url	fge/btf	Highest
Vendor	pom	artifactid	btf	Low
Vendor	Manifest	bundle-symbolicname	com.github.fge.btf	Medium
Vendor	pom	groupid	github.fge	Highest
Product	jar	package name	fge	Highest
Product	pom	name	null	High
Product	Manifest	Bundle-Name	btf	Medium
Product	pom	artifactid	btf	Highest
Product	jar	package name	github	Highest
Product	pom	url	fge/btf	High
Product	file	name	btf	High
Product	Manifest	bundle-symbolicname	com.github.fge.btf	Medium
Product	pom	groupid	github.fge	Highest
Version	pom	version	1.2	Highest
Version	Manifest	Bundle-Version	1.2	High
Version	file	version	1.2	High

Identifiers

pkg:maven/com.github.fge/btf@1.2 (Confidence:High)

checker-qual-2.5.2.jar

Description:

        Checker Qual is the set of annotations (qualifiers) and supporting classes
        used by the Checker Framework to type check Java source code.  Please
        see artifact:
        org.checkerframework:checker

License:

The MIT License: http://opensource.org/licenses/MIT

File Path: /home/jenkins/.mvnrepository/org/checkerframework/checker-qual/2.5.2/checker-qual-2.5.2.jar
MD5: 04acc78b24bbd365423da357da003cf0
SHA1: cea74543d5904a30861a61b4643a5f2bb372efc4
SHA256:64b02691c8b9d4e7700f8ee2e742dce7ea2c6e81e662b7522c9ee3bf568c040a
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	framework	Highest
Vendor	pom	groupid	checkerframework	Highest
Vendor	file	name	checker-qual	High
Vendor	pom	artifactid	checker-qual	Low
Vendor	jar	package name	checker	Highest
Vendor	pom	name	Checker Qual	High
Vendor	Manifest	implementation-url	https://checkerframework.org	Low
Vendor	pom	url	https://checkerframework.org	Highest
Vendor	jar	package name	checkerframework	Highest
Vendor	pom	groupid	org.checkerframework	Highest
Vendor	jar	package name	qual	Highest
Product	pom	artifactid	checker-qual	Highest
Product	jar	package name	framework	Highest
Product	pom	groupid	checkerframework	Highest
Product	pom	url	https://checkerframework.org	Medium
Product	file	name	checker-qual	High
Product	jar	package name	checker	Highest
Product	pom	name	Checker Qual	High
Product	Manifest	implementation-url	https://checkerframework.org	Low
Product	jar	package name	checkerframework	Highest
Product	jar	package name	qual	Highest
Version	pom	version	2.5.2	Highest
Version	file	version	2.5.2	High
Version	Manifest	Implementation-Version	2.5.2	High

Identifiers

pkg:maven/org.checkerframework/checker-qual@2.5.2 (Confidence:High)

commons-codec-1.13.jar

Description:

     The Apache Commons Codec package contains simple encoder and decoders for
     various formats such as Base64 and Hexadecimal.  In addition to these
     widely used encoders and decoders, the codec package also maintains a
     collection of phonetic encoding utilities.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/commons-codec/commons-codec/1.13/commons-codec-1.13.jar
MD5: 5085f186156822fa3a02e55bcd5584a8
SHA1: 3f18e1aa31031d89db6f01ba05d501258ce69d2c
SHA256:61f7a3079e92b9fdd605238d0295af5fd11ac411a0a0af48deace1f6c5ffa072
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-codec/	Low
Vendor	pom	name	Apache Commons Codec	High
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	https://commons.apache.org/proper/commons-codec/	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.commons.commons-codec	Medium
Vendor	Manifest	Implementation-Vendor-Id	commons-codec	Medium
Vendor	jar	package name	codec	Highest
Vendor	jar	package name	commons	Highest
Vendor	pom	artifactid	commons-codec	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	jar	package name	encoder	Highest
Vendor	Manifest	implementation-url	https://commons.apache.org/proper/commons-codec/	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	groupid	commons-codec	Highest
Vendor	file	name	commons-codec	High
Vendor	Manifest	automatic-module-name	org.apache.commons.codec	Medium
Product	Manifest	bundle-docurl	https://commons.apache.org/proper/commons-codec/	Low
Product	pom	name	Apache Commons Codec	High
Product	pom	parent-groupid	org.apache.commons	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.commons-codec	Medium
Product	pom	artifactid	commons-codec	Highest
Product	jar	package name	codec	Highest
Product	jar	package name	commons	Highest
Product	Manifest	Implementation-Title	Apache Commons Codec	High
Product	Manifest	specification-title	Apache Commons Codec	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	pom	parent-artifactid	commons-parent	Medium
Product	jar	package name	encoder	Highest
Product	Manifest	implementation-url	https://commons.apache.org/proper/commons-codec/	Low
Product	jar	package name	apache	Highest
Product	Manifest	Bundle-Name	Apache Commons Codec	Medium
Product	pom	url	https://commons.apache.org/proper/commons-codec/	Medium
Product	file	name	commons-codec	High
Product	pom	groupid	commons-codec	Highest
Product	Manifest	automatic-module-name	org.apache.commons.codec	Medium
Version	pom	parent-version	1.13	Low
Version	pom	version	1.13	Highest
Version	Manifest	Implementation-Version	1.13	High
Version	file	version	1.13	High

Identifiers

pkg:maven/commons-codec/commons-codec@1.13 (Confidence:High)

commons-io-2.6.jar

Description:

The Apache Commons IO library contains utility classes, stream implementations, file filters,
file comparators, endian transformation classes, and much more.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/commons-io/commons-io/2.6/commons-io-2.6.jar
MD5: 467c2a1f64319c99b5faf03fc78572af
SHA1: 815893df5f31da2ece4040fe0a12fd44b577afaf
SHA256:f877d304660ac2a142f3865badfc971dec7ed73c747c7f8d5d2f5139ca736513
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	commons-io	Medium
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-io/	Low
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	url	http://commons.apache.org/proper/commons-io/	Highest
Vendor	file	name	commons-io	High
Vendor	pom	groupid	commons-io	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	implementation-url	http://commons.apache.org/proper/commons-io/	Low
Vendor	jar	package name	io	Highest
Vendor	Manifest	automatic-module-name	org.apache.commons.io	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	Manifest	bundle-symbolicname	org.apache.commons.io	Medium
Vendor	pom	artifactid	commons-io	Low
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	name	Apache Commons IO	High
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-io/	Low
Product	pom	parent-groupid	org.apache.commons	Medium
Product	file	name	commons-io	High
Product	Manifest	specification-title	Apache Commons IO	Medium
Product	pom	groupid	commons-io	Highest
Product	Manifest	Implementation-Title	Apache Commons IO	High
Product	jar	package name	commons	Highest
Product	Manifest	implementation-url	http://commons.apache.org/proper/commons-io/	Low
Product	jar	package name	io	Highest
Product	Manifest	automatic-module-name	org.apache.commons.io	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	Bundle-Name	Apache Commons IO	Medium
Product	pom	artifactid	commons-io	Highest
Product	jar	package name	apache	Highest
Product	Manifest	bundle-symbolicname	org.apache.commons.io	Medium
Product	pom	name	Apache Commons IO	High
Product	pom	url	http://commons.apache.org/proper/commons-io/	Medium
Version	file	version	2.6	High
Version	pom	parent-version	2.6	Low
Version	pom	version	2.6	Highest
Version	Manifest	Implementation-Version	2.6	High

Identifiers

pkg:maven/commons-io/commons-io@2.6 (Confidence:High)

commons-lang3-3.9.jar

Description:

  Apache Commons Lang, a package of Java utility classes for the
  classes that are in java.lang's hierarchy, or are considered to be so
  standard as to justify existence in java.lang.

License:

https://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/apache/commons/commons-lang3/3.9/commons-lang3-3.9.jar
MD5: fa752c3cb5474b05e14bf2ed7e242020
SHA1: 0122c7cee69b53ed4a7681c03d4ee4c0e2765da5
SHA256:de2e1dcdcf3ef917a8ce858661a06726a9a944f28e33ad7f9e08bea44dc3c230
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	pom	artifactid	commons-lang3	Low
Vendor	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	groupid	org.apache.commons	Highest
Vendor	jar	package name	commons	Highest
Vendor	jar	package name	lang3	Highest
Vendor	pom	groupid	apache.commons	Highest
Vendor	file	name	commons-lang3	High
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/	Low
Vendor	Manifest	Implementation-Vendor-Id	org.apache.commons	Medium
Vendor	jar	package name	apache	Highest
Vendor	Manifest	implementation-url	http://commons.apache.org/proper/commons-lang/	Low
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	url	http://commons.apache.org/proper/commons-lang/	Highest
Vendor	pom	name	Apache Commons Lang	High
Product	Manifest	bundle-symbolicname	org.apache.commons.lang3	Medium
Product	Manifest	specification-title	Apache Commons Lang	Medium
Product	Manifest	Implementation-Title	Apache Commons Lang	High
Product	Manifest	Bundle-Name	Apache Commons Lang	Medium
Product	pom	parent-groupid	org.apache.commons	Medium
Product	Manifest	automatic-module-name	org.apache.commons.lang3	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	commons	Highest
Product	jar	package name	lang3	Highest
Product	pom	parent-artifactid	commons-parent	Medium
Product	pom	artifactid	commons-lang3	Highest
Product	pom	url	http://commons.apache.org/proper/commons-lang/	Medium
Product	pom	groupid	apache.commons	Highest
Product	file	name	commons-lang3	High
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-lang/	Low
Product	jar	package name	apache	Highest
Product	Manifest	implementation-url	http://commons.apache.org/proper/commons-lang/	Low
Product	pom	name	Apache Commons Lang	High
Version	Manifest	Implementation-Version	3.9	High
Version	pom	version	3.9	Highest
Version	pom	parent-version	3.9	Low
Version	file	version	3.9	High

Identifiers

pkg:maven/org.apache.commons/commons-lang3@3.9 (Confidence:High)

commons-logging-1.2.jar

Description:

Apache Commons Logging is a thin adapter allowing configurable bridging to other,
    well known logging systems.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/commons-logging/commons-logging/1.2/commons-logging-1.2.jar
MD5: 040b4b4d8eac886f6b4a2a3bd2f31b00
SHA1: 4bfc12adfe4842bf07b657f0369c4cb522955686
SHA256:daddea1ea0be0f56978ab3006b8ac92834afeefbd9b7e4e6316fca57df0fa636
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-logging/	Low
Vendor	jar	package name	logging	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	pom	parent-groupid	org.apache.commons	Medium
Vendor	Manifest	bundle-symbolicname	org.apache.commons.logging	Medium
Vendor	jar	package name	commons	Highest
Vendor	pom	artifactid	commons-logging	Low
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	Manifest	implementation-build	tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200	Low
Vendor	pom	parent-artifactid	commons-parent	Low
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	name	Apache Commons Logging	High
Vendor	file	name	commons-logging	High
Vendor	pom	url	http://commons.apache.org/proper/commons-logging/	Highest
Vendor	pom	groupid	commons-logging	Highest
Product	Manifest	bundle-docurl	http://commons.apache.org/proper/commons-logging/	Low
Product	jar	package name	logging	Highest
Product	pom	parent-groupid	org.apache.commons	Medium
Product	pom	url	http://commons.apache.org/proper/commons-logging/	Medium
Product	Manifest	bundle-symbolicname	org.apache.commons.logging	Medium
Product	jar	package name	commons	Highest
Product	pom	artifactid	commons-logging	Highest
Product	Manifest	Bundle-Name	Apache Commons Logging	Medium
Product	pom	parent-artifactid	commons-parent	Medium
Product	Manifest	Implementation-Title	Apache Commons Logging	High
Product	Manifest	specification-title	Apache Commons Logging	Medium
Product	jar	package name	apache	Highest
Product	Manifest	implementation-build	tags/LOGGING_1_2_RC2@r1608092; 2014-07-05 20:11:44+0200	Low
Product	pom	name	Apache Commons Logging	High
Product	file	name	commons-logging	High
Product	pom	groupid	commons-logging	Highest
Version	pom	version	1.2	Highest
Version	file	version	1.2	High
Version	pom	parent-version	1.2	Low
Version	Manifest	Implementation-Version	1.2	High

Identifiers

pkg:maven/commons-logging/commons-logging@1.2 (Confidence:High)

entando-k8s-custom-model-6.3.4.jar

Description:

Entando's Kubernetes Custom Resources

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1, February 1999: https://www.gnu.org/licenses/lgpl-2.1.txt

File Path: /home/jenkins/.mvnrepository/org/entando/entando-k8s-custom-model/6.3.4/entando-k8s-custom-model-6.3.4.jar
MD5: c744809d5012ba2e91767c76349709bd
SHA1: d40dc798900cb12eb1275bca1ce755a59a3aa09d
SHA256:d77e0ec0f4eb5707ebf3668bee92afeefed142b80506ba90f59e566a55002c94
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-build	6.3.4	Low
Vendor	pom	organization name	Entando Inc.	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	file	name	entando-k8s-custom-model	High
Vendor	jar	package name	kubernetes	Highest
Vendor	jar	package name	entando	Highest
Vendor	Manifest	Implementation-Vendor	Entando Inc.	High
Vendor	jar	package name	model	Highest
Vendor	pom	url	https://central.entando.com	Highest
Vendor	pom	groupid	org.entando	Highest
Vendor	pom	artifactid	entando-k8s-custom-model	Low
Vendor	pom	organization url	http://www.entando.com/	Medium
Vendor	pom	groupid	entando	Highest
Vendor	pom	parent-groupid	org.entando	Medium
Vendor	pom	parent-artifactid	entando-quarkus-parent	Low
Vendor	pom	name	Entando Kubernetes Custom Model	High
Product	Manifest	implementation-build	6.3.4	Low
Product	Manifest	Implementation-Title	Entando Kubernetes Custom Model	High
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	entando-k8s-custom-model	High
Product	jar	package name	kubernetes	Highest
Product	jar	package name	entando	Highest
Product	jar	package name	model	Highest
Product	pom	organization url	http://www.entando.com/	Low
Product	pom	parent-artifactid	entando-quarkus-parent	Medium
Product	pom	organization name	Entando Inc.	Low
Product	pom	artifactid	entando-k8s-custom-model	Highest
Product	pom	groupid	entando	Highest
Product	pom	parent-groupid	org.entando	Medium
Product	pom	name	Entando Kubernetes Custom Model	High
Product	pom	url	https://central.entando.com	Medium
Version	file	version	6.3.4	High
Version	Manifest	implementation-build	6.3.4	Low
Version	pom	parent-version	6.3.4	Low
Version	pom	version	6.3.4	Highest
Version	Manifest	Implementation-Version	6.3.4	High

Identifiers

pkg:maven/org.entando/entando-k8s-custom-model@6.3.4 (Confidence:High)
cpe:2.3:a:quarkus:quarkus:6.3.4:*:*:*:*:*:*:* (Confidence:Low)

entando-k8s-operator-common-6.3.19.jar

Description:

Entando's K8S Operator Common Library

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1, February 1999: https://www.gnu.org/licenses/lgpl-2.1.txt

File Path: /home/jenkins/.mvnrepository/org/entando/entando-k8s-operator-common/6.3.19/entando-k8s-operator-common-6.3.19.jar
MD5: e8592808bb86ef83a2a45506b3e8dd77
SHA1: a4efc39a030c0ae399b52124a200afdecd279471
SHA256:7e459b109b5bb6a74d4e39ffbd4a68d9f00f68d8a01e8345d324ed0d5e083931
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	entando-k8s-operator-common	Low
Vendor	pom	organization name	Entando Inc.	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	jar	package name	entando	Highest
Vendor	Manifest	Implementation-Vendor	Entando Inc.	High
Vendor	pom	url	https://central.entando.com	Highest
Vendor	file	name	entando-k8s-operator-common	High
Vendor	Manifest	implementation-build	6.3.19	Low
Vendor	pom	groupid	org.entando	Highest
Vendor	pom	organization url	http://www.entando.com/	Medium
Vendor	pom	groupid	entando	Highest
Vendor	pom	name	Entando K8S Operator Common Library	High
Vendor	pom	parent-groupid	org.entando	Medium
Vendor	pom	parent-artifactid	entando-quarkus-parent	Low
Product	Manifest	build-jdk-spec	11	Low
Product	jar	package name	entando	Highest
Product	pom	artifactid	entando-k8s-operator-common	Highest
Product	Manifest	Implementation-Title	Entando K8S Operator Common Library	High
Product	pom	organization url	http://www.entando.com/	Low
Product	file	name	entando-k8s-operator-common	High
Product	Manifest	implementation-build	6.3.19	Low
Product	pom	parent-artifactid	entando-quarkus-parent	Medium
Product	pom	organization name	Entando Inc.	Low
Product	pom	groupid	entando	Highest
Product	pom	name	Entando K8S Operator Common Library	High
Product	pom	parent-groupid	org.entando	Medium
Product	pom	url	https://central.entando.com	Medium
Version	file	version	6.3.19	High
Version	Manifest	Implementation-Version	6.3.19	High
Version	Manifest	implementation-build	6.3.19	Low
Version	pom	parent-version	6.3.19	Low
Version	pom	version	6.3.19	Highest

Identifiers

pkg:maven/org.entando/entando-k8s-operator-common@6.3.19 (Confidence:High)
cpe:2.3:a:quarkus:quarkus:6.3.19:*:*:*:*:*:*:* (Confidence:Low)

failureaccess-1.0.1.jar

Description:

    Contains
    com.google.common.util.concurrent.internal.InternalFutureFailureAccess and
    InternalFutures. Most users will never need to use this artifact. Its
    classes is conceptually a part of Guava, but they're in this separate
    artifact so that Android libraries can use them without pulling in all of
    Guava (just as they can use ListenableFuture by depending on the
    listenablefuture artifact).

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/google/guava/failureaccess/1.0.1/failureaccess-1.0.1.jar
MD5: 091883993ef5bfa91da01dcc8fc52236
SHA1: 1dcf1de382a0bf95a3d8b0849546c88bac1292c9
SHA256:a171ee4c734dd2da837e4b16be9df4661afab72a41adaf31eb84dfdaf936ca26
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	google	Highest
Vendor	pom	parent-artifactid	guava-parent	Low
Vendor	jar	package name	common	Highest
Vendor	file	name	failureaccess	High
Vendor	pom	groupid	google.guava	Highest
Vendor	Manifest	bundle-symbolicname	com.google.guava.failureaccess	Medium
Vendor	pom	name	Guava InternalFutureFailureAccess and InternalFutures	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	artifactid	failureaccess	Low
Vendor	jar	package name	concurrent	Highest
Vendor	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Vendor	jar	package name	util	Highest
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	parent-groupid	com.google.guava	Medium
Product	jar	package name	google	Highest
Product	jar	package name	common	Highest
Product	Manifest	Bundle-Name	Guava InternalFutureFailureAccess and InternalFutures	Medium
Product	pom	artifactid	failureaccess	Highest
Product	file	name	failureaccess	High
Product	pom	groupid	google.guava	Highest
Product	Manifest	bundle-symbolicname	com.google.guava.failureaccess	Medium
Product	pom	parent-artifactid	guava-parent	Medium
Product	pom	name	Guava InternalFutureFailureAccess and InternalFutures	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	jar	package name	concurrent	Highest
Product	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Product	jar	package name	util	Highest
Product	pom	parent-groupid	com.google.guava	Medium
Version	file	version	1.0.1	High
Version	Manifest	Bundle-Version	1.0.1	High
Version	pom	version	1.0.1	Highest
Version	pom	parent-version	1.0.1	Low

Identifiers

pkg:maven/com.google.guava/failureaccess@1.0.1 (Confidence:High)

generex-1.0.2.jar

Description:

Generex A Java Library for regex to Strings generation

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/github/mifmif/generex/1.0.2/generex-1.0.2.jar
MD5: a832db42f9e1c4f76930f547f6f80998
SHA1: b378f873b4e8d7616c3d920e2132cb1c87679600
SHA256:8f8ce233c335e08e113a3f9579de1046fb19927e82468b1bbebcd6cba8760b81
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-url	https://github.com/mifmif/Generex/tree/master	Low
Vendor	jar	package name	generex	Highest
Vendor	pom	artifactid	generex	Low
Vendor	pom	groupid	com.github.mifmif	Highest
Vendor	pom	groupid	github.mifmif	Highest
Vendor	pom	name	Generex	High
Vendor	pom	url	mifmif/Generex/tree/master	Highest
Vendor	jar	package name	mifmif	Highest
Vendor	file	name	generex	High
Vendor	Manifest	Implementation-Vendor-Id	com.github.mifmif	Medium
Vendor	jar	package name	regex	Highest
Product	Manifest	implementation-url	https://github.com/mifmif/Generex/tree/master	Low
Product	jar	package name	generex	Highest
Product	pom	url	mifmif/Generex/tree/master	High
Product	pom	artifactid	generex	Highest
Product	pom	groupid	github.mifmif	Highest
Product	pom	name	Generex	High
Product	jar	package name	mifmif	Highest
Product	file	name	generex	High
Product	Manifest	Implementation-Title	Generex	High
Product	Manifest	specification-title	Generex	Medium
Product	jar	package name	regex	Highest
Version	file	version	1.0.2	High
Version	Manifest	Implementation-Version	1.0.2	High
Version	pom	version	1.0.2	Highest

Identifiers

pkg:maven/com.github.mifmif/generex@1.0.2 (Confidence:High)

graal-sdk-19.2.1.jar

Description:

GraalVM is an ecosystem for compiling and running applications written in multiple languages.
GraalVM removes the isolation between programming languages and enables interoperability in a shared runtime.

License:

Universal Permissive License, Version 1.0: http://opensource.org/licenses/UPL

File Path: /home/jenkins/.mvnrepository/org/graalvm/sdk/graal-sdk/19.2.1/graal-sdk-19.2.1.jar
MD5: 50bb82446477beea11bc03ae9107dcdb
SHA1: 50c9bf57f1a06d266c5ad7f36d9a17a870daa353
SHA256:b1d3b795be09ade065534e80c59a360d73da488e8183bbac97851e6c23b00100
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	graal-sdk	Low
Vendor	pom	name	Graal Sdk	High
Vendor	file	name	graal-sdk	High
Vendor	pom	groupid	graalvm.sdk	Highest
Vendor	jar	package name	graalvm	Highest
Vendor	pom	url	oracle/graal	Highest
Vendor	pom	groupid	org.graalvm.sdk	Highest
Vendor	jar	package name	graalvm	Low
Product	pom	artifactid	graal-sdk	Highest
Product	pom	name	Graal Sdk	High
Product	file	name	graal-sdk	High
Product	pom	groupid	graalvm.sdk	Highest
Product	jar	package name	graalvm	Highest
Product	pom	url	oracle/graal	High
Version	pom	version	19.2.1	Highest
Version	file	version	19.2.1	High

Identifiers

pkg:maven/org.graalvm.sdk/graal-sdk@19.2.1 (Confidence:High)

guava-30.1-jre.jar

Description:

    Guava is a suite of core and expanded libraries that include
    utility classes, Google's collections, I/O classes, and
    much more.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/google/guava/guava/30.1-jre/guava-30.1-jre.jar
MD5: 2f8966f27f06101a08083bfa9f9277e7
SHA1: 00d0c3ce2311c9e36e73228da25a6e99b2ab826f
SHA256:e6dd072f9d3fe02a4600688380bd422bdac184caf6fe2418cfdd0934f09432aa
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	google	Highest
Vendor	pom	parent-artifactid	guava-parent	Low
Vendor	jar	package name	common	Highest
Vendor	file	name	guava	High
Vendor	pom	groupid	google.guava	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	name	Guava: Google Core Libraries for Java	High
Vendor	pom	artifactid	guava	Low
Vendor	Manifest	automatic-module-name	com.google.common	Medium
Vendor	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Vendor	pom	groupid	com.google.guava	Highest
Vendor	Manifest	bundle-symbolicname	com.google.guava	Medium
Vendor	pom	parent-groupid	com.google.guava	Medium
Product	jar	package name	google	Highest
Product	jar	package name	common	Highest
Product	Manifest	Bundle-Name	Guava: Google Core Libraries for Java	Medium
Product	pom	artifactid	guava	Highest
Product	file	name	guava	High
Product	pom	groupid	google.guava	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-artifactid	guava-parent	Medium
Product	pom	name	Guava: Google Core Libraries for Java	High
Product	Manifest	automatic-module-name	com.google.common	Medium
Product	Manifest	bundle-docurl	https://github.com/google/guava/	Low
Product	Manifest	bundle-symbolicname	com.google.guava	Medium
Product	pom	parent-groupid	com.google.guava	Medium
Version	pom	version	30.1-jre	Highest

Identifiers

pkg:maven/com.google.guava/guava@30.1-jre (Confidence:High)
cpe:2.3:a:google:guava:30.1:*:*:*:*:*:*:* (Confidence:Highest)

hamcrest-core-1.3.jar

Description:

    This is the core API of hamcrest matcher framework to be used by third-party framework providers. This includes the a foundation set of matcher implementations for common operations.

File Path: /home/jenkins/.mvnrepository/org/hamcrest/hamcrest-core/1.3/hamcrest-core-1.3.jar
MD5: 6393363b47ddcbba82321110c3e07519
SHA1: 42a25dc3219429f0e5d060061f71acb49bf010a0
SHA256:66fdef91e9739348df7a096aa384a5685f4e875584cce89386a7a47251c4d8e9
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	hamcrest	Highest
Vendor	file	name	hamcrest-core	High
Vendor	pom	groupid	hamcrest	Highest
Vendor	pom	parent-artifactid	hamcrest-parent	Low
Vendor	Manifest	Implementation-Vendor	hamcrest.org	High
Vendor	jar	package name	core	Highest
Vendor	pom	groupid	org.hamcrest	Highest
Vendor	jar	package name	matcher	Highest
Vendor	pom	artifactid	hamcrest-core	Low
Vendor	Manifest	built-date	2012-07-09 19:49:34	Low
Vendor	pom	parent-groupid	org.hamcrest	Medium
Vendor	pom	name	Hamcrest Core	High
Product	jar	package name	core	Highest
Product	jar	package name	hamcrest	Highest
Product	jar	package name	matcher	Highest
Product	file	name	hamcrest-core	High
Product	pom	parent-artifactid	hamcrest-parent	Medium
Product	Manifest	Implementation-Title	hamcrest-core	High
Product	Manifest	built-date	2012-07-09 19:49:34	Low
Product	pom	artifactid	hamcrest-core	Highest
Product	pom	parent-groupid	org.hamcrest	Medium
Product	pom	groupid	hamcrest	Highest
Product	pom	name	Hamcrest Core	High
Version	pom	version	1.3	Highest
Version	file	version	1.3	High
Version	Manifest	Implementation-Version	1.3	High

Identifiers

pkg:maven/org.hamcrest/hamcrest-core@1.3 (Confidence:High)

httpclient-4.5.13.jar

Description:

   Apache HttpComponents Client

File Path: /home/jenkins/.mvnrepository/org/apache/httpcomponents/httpclient/4.5.13/httpclient-4.5.13.jar
MD5: 40d6b9075fbd28fa10292a45a0db9457
SHA1: e5f6cae5ca7ecaac1ec2827a9e2d65ae2869cada
SHA256:6fe9026a566c6a5001608cf3fc32196641f6c1e5e1986d1037ccdbd5f31ef743
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.apache.httpcomponents	Medium
Vendor	file	name	httpclient	High
Vendor	pom	groupid	org.apache.httpcomponents	Highest
Vendor	pom	url	http://hc.apache.org/httpcomponents-client	Highest
Vendor	pom	name	Apache HttpClient	High
Vendor	jar	package name	client	Highest
Vendor	jar	package name	httpclient	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.apache.httpcomponents	Medium
Vendor	pom	groupid	apache.httpcomponents	Highest
Vendor	Manifest	automatic-module-name	org.apache.httpcomponents.httpclient	Medium
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	pom	artifactid	httpclient	Low
Vendor	jar	package name	apache	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	pom	parent-artifactid	httpcomponents-client	Low
Vendor	Manifest	implementation-url	http://hc.apache.org/httpcomponents-client	Low
Product	pom	parent-groupid	org.apache.httpcomponents	Medium
Product	pom	parent-artifactid	httpcomponents-client	Medium
Product	file	name	httpclient	High
Product	pom	name	Apache HttpClient	High
Product	jar	package name	client	Highest
Product	jar	package name	httpclient	Highest
Product	pom	url	http://hc.apache.org/httpcomponents-client	Medium
Product	pom	groupid	apache.httpcomponents	Highest
Product	Manifest	Implementation-Title	Apache HttpClient	High
Product	Manifest	automatic-module-name	org.apache.httpcomponents.httpclient	Medium
Product	Manifest	specification-title	Apache HttpClient	Medium
Product	jar	package name	apache	Highest
Product	jar	package name	http	Highest
Product	Manifest	implementation-url	http://hc.apache.org/httpcomponents-client	Low
Product	pom	artifactid	httpclient	Highest
Version	file	version	4.5.13	High
Version	Manifest	Implementation-Version	4.5.13	High
Version	pom	version	4.5.13	Highest

Identifiers

pkg:maven/org.apache.httpcomponents/httpclient@4.5.13 (Confidence:High)
cpe:2.3:a:apache:httpclient:4.5.13:*:*:*:*:*:*:* (Confidence:Highest)

httpcore-4.4.13.jar

Description:

   Apache HttpComponents Core (blocking I/O)

File Path: /home/jenkins/.mvnrepository/org/apache/httpcomponents/httpcore/4.4.13/httpcore-4.4.13.jar
MD5: e07a248f61c52776a2366c075dcd4963
SHA1: 853b96d3afbb7bf8cc303fe27ee96836a10c1834
SHA256:e06e89d40943245fcfa39ec537cdbfce3762aecde8f9c597780d2b00c2b43424
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.apache.httpcomponents	Medium
Vendor	pom	groupid	org.apache.httpcomponents	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.apache	Medium
Vendor	file	name	httpcore	High
Vendor	pom	parent-artifactid	httpcomponents-core	Low
Vendor	Manifest	implementation-build	${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000	Low
Vendor	pom	groupid	apache.httpcomponents	Highest
Vendor	Manifest	url	http://hc.apache.org/httpcomponents-core-ga	Low
Vendor	Manifest	automatic-module-name	org.apache.httpcomponents.httpcore	Medium
Vendor	pom	artifactid	httpcore	Low
Vendor	pom	name	Apache HttpCore	High
Vendor	Manifest	Implementation-Vendor	The Apache Software Foundation	High
Vendor	jar	package name	apache	Highest
Vendor	Manifest	specification-vendor	The Apache Software Foundation	Low
Vendor	Manifest	implementation-url	http://hc.apache.org/httpcomponents-core-ga	Low
Vendor	pom	url	http://hc.apache.org/httpcomponents-core-ga	Highest
Product	pom	parent-groupid	org.apache.httpcomponents	Medium
Product	pom	artifactid	httpcore	Highest
Product	pom	parent-artifactid	httpcomponents-core	Medium
Product	file	name	httpcore	High
Product	Manifest	specification-title	HttpComponents Apache HttpCore	Medium
Product	Manifest	Implementation-Title	HttpComponents Apache HttpCore	High
Product	Manifest	implementation-build	${scmBranch}@r${buildNumber}; 2020-01-09 12:56:55+0000	Low
Product	pom	url	http://hc.apache.org/httpcomponents-core-ga	Medium
Product	pom	groupid	apache.httpcomponents	Highest
Product	Manifest	url	http://hc.apache.org/httpcomponents-core-ga	Low
Product	Manifest	automatic-module-name	org.apache.httpcomponents.httpcore	Medium
Product	pom	name	Apache HttpCore	High
Product	jar	package name	apache	Highest
Product	jar	package name	http	Highest
Product	Manifest	implementation-url	http://hc.apache.org/httpcomponents-core-ga	Low
Version	Manifest	Implementation-Version	4.4.13	High
Version	pom	version	4.4.13	Highest
Version	file	version	4.4.13	High

Identifiers

pkg:maven/org.apache.httpcomponents/httpcore@4.4.13 (Confidence:High)

istack-commons-runtime-3.0.10.jar

Description:

istack common utility code

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/jenkins/.mvnrepository/com/sun/istack/istack-commons-runtime/3.0.10/istack-commons-runtime-3.0.10.jar
MD5: 05660669c45f5bb65cece45bf01d92bc
SHA1: be8418d9a1c91d8569045e82e8ad73cadbaa1f0d
SHA256:85239e7fff2463b7d8a9c3962f78ee3e2c6db9455c724f29281e2c5f663e22be
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	Manifest	bundle-symbolicname	com.sun.istack.commons-runtime	Medium
Vendor	Manifest	Implementation-Vendor-Id	com.sun.istack	Medium
Vendor	pom	name	istack common utility code runtime	High
Vendor	Manifest	implementation-build-id	3.0.10 - 3.0.10-RELEASE-0b1ac0c, 2019-10-15T09:41:41+0000	Low
Vendor	file	name	istack-commons-runtime	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	parent-artifactid	istack-commons	Low
Vendor	jar	package name	istack	Highest
Vendor	Manifest	multi-release	true	Low
Vendor	jar	package name	com	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	pom	groupid	com.sun.istack	Highest
Vendor	pom	artifactid	istack-commons-runtime	Low
Vendor	pom	parent-groupid	com.sun.istack	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	groupid	sun.istack	Highest
Product	jar	package name	sun	Highest
Product	Manifest	bundle-symbolicname	com.sun.istack.commons-runtime	Medium
Product	pom	artifactid	istack-commons-runtime	Highest
Product	pom	name	istack common utility code runtime	High
Product	Manifest	implementation-build-id	3.0.10 - 3.0.10-RELEASE-0b1ac0c, 2019-10-15T09:41:41+0000	Low
Product	file	name	istack-commons-runtime	High
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	jar	package name	istack	Highest
Product	Manifest	multi-release	true	Low
Product	pom	parent-artifactid	istack-commons	Medium
Product	jar	package name	com	Highest
Product	pom	parent-groupid	com.sun.istack	Medium
Product	Manifest	Bundle-Name	istack common utility code runtime	Medium
Product	pom	groupid	sun.istack	Highest
Version	pom	version	3.0.10	Highest
Version	Manifest	Bundle-Version	3.0.10	High
Version	file	version	3.0.10	High
Version	Manifest	implementation-build-id	3.0.10	Low

Identifiers

pkg:maven/com.sun.istack/istack-commons-runtime@3.0.10 (Confidence:High)

jackson-annotations-2.12.0.jar

Description:

Core annotations used for value types, used by Jackson data binding package.

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/core/jackson-annotations/2.12.0/jackson-annotations-2.12.0.jar
MD5: 50c38b5f97ef7804e13a754e30d0287b
SHA1: a27bf93ec3eb19801226514f5d038c6deaf46001
SHA256:c28fbe62e7be1e29df75953fa8a887ff875d4482291fbfddb1aec5c91191ecda
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	fasterxml.jackson.core	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	name	Jackson-annotations	High
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	pom	artifactid	jackson-annotations	Low
Vendor	pom	parent-artifactid	jackson-parent	Low
Vendor	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	implementation-build-date	2020-11-29 00:36:26+0000	Low
Vendor	jar	package name	jackson	Highest
Vendor	pom	url	http://github.com/FasterXML/jackson	Highest
Vendor	file	name	jackson-annotations	High
Product	pom	groupid	fasterxml.jackson.core	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	name	Jackson-annotations	High
Product	pom	url	http://github.com/FasterXML/jackson	Medium
Product	pom	artifactid	jackson-annotations	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	Manifest	Bundle-Name	Jackson-annotations	Medium
Product	pom	parent-artifactid	jackson-parent	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-annotations	Medium
Product	jar	package name	fasterxml	Highest
Product	Manifest	specification-title	Jackson-annotations	Medium
Product	Manifest	implementation-build-date	2020-11-29 00:36:26+0000	Low
Product	jar	package name	jackson	Highest
Product	Manifest	Implementation-Title	Jackson-annotations	High
Product	file	name	jackson-annotations	High
Version	pom	parent-version	2.12.0	Low
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-annotations@2.12.0 (Confidence:High)

jackson-core-2.12.0.jar

Description:

Core Jackson processing abstractions (aka Streaming API), implementation for JSON

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/core/jackson-core/2.12.0/jackson-core-2.12.0.jar
MD5: 3b84a0bc3fa2662bdd68d0296e99b619
SHA1: afe52c6947d9939170da7989612cef544115511a
SHA256:8acab5ef6e4f332bbb331b3fcd24d716598770d13a47e7215aa5ee625d1fd9c9
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	fasterxml.jackson.core	Highest
Vendor	pom	name	Jackson-core	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	artifactid	jackson-core	Low
Vendor	Manifest	implementation-build-date	2020-11-29 00:56:07+0000	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	url	FasterXML/jackson-core	Highest
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	jar	package name	core	Highest
Vendor	jar	package name	base	Highest
Vendor	jar	package name	json	Highest
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	file	name	jackson-core	High
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	jar	package name	jackson	Highest
Product	pom	groupid	fasterxml.jackson.core	Highest
Product	pom	name	Jackson-core	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	pom	parent-artifactid	jackson-base	Medium
Product	Manifest	implementation-build-date	2020-11-29 00:56:07+0000	Low
Product	Manifest	Implementation-Title	Jackson-core	High
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-core	Low
Product	Manifest	build-jdk-spec	1.8	Low
Product	jar	package name	version	Highest
Product	pom	artifactid	jackson-core	Highest
Product	jar	package name	core	Highest
Product	jar	package name	json	Highest
Product	jar	package name	base	Highest
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-core	Medium
Product	Manifest	specification-title	Jackson-core	Medium
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	file	name	jackson-core	High
Product	jar	package name	fasterxml	Highest
Product	jar	package name	filter	Highest
Product	pom	url	FasterXML/jackson-core	High
Product	jar	package name	jackson	Highest
Product	Manifest	Bundle-Name	Jackson-core	Medium
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-core@2.12.0 (Confidence:High)

jackson-coreutils-1.6.jar

Description:

null

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/com/github/fge/jackson-coreutils/1.6/jackson-coreutils-1.6.jar
MD5: 26a6b351813e2895cba18e0ee4abe5b7
SHA1: 9e6af56eb7cc2a65700b289abc7ee2bd170fd231
SHA256:d84b416924fb061a26c48a5c90e98cf4d4e718179eb1df702aa8f1021163eed6
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	fge	Highest
Vendor	pom	name	null	High
Vendor	jar	package name	github	Highest
Vendor	pom	groupid	com.github.fge	Highest
Vendor	pom	artifactid	jackson-coreutils	Low
Vendor	pom	url	fge/jackson-coreutils	Highest
Vendor	Manifest	bundle-symbolicname	com.github.fge.jackson-coreutils	Medium
Vendor	file	name	jackson-coreutils	High
Vendor	jar	package name	jackson	Highest
Vendor	pom	groupid	github.fge	Highest
Product	Manifest	Bundle-Name	jackson-coreutils	Medium
Product	jar	package name	fge	Highest
Product	pom	name	null	High
Product	jar	package name	github	Highest
Product	pom	url	fge/jackson-coreutils	High
Product	pom	artifactid	jackson-coreutils	Highest
Product	Manifest	bundle-symbolicname	com.github.fge.jackson-coreutils	Medium
Product	file	name	jackson-coreutils	High
Product	jar	package name	jackson	Highest
Product	pom	groupid	github.fge	Highest
Version	file	version	1.6	High
Version	pom	version	1.6	Highest
Version	Manifest	Bundle-Version	1.6	High

Identifiers

pkg:maven/com.github.fge/jackson-coreutils@1.6 (Confidence:High)

jackson-databind-2.12.0.jar

Description:

General data-binding functionality for Jackson: works on core streaming API

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/core/jackson-databind/2.12.0/jackson-databind-2.12.0.jar
MD5: 577d6c6a6154dd324b1058fc7791830c
SHA1: ea6945874602654e5b265a570547ceb3423168be
SHA256:75d470eda0dd559e43f2ad08209fa09ecd268833492ba93fa46f6f3607acbab7
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	fasterxml.jackson.core	Highest
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	file	name	jackson-databind	High
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.core	Medium
Vendor	pom	parent-artifactid	jackson-base	Low
Vendor	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson	Medium
Vendor	pom	artifactid	jackson-databind	Low
Vendor	jar	package name	databind	Highest
Vendor	pom	name	jackson-databind	High
Vendor	pom	groupid	com.fasterxml.jackson.core	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	implementation-build-date	2020-11-29 01:16:17+0000	Low
Vendor	jar	package name	jackson	Highest
Vendor	pom	url	http://github.com/FasterXML/jackson	Highest
Product	pom	artifactid	jackson-databind	Highest
Product	pom	groupid	fasterxml.jackson.core	Highest
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.core.jackson-databind	Medium
Product	pom	parent-artifactid	jackson-base	Medium
Product	Manifest	Implementation-Title	jackson-databind	High
Product	Manifest	specification-title	jackson-databind	Medium
Product	file	name	jackson-databind	High
Product	pom	url	http://github.com/FasterXML/jackson	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	http://github.com/FasterXML/jackson	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	pom	parent-groupid	com.fasterxml.jackson	Medium
Product	jar	package name	databind	Highest
Product	pom	name	jackson-databind	High
Product	jar	package name	fasterxml	Highest
Product	Manifest	Bundle-Name	jackson-databind	Medium
Product	Manifest	implementation-build-date	2020-11-29 01:16:17+0000	Low
Product	jar	package name	jackson	Highest
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.core/jackson-databind@2.12.0 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-databind:2.12.0:*:*:*:*:*:*:* (Confidence:Highest)

jackson-dataformat-yaml-2.12.0.jar

Description:

Support for reading and writing YAML-encoded data via Jackson abstractions.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/dataformat/jackson-dataformat-yaml/2.12.0/jackson-dataformat-yaml-2.12.0.jar
MD5: f59a38149e56494c78f3c54641fc7fba
SHA1: 81abad4675f31e55b0c5144c8fe72e9a55a18809
SHA256:b7b3b50d3de97b2836a3e97a45adf2e67ed630720ad415bfbbd6a830a6013a55
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-dataformats-text	Low
Vendor	jar	package name	yaml	Highest
Vendor	pom	groupid	com.fasterxml.jackson.dataformat	Highest
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.dataformat.jackson-dataformat-yaml	Medium
Vendor	file	name	jackson-dataformat-yaml	High
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	Manifest	implementation-build-date	2020-11-29 02:59:31+0000	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson.dataformat	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	url	FasterXML/jackson-dataformats-text	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	groupid	fasterxml.jackson.dataformat	Highest
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	name	Jackson-dataformat-YAML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.dataformat	Medium
Vendor	pom	artifactid	jackson-dataformat-yaml	Low
Vendor	pom	parent-artifactid	jackson-dataformats-text	Low
Vendor	jar	package name	jackson	Highest
Vendor	jar	package name	dataformat	Highest
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-dataformats-text	Low
Product	jar	package name	yaml	Highest
Product	Manifest	Bundle-Name	Jackson-dataformat-YAML	Medium
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.dataformat.jackson-dataformat-yaml	Medium
Product	Manifest	specification-title	Jackson-dataformat-YAML	Medium
Product	file	name	jackson-dataformat-yaml	High
Product	Manifest	implementation-build-date	2020-11-29 02:59:31+0000	Low
Product	pom	parent-groupid	com.fasterxml.jackson.dataformat	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Jackson-dataformat-YAML	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	pom	parent-artifactid	jackson-dataformats-text	Medium
Product	pom	groupid	fasterxml.jackson.dataformat	Highest
Product	jar	package name	fasterxml	Highest
Product	pom	name	Jackson-dataformat-YAML	High
Product	pom	url	FasterXML/jackson-dataformats-text	High
Product	pom	artifactid	jackson-dataformat-yaml	Highest
Product	jar	package name	jackson	Highest
Product	jar	package name	dataformat	Highest
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.dataformat/jackson-dataformat-yaml@2.12.0 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-dataformat-xml:2.12.0:*:*:*:*:*:*:* (Confidence:Highest)

jackson-datatype-jdk8-2.12.0.jar

Description:

Add-on module for Jackson (http://jackson.codehaus.org) to support
JDK 8 data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/datatype/jackson-datatype-jdk8/2.12.0/jackson-datatype-jdk8-2.12.0.jar
MD5: 62ba3e075c99281089a467014a3b880a
SHA1: 9d8a9a6dc82d4c6ff2ffac5ae2de8c2d796779ca
SHA256:85415e0b6ab116dcc7b394abe50a315997e514d3e2f9c17a15be41db1b503816
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	jackson-modules-java8	Low
Vendor	Manifest	implementation-build-date	2020-11-29 01:33:30+0000	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.datatype	Medium
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.datatype.jackson-datatype-jdk8	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	groupid	com.fasterxml.jackson.datatype	Highest
Vendor	jar	package name	jdk8	Highest
Vendor	pom	artifactid	jackson-datatype-jdk8	Low
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8	Low
Vendor	jar	package name	datatype	Highest
Vendor	pom	groupid	fasterxml.jackson.datatype	Highest
Vendor	pom	name	Jackson datatype: jdk8	High
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Vendor	file	name	jackson-datatype-jdk8	High
Vendor	jar	package name	jackson	Highest
Product	Manifest	implementation-build-date	2020-11-29 01:33:30+0000	Low
Product	Manifest	Implementation-Title	Jackson datatype: jdk8	High
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.datatype.jackson-datatype-jdk8	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-artifactid	jackson-modules-java8	Medium
Product	jar	package name	jdk8	Highest
Product	pom	artifactid	jackson-datatype-jdk8	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jdk8	Low
Product	Manifest	Bundle-Name	Jackson datatype: jdk8	Medium
Product	jar	package name	datatype	Highest
Product	pom	groupid	fasterxml.jackson.datatype	Highest
Product	pom	name	Jackson datatype: jdk8	High
Product	jar	package name	fasterxml	Highest
Product	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Product	Manifest	specification-title	Jackson datatype: jdk8	Medium
Product	file	name	jackson-datatype-jdk8	High
Product	jar	package name	jackson	Highest
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jdk8@2.12.0 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.0:*:*:*:*:*:*:* (Confidence:Low)

jackson-datatype-jsr310-2.12.0.jar

Description:

Add-on module to support JSR-310 (Java 8 Date & Time API) data types.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/datatype/jackson-datatype-jsr310/2.12.0/jackson-datatype-jsr310-2.12.0.jar
MD5: c78d5e5114aee271f75289d8e85f9811
SHA1: d4f8bbe668a1a4e649fe0706253bad6f3a44e005
SHA256:0e9b40b7b59a750437ca7272bf0070fb4e3430647454202ef6bc10c0406de185
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	jackson-modules-java8	Low
Vendor	Manifest	implementation-build-date	2020-11-29 01:33:30+0000	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.datatype	Medium
Vendor	jar	package name	jsr310	Highest
Vendor	file	name	jackson-datatype-jsr310	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	groupid	com.fasterxml.jackson.datatype	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.datatype.jackson-datatype-jsr310	Medium
Vendor	pom	name	Jackson datatype: JSR310	High
Vendor	jar	package name	datatype	Highest
Vendor	pom	groupid	fasterxml.jackson.datatype	Highest
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310	Low
Vendor	pom	artifactid	jackson-datatype-jsr310	Low
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Vendor	jar	package name	jackson	Highest
Product	pom	artifactid	jackson-datatype-jsr310	Highest
Product	Manifest	implementation-build-date	2020-11-29 01:33:30+0000	Low
Product	jar	package name	jsr310	Highest
Product	Manifest	Implementation-Title	Jackson datatype: JSR310	High
Product	file	name	jackson-datatype-jsr310	High
Product	Manifest	specification-title	Jackson datatype: JSR310	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-artifactid	jackson-modules-java8	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.datatype.jackson-datatype-jsr310	Medium
Product	pom	name	Jackson datatype: JSR310	High
Product	jar	package name	datatype	Highest
Product	pom	groupid	fasterxml.jackson.datatype	Highest
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-java8/jackson-datatype-jsr310	Low
Product	jar	package name	fasterxml	Highest
Product	Manifest	Bundle-Name	Jackson datatype: JSR310	Medium
Product	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Product	jar	package name	jackson	Highest
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.datatype/jackson-datatype-jsr310@2.12.0 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.0:*:*:*:*:*:*:* (Confidence:Low)

jackson-jaxrs-base-2.12.0.jar

Description:

Pile of code that is shared by all Jackson-based JAX-RS
providers.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-base/2.12.0/jackson-jaxrs-base-2.12.0.jar
MD5: ee48bbd1440193b2f9c99e529fa1dd1d
SHA1: 948eca90387a2a1817224c060567cdfa32addea5
SHA256:9f524c13234447cf4ccb2708dfb8337fb6bacb918307047ca7aa9f226d6e8e5f
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jackson-jaxrs-base	High
Vendor	pom	groupid	fasterxml.jackson.jaxrs	Highest
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-base	Medium
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Vendor	pom	groupid	com.fasterxml.jackson.jaxrs	Highest
Vendor	Manifest	implementation-build-date	2020-11-29 03:31:30+0000	Low
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	multi-release	true	Low
Vendor	pom	artifactid	jackson-jaxrs-base	Low
Vendor	jar	package name	jaxrs	Highest
Vendor	jar	package name	base	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	parent-artifactid	jackson-jaxrs-providers	Low
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.jaxrs	Medium
Vendor	jar	package name	jackson	Highest
Vendor	Manifest	bundle-docurl	http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base	Low
Vendor	pom	name	Jackson-JAXRS-base	High
Product	file	name	jackson-jaxrs-base	High
Product	pom	artifactid	jackson-jaxrs-base	Highest
Product	Manifest	specification-title	Jackson-JAXRS-base	Medium
Product	jar	package name	11	Highest
Product	pom	groupid	fasterxml.jackson.jaxrs	Highest
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-base	Medium
Product	Manifest	Bundle-Name	Jackson-JAXRS-base	Medium
Product	Manifest	Implementation-Title	Jackson-JAXRS-base	High
Product	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Product	pom	parent-artifactid	jackson-jaxrs-providers	Medium
Product	Manifest	implementation-build-date	2020-11-29 03:31:30+0000	Low
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	multi-release	true	Low
Product	jar	package name	jaxrs	Highest
Product	jar	package name	base	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jackson	Highest
Product	Manifest	bundle-docurl	http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-base	Low
Product	pom	name	Jackson-JAXRS-base	High
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-base@2.12.0 (Confidence:High)

jackson-jaxrs-json-provider-2.12.0.jar

Description:

Functionality to handle JSON input/output for JAX-RS implementations (like Jersey and RESTeasy) using standard Jackson data binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/jaxrs/jackson-jaxrs-json-provider/2.12.0/jackson-jaxrs-json-provider-2.12.0.jar
MD5: acb353422ac6cb1aa387c07c387ed810
SHA1: 5d0bbbb238b2fa0b7797c9528942fc1b58b281e0
SHA256:7bcf0f909304403ff08f2373a0a1ebe0a80d4db5d0e702ed388074a3887d23e1
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider	Medium
Vendor	pom	groupid	fasterxml.jackson.jaxrs	Highest
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	file	name	jackson-jaxrs-json-provider	High
Vendor	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Vendor	pom	groupid	com.fasterxml.jackson.jaxrs	Highest
Vendor	Manifest	implementation-build-date	2020-11-29 03:31:30+0000	Low
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	name	Jackson-JAXRS-JSON	High
Vendor	Manifest	multi-release	true	Low
Vendor	jar	package name	jaxrs	Highest
Vendor	jar	package name	json	Highest
Vendor	Manifest	bundle-docurl	http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	parent-artifactid	jackson-jaxrs-providers	Low
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	artifactid	jackson-jaxrs-json-provider	Low
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.jaxrs	Medium
Vendor	jar	package name	jackson	Highest
Product	jar	package name	11	Highest
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.jaxrs.jackson-jaxrs-json-provider	Medium
Product	pom	groupid	fasterxml.jackson.jaxrs	Highest
Product	file	name	jackson-jaxrs-json-provider	High
Product	pom	parent-groupid	com.fasterxml.jackson.jaxrs	Medium
Product	pom	parent-artifactid	jackson-jaxrs-providers	Medium
Product	Manifest	implementation-build-date	2020-11-29 03:31:30+0000	Low
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	name	Jackson-JAXRS-JSON	High
Product	Manifest	multi-release	true	Low
Product	jar	package name	jaxrs	Highest
Product	jar	package name	json	Highest
Product	Manifest	bundle-docurl	http://github.com/FasterXML/jackson-jaxrs-providers/jackson-jaxrs-json-provider	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	Manifest	Bundle-Name	Jackson-JAXRS-JSON	Medium
Product	jar	package name	fasterxml	Highest
Product	Manifest	specification-title	Jackson-JAXRS-JSON	Medium
Product	Manifest	Implementation-Title	Jackson-JAXRS-JSON	High
Product	jar	package name	jackson	Highest
Product	pom	artifactid	jackson-jaxrs-json-provider	Highest
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.jaxrs/jackson-jaxrs-json-provider@2.12.0 (Confidence:High)

jackson-module-jaxb-annotations-2.12.0.jar

Description:

Support for using JAXB annotations as an alternative to "native" Jackson annotations, for configuring
data-binding.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/module/jackson-module-jaxb-annotations/2.12.0/jackson-module-jaxb-annotations-2.12.0.jar
MD5: 4426b65bf95ebddd205f7d2665b76256
SHA1: 0b660a3fde161ad68c996725951e2cec9cf04667
SHA256:e1d9dd87cc79811cd0d95e264e186b41c07a9d1c9ae1c572f313d520b98ef431
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	fasterxml.jackson.module	Highest
Vendor	file	name	jackson-module-jaxb-annotations	High
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	url	FasterXML/jackson-modules-base	Highest
Vendor	pom	groupid	com.fasterxml.jackson.module	Highest
Vendor	pom	name	Jackson module: JAXB Annotations	High
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	parent-artifactid	jackson-modules-base	Low
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	jar	package name	module	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.module	Medium
Vendor	pom	artifactid	jackson-module-jaxb-annotations	Low
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	jar	package name	jaxb	Highest
Vendor	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-base	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-jaxb-annotations	Medium
Vendor	Manifest	implementation-build-date	2020-11-29 01:30:09+0000	Low
Vendor	jar	package name	jackson	Highest
Product	pom	groupid	fasterxml.jackson.module	Highest
Product	jar	package name	11	Highest
Product	pom	parent-artifactid	jackson-modules-base	Medium
Product	file	name	jackson-module-jaxb-annotations	High
Product	Manifest	Bundle-Name	Jackson module: JAXB Annotations	Medium
Product	pom	name	Jackson module: JAXB Annotations	High
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	multi-release	true	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	jar	package name	module	Highest
Product	jar	package name	fasterxml	Highest
Product	jar	package name	jaxb	Highest
Product	Manifest	Implementation-Title	Jackson module: JAXB Annotations	High
Product	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-base	Low
Product	pom	artifactid	jackson-module-jaxb-annotations	Highest
Product	pom	url	FasterXML/jackson-modules-base	High
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-jaxb-annotations	Medium
Product	Manifest	specification-title	Jackson module: JAXB Annotations	Medium
Product	Manifest	implementation-build-date	2020-11-29 01:30:09+0000	Low
Product	jar	package name	jackson	Highest
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.module/jackson-module-jaxb-annotations@2.12.0 (Confidence:High)

jackson-module-parameter-names-2.12.0.jar

Description:

Add-on module for Jackson (http://jackson.codehaus.org) to support
introspection of method/constructor parameter names, without having to add explicit property name annotation.

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/fasterxml/jackson/module/jackson-module-parameter-names/2.12.0/jackson-module-parameter-names-2.12.0.jar
MD5: 0de9b6558503ef0e058598d536d32750
SHA1: 74c03facb49f7ccd0d5e0b5058f84ca66048ad5c
SHA256:345379d4d98f9907fc634290e43532ef4121f6b6fdea428aefd2118ba0182894
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	fasterxml.jackson.module	Highest
Vendor	pom	artifactid	jackson-module-parameter-names	Low
Vendor	pom	parent-artifactid	jackson-modules-java8	Low
Vendor	pom	name	Jackson-module-parameter-names	High
Vendor	Manifest	implementation-build-date	2020-11-29 01:33:30+0000	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	FasterXML	Low
Vendor	pom	groupid	com.fasterxml.jackson.module	Highest
Vendor	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names	Low
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-parameter-names	Medium
Vendor	file	name	jackson-module-parameter-names	High
Vendor	jar	package name	module	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.fasterxml.jackson.module	Medium
Vendor	jar	package name	fasterxml	Highest
Vendor	Manifest	Implementation-Vendor	FasterXML	High
Vendor	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Vendor	jar	package name	jackson	Highest
Product	pom	groupid	fasterxml.jackson.module	Highest
Product	pom	name	Jackson-module-parameter-names	High
Product	Manifest	implementation-build-date	2020-11-29 01:33:30+0000	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	parent-artifactid	jackson-modules-java8	Medium
Product	Manifest	Implementation-Title	Jackson-module-parameter-names	High
Product	Manifest	bundle-docurl	https://github.com/FasterXML/jackson-modules-java8/jackson-module-parameter-names	Low
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	bundle-symbolicname	com.fasterxml.jackson.module.jackson-module-parameter-names	Medium
Product	Manifest	specification-title	Jackson-module-parameter-names	Medium
Product	file	name	jackson-module-parameter-names	High
Product	jar	package name	module	Highest
Product	jar	package name	fasterxml	Highest
Product	pom	parent-groupid	com.fasterxml.jackson.module	Medium
Product	Manifest	Bundle-Name	Jackson-module-parameter-names	Medium
Product	pom	artifactid	jackson-module-parameter-names	Highest
Product	jar	package name	jackson	Highest
Version	pom	version	2.12.0	Highest
Version	Manifest	Bundle-Version	2.12.0	High
Version	file	version	2.12.0	High
Version	Manifest	Implementation-Version	2.12.0	High

Identifiers

pkg:maven/com.fasterxml.jackson.module/jackson-module-parameter-names@2.12.0 (Confidence:High)
cpe:2.3:a:fasterxml:jackson-modules-java8:2.12.0:*:*:*:*:*:*:* (Confidence:Low)

jakarta.activation-1.2.1.jar

Description:

JavaBeans Activation Framework

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/jenkins/.mvnrepository/com/sun/activation/jakarta.activation/1.2.1/jakarta.activation-1.2.1.jar
MD5: dc519b1f09bbaf9274ea5da358a00110
SHA1: 8013606426a73d8ba6b568370877251e91a38b89
SHA256:d84d4ba8b55cdb7fdcbb885e6939386367433f56f5ab8cfdc302a7c3587fa92b
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	sun.activation	Highest
Vendor	pom	groupid	com.sun.activation	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	pom	parent-artifactid	all	Low
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	pom	artifactid	jakarta.activation	Low
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	pom	name	JavaBeans Activation Framework	High
Vendor	Manifest	automatic-module-name	jakarta.activation	Medium
Vendor	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Vendor	jar (hint)	package name	oracle	Highest
Vendor	file	name	jakarta.activation	High
Vendor	jar	package name	activation	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	parent-groupid	com.sun.activation	Medium
Product	jar	package name	sun	Highest
Product	pom	groupid	sun.activation	Highest
Product	pom	artifactid	jakarta.activation	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	Bundle-Name	JavaBeans Activation Framework	Medium
Product	Manifest	extension-name	jakarta.activation	Medium
Product	pom	name	JavaBeans Activation Framework	High
Product	Manifest	Implementation-Title	javax.activation	High
Product	Manifest	specification-title	JavaBeans(TM) Activation Framework Specification	Medium
Product	Manifest	automatic-module-name	jakarta.activation	Medium
Product	Manifest	bundle-symbolicname	com.sun.activation.jakarta.activation	Medium
Product	jar	package name	javax	Highest
Product	file	name	jakarta.activation	High
Product	jar	package name	activation	Highest
Product	pom	parent-groupid	com.sun.activation	Medium
Product	pom	parent-artifactid	all	Medium
Version	pom	version	1.2.1	Highest
Version	Manifest	Bundle-Version	1.2.1	High
Version	file	version	1.2.1	High
Version	Manifest	Implementation-Version	1.2.1	High

Identifiers

pkg:maven/com.sun.activation/jakarta.activation@1.2.1 (Confidence:High)

jakarta.activation-api-1.2.1.jar

Description:

JavaBeans Activation Framework API jar

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/jenkins/.mvnrepository/jakarta/activation/jakarta.activation-api/1.2.1/jakarta.activation-api-1.2.1.jar
MD5: 9b647398add993324d3d9e5effa6005a
SHA1: 562a587face36ec7eff2db7f2fc95425c6602bc1
SHA256:8b0a0f52fa8b05c5431921a063ed866efaa41dadf2e3a7ee3e1961f2b0d9645b
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	pom	parent-artifactid	all	Low
Vendor	file	name	jakarta.activation-api	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	extension-name	jakarta.activation	Medium
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Vendor	pom	name	JavaBeans Activation Framework API jar	High
Vendor	Manifest	automatic-module-name	jakarta.activation	Medium
Vendor	pom	artifactid	jakarta.activation-api	Low
Vendor	pom	groupid	jakarta.activation	Highest
Vendor	jar	package name	activation	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	parent-groupid	com.sun.activation	Medium
Product	file	name	jakarta.activation-api	High
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	extension-name	jakarta.activation	Medium
Product	Manifest	bundle-symbolicname	jakarta.activation-api	Medium
Product	pom	name	JavaBeans Activation Framework API jar	High
Product	Manifest	specification-title	jakarta.activation.jakarta.activation-api	Medium
Product	Manifest	Implementation-Title	jakarta.activation.jakarta.activation-api	High
Product	Manifest	automatic-module-name	jakarta.activation	Medium
Product	Manifest	Bundle-Name	JavaBeans Activation Framework API jar	Medium
Product	jar	package name	activation	Highest
Product	pom	groupid	jakarta.activation	Highest
Product	pom	parent-groupid	com.sun.activation	Medium
Product	pom	artifactid	jakarta.activation-api	Highest
Product	pom	parent-artifactid	all	Medium
Version	pom	version	1.2.1	Highest
Version	Manifest	Bundle-Version	1.2.1	High
Version	file	version	1.2.1	High
Version	Manifest	Implementation-Version	1.2.1	High

Identifiers

pkg:maven/jakarta.activation/jakarta.activation-api@1.2.1 (Confidence:High)

jakarta.annotation-api-1.3.5.jar

Description:

Jakarta Annotations API

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/jenkins/.mvnrepository/jakarta/annotation/jakarta.annotation-api/1.3.5/jakarta.annotation-api-1.3.5.jar
MD5: 8b165cf58df5f8c2a222f637c0a07c97
SHA1: 59eb84ee0d616332ff44aba065f3888cf002cd2d
SHA256:85fb03fc054cdf4efca8efd9b6712bbb418e1ab98241c4539c8585bbc23e1b8a
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Jakarta Annotations API	High
Vendor	pom	groupid	jakarta.annotation	Highest
Vendor	pom	parent-artifactid	ca-parent	Low
Vendor	jar	package name	annotation	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	specification-vendor	Eclipse Foundation	Low
Vendor	Manifest	automatic-module-name	java.annotation	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	file	name	jakarta.annotation-api	High
Vendor	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Highest
Vendor	Manifest	extension-name	jakarta.annotation	Medium
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	artifactid	jakarta.annotation-api	Low
Product	pom	name	Jakarta Annotations API	High
Product	pom	groupid	jakarta.annotation	Highest
Product	jar	package name	annotation	Highest
Product	pom	parent-artifactid	ca-parent	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	automatic-module-name	java.annotation	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.ca	Medium
Product	file	name	jakarta.annotation-api	High
Product	Manifest	bundle-symbolicname	jakarta.annotation-api	Medium
Product	Manifest	Bundle-Name	Jakarta Annotations API	Medium
Product	pom	artifactid	jakarta.annotation-api	Highest
Product	Manifest	extension-name	jakarta.annotation	Medium
Version	Manifest	Implementation-Version	1.3.5	High
Version	Manifest	Bundle-Version	1.3.5	High
Version	pom	version	1.3.5	Highest
Version	file	version	1.3.5	High

Identifiers

pkg:maven/jakarta.annotation/jakarta.annotation-api@1.3.5 (Confidence:High)

jakarta.el-api-3.0.3.jar

Description:

        Jakarta Expression Language defines an expression language for Java applications

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/jenkins/.mvnrepository/jakarta/el/jakarta.el-api/3.0.3/jakarta.el-api-3.0.3.jar
MD5: 528ed6138395d22fb54912b2b889e88e
SHA1: f311ab94bb1d4380690a53d737226a6b879dd4f1
SHA256:47ae0a91fb6dd32fdaa5d9bda63df043ac8148e00c297ccce8ab9c56b95cf261
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	jakarta.el	Highest
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	Implementation-Vendor	Oracle Corporation	High
Vendor	Manifest	extension-name	javax.el	Medium
Vendor	pom	artifactid	jakarta.el-api	Low
Vendor	Manifest	bundle-symbolicname	javax.el-api	Medium
Vendor	jar	package name	expression	Highest
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.el	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	name	Jakarta Expression Language 3.0 API	High
Vendor	jar	package name	el	Highest
Vendor	pom	parent-artifactid	project	Low
Vendor	file	name	jakarta.el-api	High
Product	pom	parent-artifactid	project	Medium
Product	pom	url	https://projects.eclipse.org/projects/ee4j.el	Medium
Product	pom	artifactid	jakarta.el-api	Highest
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	extension-name	javax.el	Medium
Product	pom	groupid	jakarta.el	Highest
Product	jar	package name	expression	Highest
Product	Manifest	bundle-symbolicname	javax.el-api	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	jar	package name	javax	Highest
Product	Manifest	Bundle-Name	Jakarta Expression Language 3.0 API	Medium
Product	pom	name	Jakarta Expression Language 3.0 API	High
Product	jar	package name	el	Highest
Product	file	name	jakarta.el-api	High
Version	Manifest	Implementation-Version	3.0.3	High
Version	pom	parent-version	3.0.3	Low
Version	file	version	3.0.3	High
Version	Manifest	Bundle-Version	3.0.3	High
Version	pom	version	3.0.3	Highest

Identifiers

pkg:maven/jakarta.el/jakarta.el-api@3.0.3 (Confidence:High)

jakarta.enterprise.cdi-api-2.0.2.jar

Description:

APIs for Jakarta CDI (Contexts and Dependency Injection)

License:

Apache License 2.0: https://repository.jboss.org/licenses/apache-2.0.txt

File Path: /home/jenkins/.mvnrepository/jakarta/enterprise/jakarta.enterprise.cdi-api/2.0.2/jakarta.enterprise.cdi-api-2.0.2.jar
MD5: ff8956b6aa6e32e6f9064597d9c9f1bd
SHA1: 58f497f362cd19c2f8842d75c491d270f0600e7f
SHA256:e71bbe0e4cacfce5b7d609021344d883531aa3e19321db17390f849fdb04a509
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.enterprise.cdi-api	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	bundle-docurl	https://jakarta.ee	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	organization url	https://jakarta.ee	Medium
Vendor	pom	url	http://cdi-spec.org	Highest
Vendor	pom	groupid	jakarta.enterprise	Highest
Vendor	jar	package name	enterprise	Highest
Vendor	pom	artifactid	jakarta.enterprise.cdi-api	Low
Vendor	Manifest	bundle-symbolicname	jakarta.enterprise.cdi-api	Medium
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	organization name	Eclipse Foundation	High
Vendor	pom	name	Jakarta CDI	High
Product	Manifest	Bundle-Name	Jakarta CDI	Medium
Product	pom	parent-artifactid	project	Medium
Product	pom	artifactid	jakarta.enterprise.cdi-api	Highest
Product	file	name	jakarta.enterprise.cdi-api	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	bundle-docurl	https://jakarta.ee	Low
Product	pom	url	http://cdi-spec.org	Medium
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	groupid	jakarta.enterprise	Highest
Product	pom	organization name	Eclipse Foundation	Low
Product	pom	organization url	https://jakarta.ee	Low
Product	jar	package name	enterprise	Highest
Product	Manifest	bundle-symbolicname	jakarta.enterprise.cdi-api	Medium
Product	pom	name	Jakarta CDI	High
Version	pom	version	2.0.2	Highest
Version	Manifest	Bundle-Version	2.0.2	High
Version	file	version	2.0.2	High
Version	pom	parent-version	2.0.2	Low

Identifiers

pkg:maven/jakarta.enterprise/jakarta.enterprise.cdi-api@2.0.2 (Confidence:High)

jakarta.inject-api-1.0.jar

Description:

Jakarta Dependency Injection

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/jakarta/inject/jakarta.inject-api/1.0/jakarta.inject-api-1.0.jar
MD5: 2e07624f1dc24ee8f6cdd69b0aa99ba9
SHA1: 93164437046e06b4876e069b8e7a321a02f10a2d
SHA256:3655ffdcdc058816632666a8bcbcf4bfd09751c6a77dedf70619f37294abb01f
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	javax	Low
Vendor	jar	package name	inject	Highest
Vendor	pom	artifactid	jakarta.inject-api	Low
Vendor	file	name	jakarta.inject-api	High
Vendor	pom	groupid	jakarta.inject	Highest
Vendor	jar	package name	inject	Low
Vendor	pom	url	eclipse-ee4j/injection-api	Highest
Vendor	pom	parent-artifactid	project	Low
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	pom	name	Jakarta Dependency Injection	High
Product	jar	package name	inject	Highest
Product	file	name	jakarta.inject-api	High
Product	pom	parent-artifactid	project	Medium
Product	pom	artifactid	jakarta.inject-api	Highest
Product	pom	groupid	jakarta.inject	Highest
Product	jar	package name	inject	Low
Product	pom	url	eclipse-ee4j/injection-api	High
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	pom	name	Jakarta Dependency Injection	High
Version	file	version	1.0	High
Version	pom	parent-version	1.0	Low
Version	pom	version	1.0	Highest

Identifiers

pkg:maven/jakarta.inject/jakarta.inject-api@1.0 (Confidence:High)

jakarta.interceptor-api-1.2.5.jar

Description:

        Jakarta Interceptors defines a means of interposing on business method invocations
        and specific events—such as lifecycle events and timeout events—that occur on instances
        of Jakarta EE components and other managed classes.

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/jenkins/.mvnrepository/jakarta/interceptor/jakarta.interceptor-api/1.2.5/jakarta.interceptor-api-1.2.5.jar
MD5: 69ab3deaef95f1a6522e7e828694ab14
SHA1: 20cbde692c555692ca835fb6ecb4a8c95acbe6e0
SHA256:210c4f0a5a8f387457d58afa3982b9abdd28f0a891e6289b329a6d8cf2210299
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Jakarta Interceptors	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	file	name	jakarta.interceptor-api	High
Vendor	pom	url	eclipse-ee4j/interceptor-api	Highest
Vendor	Manifest	bundle-symbolicname	jakarta.interceptor-api	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	pom	groupid	jakarta.interceptor	Highest
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	jar	package name	interceptors	Highest
Vendor	jar	package name	interceptor	Highest
Vendor	Manifest	extension-name	javax.interceptor	Medium
Vendor	jar	package name	javax	Highest
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	artifactid	jakarta.interceptor-api	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	parent-artifactid	project	Low
Product	pom	parent-artifactid	project	Medium
Product	pom	name	Jakarta Interceptors	High
Product	pom	url	eclipse-ee4j/interceptor-api	High
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	file	name	jakarta.interceptor-api	High
Product	Manifest	bundle-symbolicname	jakarta.interceptor-api	Medium
Product	pom	groupid	jakarta.interceptor	Highest
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	jar	package name	interceptors	Highest
Product	jar	package name	interceptor	Highest
Product	Manifest	extension-name	javax.interceptor	Medium
Product	jar	package name	javax	Highest
Product	pom	artifactid	jakarta.interceptor-api	Highest
Product	Manifest	Bundle-Name	Jakarta Interceptors	Medium
Version	file	version	1.2.5	High
Version	pom	parent-version	1.2.5	Low
Version	Manifest	Implementation-Version	1.2.5	High
Version	pom	version	1.2.5	Highest
Version	Manifest	Bundle-Version	1.2.5	High

Identifiers

pkg:maven/jakarta.interceptor/jakarta.interceptor-api@1.2.5 (Confidence:High)

jakarta.mail-1.6.5.jar

Description:

Jakarta Mail API

License:

http://www.eclipse.org/legal/epl-2.0, https://www.gnu.org/software/classpath/license.html, http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/jenkins/.mvnrepository/com/sun/mail/jakarta.mail/1.6.5/jakarta.mail-1.6.5.jar
MD5: 214c580ee5913b9c69926cec66919f64
SHA1: d08124137cf42397d00b71b5985fd1dc248ac07f
SHA256:f4b500a1dd9ffd03ed7d8b2062fa5fd10d5beca4c42611672764bf4365751b53
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	Manifest	specification-vendor	Oracle	Low
Vendor	jar	package name	mail	Highest
Vendor	Manifest	bundle-docurl	http://www.oracle.com	Low
Vendor	pom	groupid	com.sun.mail	Highest
Vendor	jar	package name	provider	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	pom	parent-artifactid	all	Low
Vendor	pom	parent-groupid	com.sun.mail	Medium
Vendor	Manifest (hint)	specification-vendor	sun	Low
Vendor	pom	artifactid	jakarta.mail	Low
Vendor	pom	name	Jakarta Mail API	High
Vendor	Manifest	probe-provider-xml-file-names	META-INF/gfprobe-provider.xml	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	Manifest	Implementation-Vendor	Oracle	High
Vendor	jar (hint)	package name	oracle	Highest
Vendor	Manifest	automatic-module-name	jakarta.mail	Medium
Vendor	Manifest	extension-name	jakarta.mail	Medium
Vendor	Manifest	bundle-symbolicname	com.sun.mail.jakarta.mail	Medium
Vendor	pom	groupid	sun.mail	Highest
Vendor	file	name	jakarta.mail	High
Vendor	Manifest (hint)	Implementation-Vendor	sun	High
Product	jar	package name	sun	Highest
Product	jar	package name	mail	Highest
Product	Manifest	bundle-docurl	http://www.oracle.com	Low
Product	Manifest	Implementation-Title	javax.mail	High
Product	jar	package name	provider	Highest
Product	pom	parent-groupid	com.sun.mail	Medium
Product	pom	name	Jakarta Mail API	High
Product	Manifest	probe-provider-xml-file-names	META-INF/gfprobe-provider.xml	Medium
Product	Manifest	build-jdk-spec	1.8	Low
Product	jar	package name	version	Highest
Product	Manifest	specification-title	Jakarta Mail API Design Specification	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	Manifest	automatic-module-name	jakarta.mail	Medium
Product	pom	artifactid	jakarta.mail	Highest
Product	Manifest	extension-name	jakarta.mail	Medium
Product	jar	package name	javax	Highest
Product	Manifest	bundle-symbolicname	com.sun.mail.jakarta.mail	Medium
Product	pom	groupid	sun.mail	Highest
Product	file	name	jakarta.mail	High
Product	Manifest	Bundle-Name	Jakarta Mail API	Medium
Product	pom	parent-artifactid	all	Medium
Version	file	version	1.6.5	High
Version	pom	version	1.6.5	Highest
Version	Manifest	Bundle-Version	1.6.5	High
Version	Manifest	Implementation-Version	1.6.5	High

Identifiers

pkg:maven/com.sun.mail/jakarta.mail@1.6.5 (Confidence:High)

jakarta.transaction-api-1.3.3.jar

Description:

Jakarta Transactions

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/jenkins/.mvnrepository/jakarta/transaction/jakarta.transaction-api/1.3.3/jakarta.transaction-api-1.3.3.jar
MD5: cc45726045cc9a0728f803f9db4c90c4
SHA1: c4179d48720a1e87202115fbed6089bdc4195405
SHA256:0b02a194dd04ee2e192dc9da9579e10955dd6e8ac707adfc91d92f119b0e67ab
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	bundle-symbolicname	jakarta.transaction-api	Medium
Vendor	pom	organization name	EE4J Community	High
Vendor	jar	package name	transaction	Highest
Vendor	pom	groupid	jakarta.transaction	Highest
Vendor	Manifest	bundle-docurl	https://github.com/eclipse-ee4j	Low
Vendor	Manifest	Implementation-Vendor	EE4J Community	High
Vendor	Manifest	extension-name	javax.transaction	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	file	name	jakarta.transaction-api	High
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	Manifest	automatic-module-name	java.transaction	Medium
Vendor	pom	organization url	eclipse-ee4j	Medium
Vendor	pom	url	https://projects.eclipse.org/projects/ee4j.jta	Highest
Vendor	jar	package name	javax	Highest
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	name	${extension.name} API	High
Vendor	pom	artifactid	jakarta.transaction-api	Low
Vendor	pom	parent-artifactid	project	Low
Product	Manifest	bundle-symbolicname	jakarta.transaction-api	Medium
Product	jar	package name	transaction	Highest
Product	Manifest	Bundle-Name	javax.transaction API	Medium
Product	pom	groupid	jakarta.transaction	Highest
Product	pom	parent-artifactid	project	Medium
Product	Manifest	bundle-docurl	https://github.com/eclipse-ee4j	Low
Product	Manifest	extension-name	javax.transaction	Medium
Product	file	name	jakarta.transaction-api	High
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	Manifest	automatic-module-name	java.transaction	Medium
Product	jar	package name	javax	Highest
Product	pom	artifactid	jakarta.transaction-api	Highest
Product	pom	name	${extension.name} API	High
Product	pom	url	https://projects.eclipse.org/projects/ee4j.jta	Medium
Product	pom	url	eclipse-ee4j	High
Product	pom	organization name	EE4J Community	Low
Version	pom	version	1.3.3	Highest
Version	Manifest	Bundle-Version	1.3.3	High
Version	Manifest	Implementation-Version	1.3.3	High
Version	pom	parent-version	1.3.3	Low
Version	file	version	1.3.3	High

Identifiers

pkg:maven/jakarta.transaction/jakarta.transaction-api@1.3.3 (Confidence:High)

jakarta.validation-api-2.0.2.jar

Description:

        Jakarta Bean Validation API

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/jakarta/validation/jakarta.validation-api/2.0.2/jakarta.validation-api-2.0.2.jar
MD5: 77501d529c1928c9bac2500cc9f93fb0
SHA1: 5eacc6522521f7eacb081f95cee1e231648461e7
SHA256:b42d42428f3d922c892a909fa043287d577c0c5b165ad9b7d568cebf87fc9ea4
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	jakarta.validation-api	High
Vendor	Manifest	bundle-docurl	https://www.eclipse.org	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	pom	groupid	jakarta.validation	Highest
Vendor	pom	parent-groupid	org.eclipse.ee4j	Medium
Vendor	Manifest	bundle-symbolicname	jakarta.validation.jakarta.validation-api	Medium
Vendor	jar	package name	validation	Highest
Vendor	pom	artifactid	jakarta.validation-api	Low
Vendor	Manifest	automatic-module-name	java.validation	Medium
Vendor	pom	url	https://beanvalidation.org	Highest
Vendor	pom	name	Jakarta Bean Validation API	High
Vendor	pom	parent-artifactid	project	Low
Product	pom	artifactid	jakarta.validation-api	Highest
Product	file	name	jakarta.validation-api	High
Product	pom	parent-artifactid	project	Medium
Product	Manifest	bundle-docurl	https://www.eclipse.org	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	pom	groupid	jakarta.validation	Highest
Product	pom	parent-groupid	org.eclipse.ee4j	Medium
Product	Manifest	bundle-symbolicname	jakarta.validation.jakarta.validation-api	Medium
Product	Manifest	Bundle-Name	Jakarta Bean Validation API	Medium
Product	jar	package name	validation	Highest
Product	Manifest	automatic-module-name	java.validation	Medium
Product	pom	url	https://beanvalidation.org	Medium
Product	pom	name	Jakarta Bean Validation API	High
Version	pom	version	2.0.2	Highest
Version	Manifest	Bundle-Version	2.0.2	High
Version	file	version	2.0.2	High
Version	pom	parent-version	2.0.2	Low

Identifiers

pkg:maven/jakarta.validation/jakarta.validation-api@2.0.2 (Confidence:High)

javax.servlet-api-3.0.1.jar

Description:

Java.net - The Source for Java Technology Collaboration

License:

CDDL + GPLv2 with classpath exception: https://glassfish.dev.java.net/nonav/public/CDDL+GPL.html

File Path: /home/jenkins/.mvnrepository/javax/servlet/javax.servlet-api/3.0.1/javax.servlet-api-3.0.1.jar
MD5: 3ef236ac4c24850cd54abff60be25f35
SHA1: 6bf0ebb7efd993e222fc1112377b5e92a13b38dd
SHA256:377d8bde87ac6bc7f83f27df8e02456d5870bb78c832dac656ceacc28b016e56
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	javax.servlet-api	High
Vendor	Manifest	specification-vendor	Oracle	Low
Vendor	Manifest	Implementation-Vendor	GlassFish Community	High
Vendor	pom	parent-groupid	net.java	Medium
Vendor	pom	groupid	javax.servlet	Highest
Vendor	jar	package name	servlet	Highest
Vendor	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Vendor	pom	url	http://servlet-spec.java.net	Highest
Vendor	pom	organization name	GlassFish Community	High
Vendor	Manifest (hint)	specification-vendor	sun	Low
Vendor	Manifest	Implementation-Vendor-Id	org.glassfish	Medium
Vendor	pom	parent-artifactid	jvnet-parent	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	artifactid	javax.servlet-api	Low
Vendor	Manifest	extension-name	javax.servlet	Medium
Vendor	pom	organization url	https://glassfish.dev.java.net	Medium
Vendor	pom	name	Java Servlet API	High
Vendor	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Product	file	name	javax.servlet-api	High
Product	pom	parent-groupid	net.java	Medium
Product	pom	artifactid	javax.servlet-api	Highest
Product	pom	groupid	javax.servlet	Highest
Product	pom	organization name	GlassFish Community	Low
Product	jar	package name	servlet	Highest
Product	Manifest	bundle-docurl	https://glassfish.dev.java.net	Low
Product	pom	organization url	https://glassfish.dev.java.net	Low
Product	pom	url	http://servlet-spec.java.net	Medium
Product	Manifest	Bundle-Name	Java Servlet API	Medium
Product	jar	package name	javax	Highest
Product	Manifest	extension-name	javax.servlet	Medium
Product	Manifest	specification-title	Java(TM) Servlet API Design Specification	Medium
Product	pom	name	Java Servlet API	High
Product	pom	parent-artifactid	jvnet-parent	Medium
Product	Manifest	bundle-symbolicname	javax.servlet-api	Medium
Version	Manifest	Implementation-Version	3.0.1	High
Version	pom	parent-version	3.0.1	Low
Version	file	version	3.0.1	High
Version	pom	version	3.0.1	Highest
Version	Manifest	Bundle-Version	3.0.1	High

Identifiers

pkg:maven/javax.servlet/javax.servlet-api@3.0.1 (Confidence:High)

jaxb-runtime-2.3.3-b01.jar

Description:

JAXB (JSR 222) Reference Implementation

File Path: /home/jenkins/.mvnrepository/org/glassfish/jaxb/jaxb-runtime/2.3.3-b01/jaxb-runtime-2.3.3-b01.jar
MD5: f1d96ef7cbe6d52929f4e4a4036c1d05
SHA1: 4caeecc729d73a2ee354e11c3c94d5ca10d4a8ae
SHA256:3cd95396cea903c1201dc9baa655e6b98a2e5c73425942818367448a7ecbb118
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	Manifest	git-revision	7d3cd30	Low
Vendor	pom	artifactid	jaxb-runtime	Low
Vendor	pom	name	JAXB Runtime	High
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	pom	parent-artifactid	jaxb-runtime-parent	Low
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	jar	package name	bind	Highest
Vendor	file	name	jaxb-runtime	High
Product	pom	artifactid	jaxb-runtime	Highest
Product	jar	package name	sun	Highest
Product	pom	groupid	glassfish.jaxb	Highest
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	Manifest	git-revision	7d3cd30	Low
Product	pom	name	JAXB Runtime	High
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	pom	parent-artifactid	jaxb-runtime-parent	Medium
Product	jar	package name	xml	Highest
Product	jar	package name	bind	Highest
Product	file	name	jaxb-runtime	High
Version	pom	version	2.3.3-b01	Highest
Version	Manifest	Implementation-Version	2.3.3-b01	High
Version	Manifest	build-id	2.3.3-b01	Medium

Identifiers

pkg:maven/org.glassfish.jaxb/jaxb-runtime@2.3.3-b01 (Confidence:High)

jaxp-api-1.4.jar

File Path: /home/jenkins/.mvnrepository/javax/xml/parsers/jaxp-api/1.4/jaxp-api-1.4.jar
MD5: 0750e02841d6410dea4b2566b3168234
SHA1: de89f04bd13f5b24ce02b505a976d549335e4ecc
SHA256:9a45fed764520cd61adb7e47b2c4057f3398f51fca2351b53df1dea1d29a00f0
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	jaxp-api	Low
Vendor	file	name	jaxp-api	High
Vendor	jar	package name	parsers	Highest
Vendor	jar	package name	xml	Highest
Vendor	Manifest	Implementation-Vendor-Id	com.sun	Medium
Vendor	Manifest	implementation-url	http://java.sun.com/xml/jaxp	Low
Vendor	jar	package name	javax	Highest
Vendor	pom	groupid	javax.xml.parsers	Highest
Vendor	Manifest	specification-vendor	Sun Microsystems, Inc.	Low
Vendor	Manifest	Implementation-Vendor	Sun Microsystems, Inc.	High
Product	file	name	jaxp-api	High
Product	Manifest	specification-title	JSR 206 Java(TM) API for XML Processing 1.4	Medium
Product	Manifest	Implementation-Title	JSR 206 Java(TM) API for XML Processing 1.4	High
Product	jar	package name	parsers	Highest
Product	jar	package name	xml	Highest
Product	Manifest	implementation-url	http://java.sun.com/xml/jaxp	Low
Product	jar	package name	javax	Highest
Product	pom	artifactid	jaxp-api	Highest
Product	pom	groupid	javax.xml.parsers	Highest
Version	pom	version	1.4	Highest
Version	file	version	1.4	High

Identifiers

pkg:maven/javax.xml.parsers/jaxp-api@1.4 (Confidence:High)

jaxp-ri-1.4.jar

File Path: /home/jenkins/.mvnrepository/com/sun/org/apache/jaxp-ri/1.4/jaxp-ri-1.4.jar
MD5: 01b055250b26cf524695526ef9c5a668
SHA1: 30525b6b3083c9fc2cdb35ab9f874a796203a942
SHA256:1815fc4d6f3af68f8342d76de57e268ef53adb27c10a2acd443e7c5def5d881e
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	sun.org.apache	Highest
Vendor	jar	package name	sun	Highest
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	org	Highest
Vendor	jar	package name	apache	Highest
Vendor	pom	groupid	com.sun.org.apache	Highest
Vendor	file	name	jaxp-ri	High
Vendor	Manifest	specification-vendor	Sun Microsystems Inc.	Low
Vendor	pom	artifactid	jaxp-ri	Low
Product	pom	artifactid	jaxp-ri	Highest
Product	pom	groupid	sun.org.apache	Highest
Product	jar	package name	sun	Highest
Product	jar	package name	xml	Highest
Product	jar	package name	org	Highest
Product	jar	package name	apache	Highest
Product	Manifest	specification-title	Java API for XML Processing	Medium
Product	file	name	jaxp-ri	High
Version	pom	version	1.4	Highest
Version	Manifest	specification-version	1.4	High
Version	file	version	1.4	High

Identifiers

pkg:maven/com.sun.org.apache/jaxp-ri@1.4 (Confidence:High)

jboss-jaxb-api_2.3_spec-2.0.0.Final.jar

Description:

Jakarta XML Binding API 2.3 Design Specification

License:

http://www.eclipse.org/org/documents/edl-v10.php

File Path: /home/jenkins/.mvnrepository/org/jboss/spec/javax/xml/bind/jboss-jaxb-api_2.3_spec/2.0.0.Final/jboss-jaxb-api_2.3_spec-2.0.0.Final.jar
MD5: 3f3c17761bb0bc98b82b3cfb9311660b
SHA1: 1d2b5404a556a4aeddde8a9676cec8ee01b4e0a0
SHA256:f73f5832acef810d4d72da3b04378b6a70b72e955fdb0315591f0115c3ee701b
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-build-id	UNKNOWN-646c629bd4653190d875ca5f0424f5383f75bce3, 1568202678119	Low
Vendor	pom	artifactid	jboss-jaxb-api_2.3_spec	Low
Vendor	Manifest	bundle-symbolicname	org.jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec	Medium
Vendor	pom	parent-groupid	org.jboss.spec.javax.xml.bind	Medium
Vendor	pom	name	Jakarta XML Binding API	High
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	extension-name	jakarta.xml.bind	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.spec.javax.xml.bind	Medium
Vendor	Manifest	originally-created-by	1.8.0_152 (Oracle Corporation)	Low
Vendor	file	name	jboss-jaxb-api_2.3_spec-2.0.0.Final	High
Vendor	jar	package name	xml	Highest
Vendor	pom	groupid	org.jboss.spec.javax.xml.bind	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	automatic-module-name	java.xml.bind	Medium
Vendor	jar	package name	bind	Highest
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	Manifest	multi-release	true	Low
Vendor	jar	package name	javax	Highest
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	jar	package name	jaxb	Highest
Vendor	pom	groupid	jboss.spec.javax.xml.bind	Highest
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	jboss-jaxb-api_2.3_spec-parent	Low
Vendor	Manifest	implementation-url	https://github.com/eclipse-ee4j/jaxb-api/jboss-jaxb-api_2.3_spec	Low
Product	Manifest	implementation-build-id	UNKNOWN-646c629bd4653190d875ca5f0424f5383f75bce3, 1568202678119	Low
Product	pom	parent-artifactid	jboss-jaxb-api_2.3_spec-parent	Medium
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	Manifest	os-arch	amd64	Low
Product	Manifest	bundle-symbolicname	org.jboss.spec.javax.xml.bind.jboss-jaxb-api_2.3_spec	Medium
Product	pom	parent-groupid	org.jboss.spec.javax.xml.bind	Medium
Product	pom	name	Jakarta XML Binding API	High
Product	Manifest	extension-name	jakarta.xml.bind	Medium
Product	pom	artifactid	jboss-jaxb-api_2.3_spec	Highest
Product	Manifest	multi-release	true	Low
Product	Manifest	Bundle-Name	Jakarta XML Binding API	Medium
Product	Manifest	originally-created-by	1.8.0_152 (Oracle Corporation)	Low
Product	file	name	jboss-jaxb-api_2.3_spec-2.0.0.Final	High
Product	jar	package name	xml	Highest
Product	jar	package name	javax	Highest
Product	jar	package name	jaxb	Highest
Product	Manifest	specification-title	Jakarta XML Binding API	Medium
Product	Manifest	automatic-module-name	java.xml.bind	Medium
Product	pom	groupid	jboss.spec.javax.xml.bind	Highest
Product	jar	package name	bind	Highest
Product	Manifest	os-name	Linux	Medium
Product	Manifest	Implementation-Title	Jakarta XML Binding API	High
Product	Manifest	implementation-url	https://github.com/eclipse-ee4j/jaxb-api/jboss-jaxb-api_2.3_spec	Low
Version	Manifest	Bundle-Version	2.0.0.Final	High
Version	pom	version	2.0.0.Final	Highest

Identifiers

pkg:maven/org.jboss.spec.javax.xml.bind/jboss-jaxb-api_2.3_spec@2.0.0.Final (Confidence:High)

jboss-jaxrs-api_2.1_spec-2.0.1.Final.jar

Description:

Jakarta API for RESTful Web Services

License:

EPL 2.0: http://www.eclipse.org/legal/epl-2.0
GPL2 w/ CPE: https://www.gnu.org/software/classpath/license.html

File Path: /home/jenkins/.mvnrepository/org/jboss/spec/javax/ws/rs/jboss-jaxrs-api_2.1_spec/2.0.1.Final/jboss-jaxrs-api_2.1_spec-2.0.1.Final.jar
MD5: 35b4d1b6b5f70f01c108c6b2349e4635
SHA1: 75cdeb26ccf87bc6f9d0f31b5ec4d80aa15b662c
SHA256:3518db0a3980aacfdae916f0eb081d0fcefaa2076d2ba603edc779a601d2d1a4
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	pom	artifactid	jboss-jaxrs-api_2.1_spec	Low
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	Manifest	bundle-symbolicname	org.jboss.spec.javax.ws.rs.jboss-jaxrs-api_2.1_spec	Medium
Vendor	pom	groupid	org.jboss.spec.javax.ws.rs	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	name	jboss-jakarta-jaxrs-api_spec	High
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	jar	package name	rs	Highest
Vendor	Manifest	extension-name	javax.ws.rs	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	Manifest	automatic-module-name	java.ws.rs	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.spec.javax.ws.rs	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	Manifest	implementation-url	http://www.jboss.org/jboss-jaxrs-api_2.1_spec	Low
Vendor	file	name	jboss-jaxrs-api_2.1_spec-2.0.1.Final	High
Vendor	hint analyzer	vendor	web services	Medium
Vendor	jar	package name	javax	Highest
Vendor	pom	groupid	jboss.spec.javax.ws.rs	Highest
Vendor	jar	package name	ws	Highest
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	jboss-parent	Low
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	pom	artifactid	jboss-jaxrs-api_2.1_spec	Highest
Product	jar	package name	rs	Highest
Product	Manifest	extension-name	javax.ws.rs	Medium
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-groupid	org.jboss	Medium
Product	Manifest	automatic-module-name	java.ws.rs	Medium
Product	Manifest	Implementation-Title	jboss-jakarta-jaxrs-api_spec	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	hint analyzer	product	web services	Medium
Product	Manifest	specification-title	jboss-jakarta-jaxrs-api_spec	Medium
Product	Manifest	implementation-url	http://www.jboss.org/jboss-jaxrs-api_2.1_spec	Low
Product	file	name	jboss-jaxrs-api_2.1_spec-2.0.1.Final	High
Product	Manifest	bundle-symbolicname	org.jboss.spec.javax.ws.rs.jboss-jaxrs-api_2.1_spec	Medium
Product	pom	parent-artifactid	jboss-parent	Medium
Product	jar	package name	javax	Highest
Product	Manifest	Bundle-Name	jboss-jakarta-jaxrs-api_spec	Medium
Product	pom	groupid	jboss.spec.javax.ws.rs	Highest
Product	jar	package name	ws	Highest
Product	Manifest	os-name	Linux	Medium
Product	pom	name	jboss-jakarta-jaxrs-api_spec	High
Version	pom	parent-version	2.0.1.Final	Low
Version	pom	version	2.0.1.Final	Highest
Version	Manifest	Bundle-Version	2.0.1.Final	High
Version	Manifest	Implementation-Version	2.0.1.Final	High

Identifiers

pkg:maven/org.jboss.spec.javax.ws.rs/jboss-jaxrs-api_2.1_spec@2.0.1.Final (Confidence:High)

jboss-logging-3.3.2.Final.jar

Description:

The JBoss Logging Framework

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/jboss/logging/jboss-logging/3.3.2.Final/jboss-logging-3.3.2.Final.jar
MD5: c397132f958d7e8ac0d566b6723ca7ca
SHA1: 3789d00e859632e6c6206adc0c71625559e6e3b0
SHA256:cb914bfe888da7d9162e965ac8b0d6f28f2f32eca944a00fbbf6dd3cf1aacc13
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	logging	Highest
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	pom	groupid	org.jboss.logging	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.logging	Medium
Vendor	Manifest	build-timestamp	Wed, 14 Feb 2018 13:23:27 -0800	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	file	name	jboss-logging	High
Vendor	jar	package name	jboss	Highest
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	Manifest	java-vendor	Sun Microsystems Inc.	Medium
Vendor	pom	groupid	jboss.logging	Highest
Vendor	pom	name	JBoss Logging 3	High
Vendor	Manifest	automatic-module-name	org.jboss.logging	Medium
Vendor	Manifest	bundle-symbolicname	org.jboss.logging.jboss-logging	Medium
Vendor	Manifest	implementation-url	http://www.jboss.org	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	artifactid	jboss-logging	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	jboss-parent	Low
Vendor	pom	url	http://www.jboss.org	Highest
Product	Manifest	Implementation-Title	JBoss Logging 3	High
Product	jar	package name	logging	Highest
Product	Manifest	specification-title	JBoss Logging 3	Medium
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	Manifest	Bundle-Name	JBoss Logging 3	Medium
Product	Manifest	build-timestamp	Wed, 14 Feb 2018 13:23:27 -0800	Low
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-groupid	org.jboss	Medium
Product	pom	url	http://www.jboss.org	Medium
Product	file	name	jboss-logging	High
Product	jar	package name	jboss	Highest
Product	pom	groupid	jboss.logging	Highest
Product	pom	name	JBoss Logging 3	High
Product	pom	parent-artifactid	jboss-parent	Medium
Product	Manifest	automatic-module-name	org.jboss.logging	Medium
Product	Manifest	bundle-symbolicname	org.jboss.logging.jboss-logging	Medium
Product	Manifest	implementation-url	http://www.jboss.org	Low
Product	Manifest	os-name	Linux	Medium
Product	pom	artifactid	jboss-logging	Highest
Version	Manifest	Implementation-Version	3.3.2.Final	High
Version	Manifest	Bundle-Version	3.3.2.Final	High
Version	pom	version	3.3.2.Final	Highest
Version	pom	parent-version	3.3.2.Final	Low

Identifiers

pkg:maven/org.jboss.logging/jboss-logging@3.3.2.Final (Confidence:High)

jboss-logging-annotations-2.1.0.Final.jar

License:

Apache License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/jboss/logging/jboss-logging-annotations/2.1.0.Final/jboss-logging-annotations-2.1.0.Final.jar
MD5: 18d33dad7c30aaf31be36013e4a4022d
SHA1: 58c69c8dd206d92d8bcb1d602ebec0b0f235d341
SHA256:b212f95613ad416ab2e75f2bb125f93f576cba95ec9b90aaf9a05e082a786a98
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	logging	Highest
Vendor	pom	groupid	org.jboss.logging	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.logging	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	Manifest	implementation-url	http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations	Low
Vendor	jar	package name	jboss	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	jar	package name	annotations	Highest
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	file	name	jboss-logging-annotations	High
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.logging	Highest
Vendor	pom	name	JBoss Logging I18n Annotations	High
Vendor	pom	parent-artifactid	jboss-logging-tools-parent	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	artifactid	jboss-logging-annotations	Low
Vendor	pom	parent-groupid	org.jboss.logging	Medium
Vendor	Manifest	os-name	Linux	Medium
Product	Manifest	specification-title	JBoss Logging I18n Annotations	Medium
Product	jar	package name	logging	Highest
Product	Manifest	os-arch	amd64	Low
Product	Manifest	implementation-url	http://www.jboss.org/jboss-logging-tools-parent/jboss-logging-annotations	Low
Product	jar	package name	jboss	Highest
Product	jar	package name	annotations	Highest
Product	pom	parent-artifactid	jboss-logging-tools-parent	Medium
Product	file	name	jboss-logging-annotations	High
Product	pom	groupid	jboss.logging	Highest
Product	pom	name	JBoss Logging I18n Annotations	High
Product	pom	artifactid	jboss-logging-annotations	Highest
Product	pom	parent-groupid	org.jboss.logging	Medium
Product	Manifest	os-name	Linux	Medium
Product	Manifest	Implementation-Title	JBoss Logging I18n Annotations	High
Version	pom	version	2.1.0.Final	Highest
Version	Manifest	Implementation-Version	2.1.0.Final	High

Identifiers

pkg:maven/org.jboss.logging/jboss-logging-annotations@2.1.0.Final (Confidence:High)

jboss-logmanager-embedded-1.0.4.jar

Description:

An implementation of java.util.logging.LogManager

License:

Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/jboss/logmanager/jboss-logmanager-embedded/1.0.4/jboss-logmanager-embedded-1.0.4.jar
MD5: a7c56e375b02b9215f67f3b1817daef4
SHA1: 95cec2b1be8941b6c00d09f509cca59cf2a606bc
SHA256:3fbd749c53a1d028e49803378c5c6e408eef497891ec220fb7e98526efad8d8b
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	org.jboss.logmanager	Highest
Vendor	jar	package name	org	Highest
Vendor	Manifest	implementation-url	http://www.jboss.org/jboss-logmanager-embedded	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	jar	package name	logmanager	Highest
Vendor	pom	groupid	jboss.logmanager	Highest
Vendor	jar	package name	jboss	Highest
Vendor	pom	name	JBoss Log Manager (Embedded)	High
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	artifactid	jboss-logmanager-embedded	Low
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.logmanager	Medium
Vendor	Manifest	os-name	Linux	Medium
Vendor	file	name	jboss-logmanager-embedded	High
Vendor	pom	parent-artifactid	jboss-parent-mr-jar	Low
Product	Manifest	specification-title	JBoss Log Manager (Embedded)	Medium
Product	Manifest	implementation-url	http://www.jboss.org/jboss-logmanager-embedded	Low
Product	jar	package name	org	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-groupid	org.jboss	Medium
Product	pom	artifactid	jboss-logmanager-embedded	Highest
Product	Manifest	Implementation-Title	JBoss Log Manager (Embedded)	High
Product	jar	package name	logmanager	Highest
Product	pom	groupid	jboss.logmanager	Highest
Product	jar	package name	jboss	Highest
Product	pom	name	JBoss Log Manager (Embedded)	High
Product	Manifest	multi-release	true	Low
Product	pom	parent-artifactid	jboss-parent-mr-jar	Medium
Product	Manifest	os-name	Linux	Medium
Product	file	name	jboss-logmanager-embedded	High
Version	pom	version	1.0.4	Highest
Version	Manifest	Implementation-Version	1.0.4	High
Version	pom	parent-version	1.0.4	Low
Version	file	version	1.0.4	High

Identifiers

pkg:maven/org.jboss.logmanager/jboss-logmanager-embedded@1.0.4 (Confidence:High)

jboss-threads-3.0.0.Final.jar

License:

Apache License 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/jboss/threads/jboss-threads/3.0.0.Final/jboss-threads-3.0.0.Final.jar
MD5: 12d52b8b53ebd5c1d1b4cbd56d05a4ec
SHA1: 41849f5b8a43ac45835cb302ea91e34b299bd0fe
SHA256:9c4d89e412ca771222ff4fff93f2428eaa1f7296f70988537fc09968f7f61776
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	java-vendor	AdoptOpenJDK	Medium
Vendor	pom	groupid	jboss.threads	Highest
Vendor	jar	package name	org	Highest
Vendor	pom	name	JBoss Threads	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	file	name	jboss-threads	High
Vendor	jar	package name	jboss	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.threads	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	Manifest	multi-release	true	Low
Vendor	jar	package name	threads	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	implementation-url	http://www.jboss.org/jboss-threads	Low
Vendor	pom	groupid	org.jboss.threads	Highest
Vendor	pom	artifactid	jboss-threads	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	jboss-parent	Low
Product	pom	groupid	jboss.threads	Highest
Product	jar	package name	org	Highest
Product	pom	name	JBoss Threads	High
Product	pom	artifactid	jboss-threads	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-groupid	org.jboss	Medium
Product	file	name	jboss-threads	High
Product	jar	package name	jboss	Highest
Product	Manifest	multi-release	true	Low
Product	jar	package name	threads	Highest
Product	pom	parent-artifactid	jboss-parent	Medium
Product	Manifest	Implementation-Title	JBoss Threads	High
Product	Manifest	implementation-url	http://www.jboss.org/jboss-threads	Low
Product	Manifest	specification-title	JBoss Threads	Medium
Product	Manifest	os-name	Linux	Medium
Version	Manifest	Implementation-Version	3.0.0.Final	High
Version	pom	version	3.0.0.Final	Highest
Version	pom	parent-version	3.0.0.Final	Low

Identifiers

pkg:maven/org.jboss.threads/jboss-threads@3.0.0.Final (Confidence:High)

jcip-annotations-1.0-1.jar

Description:

    A clean room implementation of the JCIP Annotations based entirely on the specification provided by the javadocs.

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/com/github/stephenc/jcip/jcip-annotations/1.0-1/jcip-annotations-1.0-1.jar
MD5: d62dbfa8789378457ada685e2f614846
SHA1: ef31541dd28ae2cefdd17c7ebf352d93e9058c63
SHA256:4fccff8382aafc589962c4edb262f6aa595e34f1e11e61057d1c6a96e8fc7323
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	jcip	Highest
Vendor	pom	name	JCIP Annotations under Apache License	High
Vendor	jar	package name	net	Low
Vendor	pom	url	http://stephenc.github.com/jcip-annotations	Highest
Vendor	pom	artifactid	jcip-annotations	Low
Vendor	pom	groupid	com.github.stephenc.jcip	Highest
Vendor	file	name	jcip-annotations	High
Vendor	jar	package name	annotations	Low
Vendor	jar	package name	annotations	Highest
Vendor	jar	package name	jcip	Low
Vendor	pom	groupid	github.stephenc.jcip	Highest
Product	jar	package name	jcip	Highest
Product	pom	name	JCIP Annotations under Apache License	High
Product	pom	url	http://stephenc.github.com/jcip-annotations	Medium
Product	file	name	jcip-annotations	High
Product	jar	package name	annotations	Low
Product	pom	artifactid	jcip-annotations	Highest
Product	jar	package name	annotations	Highest
Product	jar	package name	jcip	Low
Product	pom	groupid	github.stephenc.jcip	Highest
Version	pom	version	1.0-1	Highest

Identifiers

pkg:maven/com.github.stephenc.jcip/jcip-annotations@1.0-1 (Confidence:High)

json-patch-1.9.jar

Description:

JSON Patch (RFC 6902) and JSON Merge Patch (RFC 7386) implementation in Java

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/com/github/fge/json-patch/1.9/json-patch-1.9.jar
MD5: 9df773c8904f39b05b6a8a6848804c96
SHA1: 0a4c3c97a0f5965dec15795acf40d3fbc897af4b
SHA256:2d6acbda3675e6f25b7b4ab338317006865a8416a69c2b5e1cfa8b8209fc10a1
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	fge	Highest
Vendor	Manifest	bundle-symbolicname	com.github.fge.json-patch	Medium
Vendor	jar	package name	github	Highest
Vendor	pom	groupid	com.github.fge	Highest
Vendor	pom	name	json-patch	High
Vendor	pom	url	fge/json-patch	Highest
Vendor	pom	artifactid	json-patch	Low
Vendor	pom	groupid	github.fge	Highest
Vendor	file	name	json-patch	High
Product	jar	package name	fge	Highest
Product	pom	artifactid	json-patch	Highest
Product	Manifest	bundle-symbolicname	com.github.fge.json-patch	Medium
Product	Manifest	Bundle-Name	json-patch	Medium
Product	jar	package name	github	Highest
Product	pom	name	json-patch	High
Product	pom	url	fge/json-patch	High
Product	pom	groupid	github.fge	Highest
Product	file	name	json-patch	High
Version	pom	version	1.9	Highest
Version	Manifest	Bundle-Version	1.9	High
Version	file	version	1.9	High

Identifiers

pkg:maven/com.github.fge/json-patch@1.9 (Confidence:High)
cpe:2.3:a:json-patch_project:json-patch:1.9:*:*:*:*:*:*:* (Confidence:Highest)

junit-4.13.1.jar

Description:

JUnit is a unit testing framework for Java, created by Erich Gamma and Kent Beck.

License:

Eclipse Public License 1.0: http://www.eclipse.org/legal/epl-v10.html

File Path: /home/jenkins/.mvnrepository/junit/junit/4.13.1/junit-4.13.1.jar
MD5: 83d91f209ddcb104776fa41c448c7ee2
SHA1: cdd00374f1fee76b11e2a9d127405aa3f6be5b6a
SHA256:c30719db974d6452793fe191b3638a5777005485bae145924044530ffa5f6122
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	junit	Medium
Vendor	Manifest	implementation-url	http://junit.org	Low
Vendor	pom	artifactid	junit	Low
Vendor	pom	groupid	junit	Highest
Vendor	pom	organization url	http://www.junit.org	Medium
Vendor	Manifest	automatic-module-name	junit	Medium
Vendor	jar	package name	framework	Highest
Vendor	pom	organization name	JUnit	High
Vendor	pom	url	http://junit.org	Highest
Vendor	file	name	junit	High
Vendor	pom	name	JUnit	High
Vendor	Manifest	Implementation-Vendor	JUnit	High
Vendor	jar	package name	junit	Highest
Product	pom	url	http://junit.org	Medium
Product	Manifest	implementation-url	http://junit.org	Low
Product	Manifest	Implementation-Title	JUnit	High
Product	pom	groupid	junit	Highest
Product	Manifest	automatic-module-name	junit	Medium
Product	jar	package name	framework	Highest
Product	pom	artifactid	junit	Highest
Product	pom	organization name	JUnit	Low
Product	file	name	junit	High
Product	pom	organization url	http://www.junit.org	Low
Product	pom	name	JUnit	High
Product	jar	package name	junit	Highest
Version	Manifest	Implementation-Version	4.13.1	High
Version	pom	version	4.13.1	Highest
Version	file	version	4.13.1	High

Identifiers

pkg:maven/junit/junit@4.13.1 (Confidence:High)

junit-jupiter-api-5.7.0.jar

Description:

Module "junit-jupiter-api" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-api/5.7.0/junit-jupiter-api-5.7.0.jar
MD5: e8567a8fe9ea0fa92b4da7a25f0c572c
SHA1: b25f3815c4c1860a73041e733a14a0379d00c4d5
SHA256:b03f78e0daeed2d77a0af9bcd662b4cdb9693f7ee72e01a539b508b84c63d182
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Vendor	file	name	junit-jupiter-api	High
Vendor	Manifest	build-time	15:13:34.624+0200	Low
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	build-date	2020-09-13	Low
Vendor	pom	url	https://junit.org/junit5/	Highest
Vendor	pom	name	JUnit Jupiter API	High
Vendor	pom	artifactid	junit-jupiter-api	Low
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	jar	package name	api	Highest
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	jar	package name	jupiter	Highest
Vendor	Manifest	bundle-symbolicname	junit-jupiter-api	Medium
Vendor	jar	package name	junit	Highest
Vendor	pom	groupid	junit.jupiter	Highest
Product	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Product	file	name	junit-jupiter-api	High
Product	pom	url	https://junit.org/junit5/	Medium
Product	Manifest	build-time	15:13:34.624+0200	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	build-date	2020-09-13	Low
Product	pom	artifactid	junit-jupiter-api	Highest
Product	pom	name	JUnit Jupiter API	High
Product	jar	package name	api	Highest
Product	jar	package name	jupiter	Highest
Product	Manifest	bundle-symbolicname	junit-jupiter-api	Medium
Product	Manifest	Bundle-Name	JUnit Jupiter API	Medium
Product	jar	package name	junit	Highest
Product	Manifest	specification-title	junit-jupiter-api	Medium
Product	pom	groupid	junit.jupiter	Highest
Product	Manifest	Implementation-Title	junit-jupiter-api	High
Version	pom	version	5.7.0	Highest
Version	Manifest	Bundle-Version	5.7.0	High
Version	Manifest	Implementation-Version	5.7.0	High
Version	file	version	5.7.0	High

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter-api@5.7.0 (Confidence:High)

junit-jupiter-engine-5.7.0.jar

Description:

Module "junit-jupiter-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-engine/5.7.0/junit-jupiter-engine-5.7.0.jar
MD5: 7e4f06555826c36fb1f7a44598431d4e
SHA1: d9044d6b45e2232ddd53fa56c15333e43d1749fd
SHA256:dfa26af94644ac2612dde6625852fcb550a0d21caa243257de54cba738ba87af
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Vendor	pom	name	JUnit Jupiter Engine	High
Vendor	file	name	junit-jupiter-engine	High
Vendor	Manifest	build-time	15:13:34.624+0200	Low
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	build-date	2020-09-13	Low
Vendor	pom	url	https://junit.org/junit5/	Highest
Vendor	Manifest	bundle-symbolicname	junit-jupiter-engine	Medium
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	pom	artifactid	junit-jupiter-engine	Low
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	jar	package name	jupiter	Highest
Vendor	jar	package name	junit	Highest
Vendor	pom	groupid	junit.jupiter	Highest
Vendor	jar	package name	engine	Highest
Product	pom	artifactid	junit-jupiter-engine	Highest
Product	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Product	pom	name	JUnit Jupiter Engine	High
Product	pom	url	https://junit.org/junit5/	Medium
Product	file	name	junit-jupiter-engine	High
Product	Manifest	build-time	15:13:34.624+0200	Low
Product	Manifest	Implementation-Title	junit-jupiter-engine	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	junit-jupiter-engine	Medium
Product	Manifest	build-date	2020-09-13	Low
Product	Manifest	bundle-symbolicname	junit-jupiter-engine	Medium
Product	Manifest	Bundle-Name	JUnit Jupiter Engine	Medium
Product	jar	package name	jupiter	Highest
Product	jar	package name	junit	Highest
Product	pom	groupid	junit.jupiter	Highest
Product	jar	package name	engine	Highest
Version	pom	version	5.7.0	Highest
Version	Manifest	Bundle-Version	5.7.0	High
Version	Manifest	Implementation-Version	5.7.0	High
Version	file	version	5.7.0	High

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter-engine@5.7.0 (Confidence:High)

junit-jupiter-migrationsupport-5.7.0.jar

Description:

Module "junit-jupiter-migrationsupport" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-migrationsupport/5.7.0/junit-jupiter-migrationsupport-5.7.0.jar
MD5: 56af65d97f00826afe9599c956cefb03
SHA1: 2aed57e91b278c997a68c05dd2399f4f350c7cdb
SHA256:d917be3bff689244c4a3904329b1ab6d77693cb3b829aec0a8321d56ada407e2
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Vendor	Manifest	build-time	15:13:34.624+0200	Low
Vendor	Manifest	bundle-symbolicname	junit-jupiter-migrationsupport	Medium
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	build-date	2020-09-13	Low
Vendor	pom	url	https://junit.org/junit5/	Highest
Vendor	file	name	junit-jupiter-migrationsupport	High
Vendor	jar	package name	migrationsupport	Highest
Vendor	pom	name	JUnit Jupiter Migration Support	High
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	jar	package name	jupiter	Highest
Vendor	pom	artifactid	junit-jupiter-migrationsupport	Low
Vendor	jar	package name	junit	Highest
Vendor	pom	groupid	junit.jupiter	Highest
Product	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Product	pom	url	https://junit.org/junit5/	Medium
Product	Manifest	build-time	15:13:34.624+0200	Low
Product	Manifest	bundle-symbolicname	junit-jupiter-migrationsupport	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	build-date	2020-09-13	Low
Product	file	name	junit-jupiter-migrationsupport	High
Product	jar	package name	migrationsupport	Highest
Product	Manifest	Implementation-Title	junit-jupiter-migrationsupport	High
Product	Manifest	specification-title	junit-jupiter-migrationsupport	Medium
Product	pom	name	JUnit Jupiter Migration Support	High
Product	Manifest	Bundle-Name	JUnit Jupiter Migration Support	Medium
Product	pom	artifactid	junit-jupiter-migrationsupport	Highest
Product	jar	package name	jupiter	Highest
Product	jar	package name	junit	Highest
Product	pom	groupid	junit.jupiter	Highest
Version	pom	version	5.7.0	Highest
Version	Manifest	Bundle-Version	5.7.0	High
Version	Manifest	Implementation-Version	5.7.0	High
Version	file	version	5.7.0	High

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter-migrationsupport@5.7.0 (Confidence:High)

junit-jupiter-params-5.7.0.jar

Description:

Module "junit-jupiter-params" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/jenkins/.mvnrepository/org/junit/jupiter/junit-jupiter-params/5.7.0/junit-jupiter-params-5.7.0.jar
MD5: 5584d8379e67651127101893d083596d
SHA1: 521dbecace93d5d7ef13a74aab231befd7954424
SHA256:ca9f555c37b9bf79effd2e834af549e4feb52ad8ac9e348fe5b430d4d8a482b7
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Vendor	pom	name	JUnit Jupiter Params	High
Vendor	Manifest	build-time	15:13:34.624+0200	Low
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	file	name	junit-jupiter-params	High
Vendor	Manifest	build-date	2020-09-13	Low
Vendor	pom	url	https://junit.org/junit5/	Highest
Vendor	pom	groupid	org.junit.jupiter	Highest
Vendor	Manifest	bundle-symbolicname	junit-jupiter-params	Medium
Vendor	jar	package name	params	Highest
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	jar	package name	jupiter	Highest
Vendor	jar	package name	junit	Highest
Vendor	pom	groupid	junit.jupiter	Highest
Vendor	pom	artifactid	junit-jupiter-params	Low
Product	pom	artifactid	junit-jupiter-params	Highest
Product	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Product	pom	name	JUnit Jupiter Params	High
Product	pom	url	https://junit.org/junit5/	Medium
Product	Manifest	build-time	15:13:34.624+0200	Low
Product	Manifest	Implementation-Title	junit-jupiter-params	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	junit-jupiter-params	Medium
Product	file	name	junit-jupiter-params	High
Product	Manifest	build-date	2020-09-13	Low
Product	jar	package name	params	Highest
Product	Manifest	bundle-symbolicname	junit-jupiter-params	Medium
Product	jar	package name	jupiter	Highest
Product	Manifest	Bundle-Name	JUnit Jupiter Params	Medium
Product	jar	package name	junit	Highest
Product	pom	groupid	junit.jupiter	Highest
Version	pom	version	5.7.0	Highest
Version	Manifest	Bundle-Version	5.7.0	High
Version	Manifest	Implementation-Version	5.7.0	High
Version	file	version	5.7.0	High

Identifiers

pkg:maven/org.junit.jupiter/junit-jupiter-params@5.7.0 (Confidence:High)

junit-platform-commons-1.7.0.jar

Description:

Module "junit-platform-commons" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/jenkins/.mvnrepository/org/junit/platform/junit-platform-commons/1.7.0/junit-platform-commons-1.7.0.jar
MD5: d398290c354b2aeb6af8c420eff049c0
SHA1: 84e309fbf21d857aac079a3c1fffd84284e1114d
SHA256:5330ee87cc7586e6e25175a34e9251624ff12ff525269d3415d0b4ca519b6fea
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	platform	Highest
Vendor	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Vendor	Manifest	build-time	15:13:34.624+0200	Low
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	jar	package name	org	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	file	name	junit-platform-commons	High
Vendor	Manifest	build-date	2020-09-13	Low
Vendor	pom	url	https://junit.org/junit5/	Highest
Vendor	jar	package name	commons	Highest
Vendor	Manifest	multi-release	true	Low
Vendor	pom	name	JUnit Platform Commons	High
Vendor	pom	groupid	org.junit.platform	Highest
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	Manifest	bundle-symbolicname	junit-platform-commons	Medium
Vendor	jar	package name	junit	Highest
Vendor	pom	artifactid	junit-platform-commons	Low
Vendor	pom	groupid	junit.platform	Highest
Product	jar	package name	platform	Highest
Product	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Product	pom	url	https://junit.org/junit5/	Medium
Product	Manifest	build-time	15:13:34.624+0200	Low
Product	Manifest	Implementation-Title	junit-platform-commons	High
Product	Manifest	Bundle-Name	JUnit Platform Commons	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	specification-title	junit-platform-commons	Medium
Product	file	name	junit-platform-commons	High
Product	Manifest	build-date	2020-09-13	Low
Product	jar	package name	commons	Highest
Product	Manifest	multi-release	true	Low
Product	pom	name	JUnit Platform Commons	High
Product	pom	artifactid	junit-platform-commons	Highest
Product	Manifest	bundle-symbolicname	junit-platform-commons	Medium
Product	jar	package name	junit	Highest
Product	pom	groupid	junit.platform	Highest
Version	Manifest	Bundle-Version	1.7.0	High
Version	Manifest	Implementation-Version	1.7.0	High
Version	pom	version	1.7.0	Highest
Version	file	version	1.7.0	High

Identifiers

pkg:maven/org.junit.platform/junit-platform-commons@1.7.0 (Confidence:High)

junit-platform-engine-1.7.0.jar

Description:

Module "junit-platform-engine" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/jenkins/.mvnrepository/org/junit/platform/junit-platform-engine/1.7.0/junit-platform-engine-1.7.0.jar
MD5: 499a279ad63eb48941b252d9e1434102
SHA1: eadb73c5074a4ac71061defd00fc176152a4d12c
SHA256:75f21a20dc594afdc875736725b408cec6d0344874d29f34b2dd3075500236f2
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	junit-platform-engine	High
Vendor	jar	package name	platform	Highest
Vendor	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Vendor	Manifest	build-time	15:13:34.624+0200	Low
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	build-date	2020-09-13	Low
Vendor	pom	url	https://junit.org/junit5/	Highest
Vendor	pom	artifactid	junit-platform-engine	Low
Vendor	Manifest	bundle-symbolicname	junit-platform-engine	Medium
Vendor	pom	groupid	org.junit.platform	Highest
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	pom	name	JUnit Platform Engine API	High
Vendor	jar	package name	junit	Highest
Vendor	pom	groupid	junit.platform	Highest
Vendor	jar	package name	engine	Highest
Product	file	name	junit-platform-engine	High
Product	jar	package name	platform	Highest
Product	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Product	pom	url	https://junit.org/junit5/	Medium
Product	Manifest	build-time	15:13:34.624+0200	Low
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	build-date	2020-09-13	Low
Product	pom	artifactid	junit-platform-engine	Highest
Product	Manifest	Bundle-Name	JUnit Platform Engine API	Medium
Product	Manifest	bundle-symbolicname	junit-platform-engine	Medium
Product	jar	package name	filter	Highest
Product	pom	name	JUnit Platform Engine API	High
Product	jar	package name	junit	Highest
Product	Manifest	Implementation-Title	junit-platform-engine	High
Product	pom	groupid	junit.platform	Highest
Product	jar	package name	engine	Highest
Product	Manifest	specification-title	junit-platform-engine	Medium
Version	Manifest	Bundle-Version	1.7.0	High
Version	Manifest	Implementation-Version	1.7.0	High
Version	pom	version	1.7.0	Highest
Version	file	version	1.7.0	High

Identifiers

pkg:maven/org.junit.platform/junit-platform-engine@1.7.0 (Confidence:High)

junit-platform-launcher-1.7.0.jar

Description:

Module "junit-platform-launcher" of JUnit 5.

License:

Eclipse Public License v2.0: https://www.eclipse.org/legal/epl-v20.html

File Path: /home/jenkins/.mvnrepository/org/junit/platform/junit-platform-launcher/1.7.0/junit-platform-launcher-1.7.0.jar
MD5: d1513da85c9dd6c3f22416ec2d1c496b
SHA1: cfd2d9c8b6ff9f3880faad828454cd0166bc12d7
SHA256:fbdc748fde4c4279fe1d3c607447cb3b7ccd45d7338fc574f8a894ddf2d16818
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	platform	Highest
Vendor	pom	name	JUnit Platform Launcher	High
Vendor	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Vendor	Manifest	build-time	15:13:34.624+0200	Low
Vendor	jar	package name	launcher	Highest
Vendor	Manifest	Implementation-Vendor	junit.org	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	Manifest	build-date	2020-09-13	Low
Vendor	pom	artifactid	junit-platform-launcher	Low
Vendor	pom	url	https://junit.org/junit5/	Highest
Vendor	pom	groupid	org.junit.platform	Highest
Vendor	Manifest	specification-vendor	junit.org	Low
Vendor	Manifest	bundle-symbolicname	junit-platform-launcher	Medium
Vendor	jar	package name	junit	Highest
Vendor	pom	groupid	junit.platform	Highest
Vendor	file	name	junit-platform-launcher	High
Product	jar	package name	platform	Highest
Product	pom	name	JUnit Platform Launcher	High
Product	pom	artifactid	junit-platform-launcher	Highest
Product	Manifest	build-revision	a3528756923b588a7ecded2237cb13190229b543	Low
Product	pom	url	https://junit.org/junit5/	Medium
Product	Manifest	build-time	15:13:34.624+0200	Low
Product	jar	package name	launcher	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	Manifest	build-date	2020-09-13	Low
Product	Manifest	Implementation-Title	junit-platform-launcher	High
Product	Manifest	bundle-symbolicname	junit-platform-launcher	Medium
Product	jar	package name	junit	Highest
Product	pom	groupid	junit.platform	Highest
Product	Manifest	specification-title	junit-platform-launcher	Medium
Product	file	name	junit-platform-launcher	High
Product	Manifest	Bundle-Name	JUnit Platform Launcher	Medium
Version	Manifest	Bundle-Version	1.7.0	High
Version	Manifest	Implementation-Version	1.7.0	High
Version	pom	version	1.7.0	Highest
Version	file	version	1.7.0	High

Identifiers

pkg:maven/org.junit.platform/junit-platform-launcher@1.7.0 (Confidence:High)

keycloak-admin-client-9.0.3.jar

File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-admin-client/9.0.3/keycloak-admin-client-9.0.3.jar
MD5: 61a28fd1ca633bbee49d099f65d65862
SHA1: d7f19c2de49e6aa201951a7845d5f8e24973097a
SHA256:5d16705f1f739499769e8ab7cb88b76030431f1f06e0e562442434156b8c359d
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.keycloak	Medium
Vendor	pom	name	Keycloak Admin REST Client	High
Vendor	jar	package name	keycloak	Highest
Vendor	pom	artifactid	keycloak-admin-client	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	groupid	keycloak	Highest
Vendor	pom	groupid	org.keycloak	Highest
Vendor	jar	package name	client	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	parent-artifactid	keycloak-integration-parent	Low
Vendor	jar	package name	admin	Highest
Vendor	pom	parent-groupid	org.keycloak	Medium
Vendor	file	name	keycloak-admin-client	High
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	implementation-url	http://keycloak.org/keycloak-integration-parent/keycloak-admin-client	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	name	Keycloak Admin REST Client	High
Product	jar	package name	keycloak	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-artifactid	keycloak-integration-parent	Medium
Product	pom	groupid	keycloak	Highest
Product	pom	artifactid	keycloak-admin-client	Highest
Product	jar	package name	client	Highest
Product	jar	package name	admin	Highest
Product	pom	parent-groupid	org.keycloak	Medium
Product	file	name	keycloak-admin-client	High
Product	Manifest	implementation-url	http://keycloak.org/keycloak-integration-parent/keycloak-admin-client	Low
Product	Manifest	os-name	Linux	Medium
Product	Manifest	Implementation-Title	Keycloak Admin REST Client	High
Product	Manifest	specification-title	Keycloak Admin REST Client	Medium
Version	Manifest	Implementation-Version	9.0.3	High
Version	file	version	9.0.3	High
Version	pom	version	9.0.3	Highest

Identifiers

pkg:maven/org.keycloak/keycloak-admin-client@9.0.3 (Confidence:High)
cpe:2.3:a:keycloak:keycloak:9.0.3:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:redhat:keycloak:9.0.3:*:*:*:*:*:*:* (Confidence:Highest)

keycloak-common-9.0.3.jar

Description:

Common library and dependencies shared with server and all adapters

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-common/9.0.3/keycloak-common-9.0.3.jar
MD5: 904371bebd3b8d8944e7793087a95357
SHA1: 75406689a282c91c52b258167ec1d1d8d902348e
SHA256:979f8b1c9db5ca8dbb5aa2eac73920e640e575f3090a926c85d29025b458c0ee
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.keycloak	Medium
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	file	name	keycloak-common	High
Vendor	jar	package name	common	Highest
Vendor	jar	package name	keycloak	Highest
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	Manifest	implementation-url	http://keycloak.org/keycloak-common	Low
Vendor	pom	groupid	keycloak	Highest
Vendor	pom	groupid	org.keycloak	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	artifactid	keycloak-common	Low
Vendor	pom	name	Keycloak Common	High
Vendor	pom	parent-groupid	org.keycloak	Medium
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	bundle-symbolicname	org.keycloak.keycloak-common	Medium
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	keycloak-parent	Low
Product	Manifest	specification-title	Keycloak Common	Medium
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	file	name	keycloak-common	High
Product	jar	package name	common	Highest
Product	Manifest	Implementation-Title	Keycloak Common	High
Product	jar	package name	keycloak	Highest
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	pom	artifactid	keycloak-common	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-artifactid	keycloak-parent	Medium
Product	Manifest	implementation-url	http://keycloak.org/keycloak-common	Low
Product	pom	groupid	keycloak	Highest
Product	Manifest	Bundle-Name	Keycloak Common	Medium
Product	pom	name	Keycloak Common	High
Product	pom	parent-groupid	org.keycloak	Medium
Product	Manifest	bundle-symbolicname	org.keycloak.keycloak-common	Medium
Product	Manifest	os-name	Linux	Medium
Version	Manifest	Bundle-Version	9.0.3	High
Version	Manifest	Implementation-Version	9.0.3	High
Version	file	version	9.0.3	High
Version	pom	version	9.0.3	Highest

Identifiers

pkg:maven/org.keycloak/keycloak-common@9.0.3 (Confidence:High)
cpe:2.3:a:keycloak:keycloak:9.0.3:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:redhat:keycloak:9.0.3:*:*:*:*:*:*:* (Confidence:Highest)

keycloak-core-9.0.3.jar

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-core/9.0.3/keycloak-core-9.0.3.jar
MD5: cbfe7dce03d6484b9484fe001f2c9bdb
SHA1: 25064b55a0323c359ab3b3794b2bc656ccb47571
SHA256:a276663e6902c820f3484a18dabb2a9e1094be1306defd9a3a36d11e0ec6d007
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.keycloak	Medium
Vendor	Manifest	implementation-url	http://keycloak.org/keycloak-core	Low
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	pom	name	Keycloak Core	High
Vendor	jar	package name	keycloak	Highest
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	artifactid	keycloak-core	Low
Vendor	pom	groupid	keycloak	Highest
Vendor	pom	groupid	org.keycloak	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	parent-groupid	org.keycloak	Medium
Vendor	file	name	keycloak-core	High
Vendor	Manifest	bundle-symbolicname	org.keycloak.keycloak-core	Medium
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	keycloak-parent	Low
Product	Manifest	implementation-url	http://keycloak.org/keycloak-core	Low
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	pom	name	Keycloak Core	High
Product	jar	package name	keycloak	Highest
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-artifactid	keycloak-parent	Medium
Product	pom	groupid	keycloak	Highest
Product	Manifest	specification-title	Keycloak Core	Medium
Product	Manifest	Bundle-Name	Keycloak Core	Medium
Product	Manifest	Implementation-Title	Keycloak Core	High
Product	pom	parent-groupid	org.keycloak	Medium
Product	file	name	keycloak-core	High
Product	Manifest	bundle-symbolicname	org.keycloak.keycloak-core	Medium
Product	pom	artifactid	keycloak-core	Highest
Product	Manifest	os-name	Linux	Medium
Version	Manifest	Bundle-Version	9.0.3	High
Version	Manifest	Implementation-Version	9.0.3	High
Version	file	version	9.0.3	High
Version	pom	version	9.0.3	Highest

Identifiers

pkg:maven/org.keycloak/keycloak-core@9.0.3 (Confidence:High)
cpe:2.3:a:keycloak:keycloak:9.0.3:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:redhat:keycloak:9.0.3:*:*:*:*:*:*:* (Confidence:Highest)

kubernetes-client-4.7.0.jar

File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-client/4.7.0/kubernetes-client-4.7.0.jar
MD5: 1d356d064e8186b15903298b43e6be1d
SHA1: 12547e58b775e415157315048224be39e3944afa
SHA256:b30d0b9908d4e3f9f6a050d05e568de892f9616de4fecdac131fde3e246bf3c7
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	fabric8	Highest
Vendor	pom	parent-artifactid	kubernetes-client-project	Low
Vendor	jar	package name	kubernetes	Highest
Vendor	pom	name	Fabric8 :: Kubernetes :: Java Client	High
Vendor	pom	artifactid	kubernetes-client	Low
Vendor	file	name	kubernetes-client	High
Vendor	jar	package name	client	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	groupid	io.fabric8	Highest
Vendor	jar	package name	io	Highest
Product	jar	package name	fabric8	Highest
Product	pom	parent-artifactid	kubernetes-client-project	Medium
Product	pom	artifactid	kubernetes-client	Highest
Product	jar	package name	kubernetes	Highest
Product	pom	name	Fabric8 :: Kubernetes :: Java Client	High
Product	file	name	kubernetes-client	High
Product	jar	package name	client	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	groupid	io.fabric8	Highest
Product	jar	package name	io	Highest
Version	pom	version	4.7.0	Highest
Version	file	version	4.7.0	High

Identifiers

pkg:maven/io.fabric8/kubernetes-client@4.7.0 (Confidence:High)
cpe:2.3:a:kubernetes:java:4.7.0:*:*:*:*:*:*:* (Confidence:Low)

kubernetes-model-4.7.0.jar

Description:

Java client for Kubernetes and OpenShift

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model/4.7.0/kubernetes-model-4.7.0.jar
MD5: 87609db8395ebd5136763394a11eb8fc
SHA1: cf4831621a7f61deb5e87c9390ef7b970f16d909
SHA256:1ecfcd2bfd4ddfe457723af295ef5ec7231f02aafb9c8799fa7fb73d446411fe
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Fabric8 :: Kubernetes Model	High
Vendor	jar	package name	fabric8	Highest
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	kubernetes	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	file	name	kubernetes-model	High
Vendor	Manifest	bundle-docurl	http://redhat.com	Low
Vendor	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model/	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	jar	package name	io	Highest
Vendor	Manifest	Implementation-Vendor	Red Hat	High
Vendor	Manifest	bundle-symbolicname	io.fabric8.kubernetes-model	Medium
Vendor	Manifest	Implementation-Vendor-Id	io.fabric8	Medium
Vendor	pom	parent-artifactid	kubernetes-model-generator	Low
Vendor	pom	artifactid	kubernetes-model	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	build-timestamp	${build.datetime}	Low
Vendor	Manifest	specification-vendor	Red Hat	Low
Vendor	pom	groupid	io.fabric8	Highest
Product	pom	name	Fabric8 :: Kubernetes Model	High
Product	jar	package name	fabric8	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	kubernetes	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	file	name	kubernetes-model	High
Product	Manifest	bundle-docurl	http://redhat.com	Low
Product	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model/	Low
Product	jar	package name	io	Highest
Product	Manifest	Implementation-Title	Fabric8 :: Kubernetes Model	High
Product	Manifest	Bundle-Name	Fabric8 :: Kubernetes Model	Medium
Product	Manifest	bundle-symbolicname	io.fabric8.kubernetes-model	Medium
Product	Manifest	specification-title	Fabric8 :: Kubernetes Model	Medium
Product	jar	package name	openshift	Highest
Product	pom	artifactid	kubernetes-model	Highest
Product	Manifest	os-name	Linux	Medium
Product	Manifest	build-timestamp	${build.datetime}	Low
Product	pom	groupid	io.fabric8	Highest
Product	pom	parent-artifactid	kubernetes-model-generator	Medium
Version	pom	version	4.7.0	Highest
Version	file	version	4.7.0	High
Version	Manifest	Bundle-Version	4.7.0	High
Version	Manifest	Implementation-Version	4.7.0	High

Identifiers

pkg:maven/io.fabric8/kubernetes-model@4.7.0 (Confidence:High)
cpe:2.3:a:kubernetes:java:4.7.0:*:*:*:*:*:*:* (Confidence:Low)

kubernetes-model-common-4.7.0.jar

File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model-common/4.7.0/kubernetes-model-common-4.7.0.jar
MD5: 1845c2fd17622c1f9980ddbf3183e84e
SHA1: 38e88a4bdf0d4a77089927494aa60358b8b66455
SHA256:b5bdb86d95feba870016a67304f822a26112db7c30eb4bc656ef502a44a660f3
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Fabric8 :: Kubernetes Model :: Common	High
Vendor	jar	package name	fabric8	Highest
Vendor	Manifest	os-arch	amd64	Low
Vendor	file	name	kubernetes-model-common	High
Vendor	jar	package name	kubernetes	Highest
Vendor	Manifest	build-timestamp	Wed, 8 Jan 2020 13:20:45 +0000	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	jar	package name	model	Highest
Vendor	Manifest	Implementation-Vendor	Red Hat	High
Vendor	jar	package name	io	Highest
Vendor	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/	Low
Vendor	pom	parent-artifactid	kubernetes-model-generator	Low
Vendor	pom	artifactid	kubernetes-model-common	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	specification-vendor	Red Hat	Low
Vendor	pom	groupid	io.fabric8	Highest
Product	pom	name	Fabric8 :: Kubernetes Model :: Common	High
Product	jar	package name	fabric8	Highest
Product	Manifest	os-arch	amd64	Low
Product	file	name	kubernetes-model-common	High
Product	jar	package name	kubernetes	Highest
Product	Manifest	build-timestamp	Wed, 8 Jan 2020 13:20:45 +0000	Low
Product	jar	package name	model	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Fabric8 :: Kubernetes Model :: Common	High
Product	Manifest	specification-title	Fabric8 :: Kubernetes Model :: Common	Medium
Product	jar	package name	io	Highest
Product	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/	Low
Product	pom	artifactid	kubernetes-model-common	Highest
Product	Manifest	os-name	Linux	Medium
Product	pom	groupid	io.fabric8	Highest
Product	pom	parent-artifactid	kubernetes-model-generator	Medium
Version	pom	version	4.7.0	Highest
Version	file	version	4.7.0	High
Version	Manifest	Implementation-Version	4.7.0	High

Identifiers

pkg:maven/io.fabric8/kubernetes-model-common@4.7.0 (Confidence:High)

listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar

Description:

    An empty artifact that Guava depends on to signal that it is providing
    ListenableFuture -- but is also available in a second "version" that
    contains com.google.common.util.concurrent.ListenableFuture class, without
    any other Guava classes. The idea is:

    - If users want only ListenableFuture, they depend on listenablefuture-1.0.

    - If users want all of Guava, they depend on guava, which, as of Guava
    27.0, depends on
    listenablefuture-9999.0-empty-to-avoid-conflict-with-guava. The 9999.0-...
    version number is enough for some build systems (notably, Gradle) to select
    that empty artifact over the "real" listenablefuture-1.0 -- avoiding a
    conflict with the copy of ListenableFuture in guava itself. If users are
    using an older version of Guava or a build system other than Gradle, they
    may see class conflicts. If so, they can solve them by manually excluding
    the listenablefuture artifact or manually forcing their build systems to
    use 9999.0-....

File Path: /home/jenkins/.mvnrepository/com/google/guava/listenablefuture/9999.0-empty-to-avoid-conflict-with-guava/listenablefuture-9999.0-empty-to-avoid-conflict-with-guava.jar
MD5: d094c22570d65e132c19cea5d352e381
SHA1: b421526c5f297295adef1c886e5246c39d4ac629
SHA256:b372a037d4230aa57fbeffdef30fd6123f9c0c2db85d0aced00c91b974f33f99
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	parent-artifactid	guava-parent	Low
Vendor	pom	groupid	google.guava	Highest
Vendor	pom	artifactid	listenablefuture	Low
Vendor	file	name	listenablefuture	High
Vendor	pom	groupid	com.google.guava	Highest
Vendor	pom	parent-groupid	com.google.guava	Medium
Vendor	pom	name	Guava ListenableFuture only	High
Product	pom	artifactid	listenablefuture	Highest
Product	pom	groupid	google.guava	Highest
Product	file	name	listenablefuture	High
Product	pom	parent-artifactid	guava-parent	Medium
Product	pom	parent-groupid	com.google.guava	Medium
Product	pom	name	Guava ListenableFuture only	High
Version	pom	parent-version	9999.0-empty-to-avoid-conflict-with-guava	Low
Version	pom	version	9999.0-empty-to-avoid-conflict-with-guava	Highest

Identifiers

pkg:maven/com.google.guava/listenablefuture@9999.0-empty-to-avoid-conflict-with-guava (Confidence:High)

logging-interceptor-3.12.1.jar

File Path: /home/jenkins/.mvnrepository/com/squareup/okhttp3/logging-interceptor/3.12.1/logging-interceptor-3.12.1.jar
MD5: 73b31646886b0efe515b3aad96d90077
SHA1: f0304756a8d9f745fd7de3f82a32090cf5b71166
SHA256:fa455a235aa7af3327babe3f0523a05dca76b71ec88c6d548fa92927efdf6cda
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	logging	Highest
Vendor	Manifest	automatic-module-name	okhttp3.logging	Medium
Vendor	pom	parent-artifactid	parent	Low
Vendor	file	name	logging-interceptor	High
Vendor	pom	groupid	squareup.okhttp3	Highest
Vendor	pom	artifactid	logging-interceptor	Low
Vendor	pom	groupid	com.squareup.okhttp3	Highest
Vendor	jar	package name	okhttp3	Highest
Vendor	pom	name	OkHttp Logging Interceptor	High
Vendor	pom	parent-groupid	com.squareup.okhttp3	Medium
Product	jar	package name	logging	Highest
Product	Manifest	automatic-module-name	okhttp3.logging	Medium
Product	file	name	logging-interceptor	High
Product	pom	groupid	squareup.okhttp3	Highest
Product	pom	parent-artifactid	parent	Medium
Product	jar	package name	okhttp3	Highest
Product	pom	name	OkHttp Logging Interceptor	High
Product	pom	artifactid	logging-interceptor	Highest
Product	pom	parent-groupid	com.squareup.okhttp3	Medium
Version	pom	version	3.12.1	Highest
Version	file	version	3.12.1	High

Identifiers

pkg:maven/com.squareup.okhttp3/logging-interceptor@3.12.1 (Confidence:High)
cpe:2.3:a:squareup:okhttp:3.12.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:squareup:okhttp3:3.12.1:*:*:*:*:*:*:* (Confidence:Highest)

microprofile-config-api-1.3.jar

Description:

MicroProfile Config :: API

License:

Apache License, Version 2.0

File Path: /home/jenkins/.mvnrepository/org/eclipse/microprofile/config/microprofile-config-api/1.3/microprofile-config-api-1.3.jar
MD5: 21a30777482d84e5682181ef404a0fd9
SHA1: 5813ff0cf78ee03b483887ebf63084ae195f332f
SHA256:6a1bf1548909e97d4866847cf8e96e2f30d15b959a68c95385daccba8abe3072
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	microprofile	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	file	name	microprofile-config-api	High
Vendor	jar	package name	config	Highest
Vendor	pom	parent-artifactid	microprofile-config-parent	Low
Vendor	Manifest	bundle-symbolicname	org.eclipse.microprofile.config	Medium
Vendor	pom	parent-groupid	org.eclipse.microprofile.config	Medium
Vendor	pom	groupid	org.eclipse.microprofile.config	Highest
Vendor	jar	package name	eclipse	Highest
Vendor	pom	groupid	eclipse.microprofile.config	Highest
Vendor	pom	artifactid	microprofile-config-api	Low
Vendor	pom	name	MicroProfile Config API	High
Product	jar	package name	microprofile	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	file	name	microprofile-config-api	High
Product	jar	package name	config	Highest
Product	pom	parent-artifactid	microprofile-config-parent	Medium
Product	Manifest	bundle-symbolicname	org.eclipse.microprofile.config	Medium
Product	pom	parent-groupid	org.eclipse.microprofile.config	Medium
Product	jar	package name	eclipse	Highest
Product	pom	groupid	eclipse.microprofile.config	Highest
Product	Manifest	Bundle-Name	MicroProfile Config Bundle	Medium
Product	pom	name	MicroProfile Config API	High
Product	pom	artifactid	microprofile-config-api	Highest
Version	pom	version	1.3	Highest
Version	file	version	1.3	High

Identifiers

pkg:maven/org.eclipse.microprofile.config/microprofile-config-api@1.3 (Confidence:High)

microprofile-context-propagation-api-1.0.1.jar

Description:

MicroProfile Context Propagation :: API

File Path: /home/jenkins/.mvnrepository/org/eclipse/microprofile/context-propagation/microprofile-context-propagation-api/1.0.1/microprofile-context-propagation-api-1.0.1.jar
MD5: 7fa031f7effbfc699e51e0e6283b5340
SHA1: b7825e202a09dfb9dbb4b0e65b74237ab1fc6cec
SHA256:1731627424ac020eb9f2fc3b82df8b984315387cdc0488bbf3f7a86eecfacb49
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	microprofile-context-propagation-api	High
Vendor	jar	package name	microprofile	Highest
Vendor	jar	package name	context	Highest
Vendor	jar	package name	context	Low
Vendor	pom	groupid	org.eclipse.microprofile.context-propagation	Highest
Vendor	pom	groupid	eclipse.microprofile.context-propagation	Highest
Vendor	pom	parent-groupid	org.eclipse.microprofile.context-propagation	Medium
Vendor	pom	parent-artifactid	microprofile-context-propagation-parent	Low
Vendor	jar	package name	microprofile	Low
Vendor	pom	artifactid	microprofile-context-propagation-api	Low
Vendor	jar	package name	eclipse	Highest
Vendor	jar	package name	eclipse	Low
Vendor	pom	name	MicroProfile Context Propagation	High
Product	file	name	microprofile-context-propagation-api	High
Product	pom	parent-artifactid	microprofile-context-propagation-parent	Medium
Product	jar	package name	microprofile	Highest
Product	jar	package name	context	Highest
Product	jar	package name	context	Low
Product	pom	groupid	eclipse.microprofile.context-propagation	Highest
Product	pom	parent-groupid	org.eclipse.microprofile.context-propagation	Medium
Product	jar	package name	microprofile	Low
Product	jar	package name	spi	Low
Product	jar	package name	eclipse	Highest
Product	pom	artifactid	microprofile-context-propagation-api	Highest
Product	pom	name	MicroProfile Context Propagation	High
Version	file	version	1.0.1	High
Version	pom	version	1.0.1	Highest

Identifiers

pkg:maven/org.eclipse.microprofile.context-propagation/microprofile-context-propagation-api@1.0.1 (Confidence:High)

msg-simple-1.1.jar

Description:

null

License:

Lesser General Public License, version 3 or greater: http://www.gnu.org/licenses/lgpl.html
Apache Software License, version 2.0: http://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/com/github/fge/msg-simple/1.1/msg-simple-1.1.jar
MD5: b0d8d70468edff2e223b3d2f07cc5de1
SHA1: f261263e13dd4cfa93cc6b83f1f58f619097a2c4
SHA256:c3c5add3971a9a7f1868beb7607780d73f36bb611c7505de01f1baf49ab4ff75
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	fge	Highest
Vendor	pom	name	null	High
Vendor	pom	url	fge/msg-simple	Highest
Vendor	jar	package name	github	Highest
Vendor	pom	groupid	com.github.fge	Highest
Vendor	Manifest	bundle-symbolicname	com.github.fge.msg-simple	Medium
Vendor	pom	artifactid	msg-simple	Low
Vendor	file	name	msg-simple	High
Vendor	pom	groupid	github.fge	Highest
Product	jar	package name	fge	Highest
Product	pom	name	null	High
Product	pom	url	fge/msg-simple	High
Product	Manifest	Bundle-Name	msg-simple	Medium
Product	jar	package name	github	Highest
Product	Manifest	bundle-symbolicname	com.github.fge.msg-simple	Medium
Product	pom	artifactid	msg-simple	Highest
Product	file	name	msg-simple	High
Product	pom	groupid	github.fge	Highest
Version	pom	version	1.1	Highest
Version	Manifest	Bundle-Version	1.1	High
Version	file	version	1.1	High

Identifiers

pkg:maven/com.github.fge/msg-simple@1.1 (Confidence:High)

okhttp-3.12.1.jar

File Path: /home/jenkins/.mvnrepository/com/squareup/okhttp3/okhttp/3.12.1/okhttp-3.12.1.jar
MD5: 8e397d184bcca38deb5c06122d10adc5
SHA1: dc6d02e4e68514eff5631963e28ca7742ac69efe
SHA256:07c3d82ca7eaf4722f00b2da807dc7860f6169ae60cfedcf5d40218f90880a46
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	automatic-module-name	okhttp3	Medium
Vendor	pom	parent-artifactid	parent	Low
Vendor	pom	artifactid	okhttp	Low
Vendor	file	name	okhttp	High
Vendor	pom	groupid	squareup.okhttp3	Highest
Vendor	pom	name	OkHttp	High
Vendor	pom	groupid	com.squareup.okhttp3	Highest
Vendor	jar	package name	okhttp3	Highest
Vendor	pom	parent-groupid	com.squareup.okhttp3	Medium
Product	Manifest	automatic-module-name	okhttp3	Medium
Product	pom	artifactid	okhttp	Highest
Product	file	name	okhttp	High
Product	pom	groupid	squareup.okhttp3	Highest
Product	pom	parent-artifactid	parent	Medium
Product	pom	name	OkHttp	High
Product	jar	package name	okhttp3	Highest
Product	pom	parent-groupid	com.squareup.okhttp3	Medium
Version	pom	version	3.12.1	Highest
Version	file	version	3.12.1	High

Identifiers

pkg:maven/com.squareup.okhttp3/okhttp@3.12.1 (Confidence:High)
cpe:2.3:a:squareup:okhttp:3.12.1:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:squareup:okhttp3:3.12.1:*:*:*:*:*:*:* (Confidence:Highest)

okio-1.15.0.jar

File Path: /home/jenkins/.mvnrepository/com/squareup/okio/okio/1.15.0/okio-1.15.0.jar
MD5: e8ddbcb79210050527c2eda7562e63ce
SHA1: bc28b5a964c8f5721eb58ee3f3c47a9bcbf4f4d8
SHA256:693fa319a7e8843300602b204023b7674f106ebcb577f2dd5807212b66118bd2
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	okio	Highest
Vendor	pom	groupid	squareup.okio	Highest
Vendor	pom	artifactid	okio	Low
Vendor	pom	name	Okio	High
Vendor	pom	parent-groupid	com.squareup.okio	Medium
Vendor	pom	parent-artifactid	okio-parent	Low
Vendor	pom	groupid	com.squareup.okio	Highest
Vendor	file	name	okio	High
Vendor	Manifest	automatic-module-name	okio	Medium
Product	pom	artifactid	okio	Highest
Product	jar	package name	okio	Highest
Product	pom	groupid	squareup.okio	Highest
Product	pom	parent-artifactid	okio-parent	Medium
Product	pom	name	Okio	High
Product	pom	parent-groupid	com.squareup.okio	Medium
Product	file	name	okio	High
Product	Manifest	automatic-module-name	okio	Medium
Version	file	version	1.15.0	High
Version	pom	version	1.15.0	Highest

Identifiers

pkg:maven/com.squareup.okio/okio@1.15.0 (Confidence:High)

opentest4j-1.2.0.jar

Description:

Open Test Alliance for the JVM

License:

The Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/opentest4j/opentest4j/1.2.0/opentest4j-1.2.0.jar
MD5: 45c9a837c21f68e8c93e85b121e2fb90
SHA1: 28c11eb91f9b6d8e200631d46e20a7f407f2a046
SHA256:58812de60898d976fb81ef3b62da05c6604c18fd4a249f5044282479fc286af2
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	opentest4j	Low
Vendor	pom	name	org.opentest4j:opentest4j	High
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	pom	groupid	org.opentest4j	Highest
Vendor	Manifest	build-time	21:23:52.218+0200	Low
Vendor	Manifest	Implementation-Vendor	opentest4j.org	High
Vendor	pom	url	ota4j-team/opentest4j	Highest
Vendor	Manifest	build-date	2019-06-06	Low
Vendor	jar	package name	opentest4j	Highest
Vendor	Manifest	build-revision	75136304fab712895090c9c4678dc72ccbcb5e21	Low
Vendor	file	name	opentest4j	High
Vendor	Manifest	bundle-symbolicname	org.opentest4j	Medium
Vendor	pom	groupid	opentest4j	Highest
Vendor	Manifest	specification-vendor	opentest4j.org	Low
Product	pom	name	org.opentest4j:opentest4j	High
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	Manifest	Bundle-Name	opentest4j	Medium
Product	Manifest	build-time	21:23:52.218+0200	Low
Product	Manifest	build-date	2019-06-06	Low
Product	pom	artifactid	opentest4j	Highest
Product	jar	package name	opentest4j	Highest
Product	Manifest	build-revision	75136304fab712895090c9c4678dc72ccbcb5e21	Low
Product	file	name	opentest4j	High
Product	Manifest	Implementation-Title	opentest4j	High
Product	Manifest	bundle-symbolicname	org.opentest4j	Medium
Product	pom	url	ota4j-team/opentest4j	High
Product	pom	groupid	opentest4j	Highest
Product	Manifest	specification-title	opentest4j	Medium
Version	pom	version	1.2.0	Highest
Version	Manifest	Bundle-Version	1.2.0	High
Version	file	version	1.2.0	High
Version	Manifest	Implementation-Version	1.2.0	High

Identifiers

pkg:maven/org.opentest4j/opentest4j@1.2.0 (Confidence:High)

postgresql-42.2.14.jar

Description:

PostgreSQL JDBC Driver Postgresql

License:

BSD-2-Clause: https://jdbc.postgresql.org/about/license.html

File Path: /home/jenkins/.mvnrepository/org/postgresql/postgresql/42.2.14/postgresql-42.2.14.jar
MD5: 79869645ab65d5ef28024fc96bb1ce28
SHA1: 45fa6eef266aa80024ef2ab3688d9faa38c642e5
SHA256:48bbba05845b40bcce66ece3d7652153d27b5379d5ae90977b78eefd7c7a0287
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	postgresql	Low
Vendor	pom	organization name	PostgreSQL Global Development Group	High
Vendor	pom	groupid	postgresql	Highest
Vendor	pom	groupid	org.postgresql	Highest
Vendor	Manifest	Implementation-Vendor	PostgreSQL Global Development Group	High
Vendor	jar	package name	driver	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.postgresql	Medium
Vendor	jar	package name	jdbc	Highest
Vendor	Manifest	automatic-module-name	org.postgresql.jdbc	Medium
Vendor	Manifest	bundle-docurl	https://jdbc.postgresql.org/	Low
Vendor	pom	name	PostgreSQL JDBC Driver	High
Vendor	Manifest	bundle-copyright	Copyright (c) 2003-2020, PostgreSQL Global Development Group	Low
Vendor	file	name	postgresql	High
Vendor	jar	package name	postgresql	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(\|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))"	Low
Vendor	Manifest	provide-capability	osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory"	Low
Vendor	Manifest	specification-vendor	Oracle Corporation	Low
Vendor	pom	organization url	https://jdbc.postgresql.org/	Medium
Vendor	pom	url	https://jdbc.postgresql.org	Highest
Vendor	Manifest	bundle-symbolicname	org.postgresql.jdbc	Medium
Product	Manifest	Implementation-Title	PostgreSQL JDBC Driver	High
Product	pom	groupid	postgresql	Highest
Product	Manifest	Bundle-Name	PostgreSQL JDBC Driver	Medium
Product	jar	package name	driver	Highest
Product	jar	package name	jdbc	Highest
Product	Manifest	automatic-module-name	org.postgresql.jdbc	Medium
Product	Manifest	bundle-docurl	https://jdbc.postgresql.org/	Low
Product	pom	artifactid	postgresql	Highest
Product	jar	package name	osgi	Highest
Product	pom	name	PostgreSQL JDBC Driver	High
Product	jar	package name	version	Highest
Product	pom	organization name	PostgreSQL Global Development Group	Low
Product	Manifest	bundle-copyright	Copyright (c) 2003-2020, PostgreSQL Global Development Group	Low
Product	file	name	postgresql	High
Product	jar	package name	postgresql	Highest
Product	pom	url	https://jdbc.postgresql.org	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(\|(osgi.ee=J2SE)(osgi.ee=JavaSE))(version>=1.8))"	Low
Product	Manifest	provide-capability	osgi.service;effective:=active;objectClass="org.osgi.service.jdbc.DataSourceFactory"	Low
Product	Manifest	bundle-symbolicname	org.postgresql.jdbc	Medium
Product	Manifest	specification-title	JDBC	Medium
Product	pom	organization url	https://jdbc.postgresql.org/	Low
Version	Manifest	Implementation-Version	42.2.14	High
Version	pom	version	42.2.14	Highest
Version	file	version	42.2.14	High
Version	Manifest	Bundle-Version	42.2.14	High

Identifiers

pkg:maven/org.postgresql/postgresql@42.2.14 (Confidence:High)
cpe:2.3:a:postgresql:postgresql:42.2.14:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:postgresql:postgresql_jdbc_driver:42.2.14:*:*:*:*:*:*:* (Confidence:Low)

quarkus-arc-1.2.0.Final.jar

Description:

Build time CDI dependency injection

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-arc/1.2.0.Final/quarkus-arc-1.2.0.Final.jar
MD5: de77bd4f237b2efcf13d7554829541e4
SHA1: fcabaf0c5a861f5cd0980f22a6f435dcf29fc953
SHA256:e93823a596983132117f966bda5f15c3f69f99f59ffdef3d0b2a4a154b9400fc
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc	Low
Vendor	pom	parent-artifactid	quarkus-arc-parent	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	jar	package name	runtime	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	artifactid	quarkus-arc	Low
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	jar	package name	arc	Highest
Vendor	pom	name	Quarkus - ArC - Runtime	High
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	file	name	quarkus-arc	High
Vendor	pom	groupid	io.quarkus	Highest
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc	Low
Product	Manifest	Implementation-Title	Quarkus - ArC - Runtime	High
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	Manifest	specification-title	Quarkus - ArC - Runtime	Medium
Product	pom	artifactid	quarkus-arc	Highest
Product	jar	package name	runtime	Highest
Product	jar	package name	arc	Highest
Product	jar	package name	io	Highest
Product	pom	name	Quarkus - ArC - Runtime	High
Product	Manifest	os-name	Linux	Medium
Product	file	name	quarkus-arc	High
Product	pom	parent-artifactid	quarkus-arc-parent	Medium
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Identifiers

pkg:maven/io.quarkus/quarkus-arc@1.2.0.Final (Confidence:High)
cpe:2.3:a:arc_project:arc:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:quarkus:quarkus:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)

quarkus-core-1.2.0.Final.jar

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-core/1.2.0.Final/quarkus-core-1.2.0.Final.jar
MD5: 995fbfc0f4271f21957f67ed13f3cd99
SHA1: ffef221351007b5a644241ebfcc9fd938755b801
SHA256:3aaf703ac1f70a5dfb1e5d3eb9ead5d715ca208633dd95f9cfdc5b90883170da
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	quarkus-core	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	pom	parent-artifactid	quarkus-core-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	jar	package name	runtime	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core	Low
Vendor	pom	artifactid	quarkus-core	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	name	Quarkus - Core - Runtime	High
Vendor	pom	groupid	io.quarkus	Highest
Product	pom	artifactid	quarkus-core	Highest
Product	pom	parent-artifactid	quarkus-core-parent	Medium
Product	file	name	quarkus-core	High
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	runtime	Highest
Product	jar	package name	io	Highest
Product	Manifest	Implementation-Title	Quarkus - Core - Runtime	High
Product	Manifest	specification-title	Quarkus - Core - Runtime	Medium
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core	Low
Product	Manifest	os-name	Linux	Medium
Product	pom	name	Quarkus - Core - Runtime	High
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Identifiers

pkg:maven/io.quarkus/quarkus-core@1.2.0.Final (Confidence:High)
cpe:2.3:a:quarkus:quarkus:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)

quarkus-jackson-1.2.0.Final.jar

Description:

Jackson Databind support

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-jackson/1.2.0.Final/quarkus-jackson-1.2.0.Final.jar
MD5: 25ef78d56d890aec97cffe91a5eae0c8
SHA1: e90c574855ea58b882d1c5b7d1e7a48b689ffeda
SHA256:6efb762c51ef1858de941b24a0591b9c998ab20ecb53d237968e8784ba0a38e7
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	quarkus-jackson	Low
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	pom	parent-artifactid	quarkus-jackson-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	file	name	quarkus-jackson	High
Vendor	pom	name	Quarkus - Jackson - Runtime	High
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	jar	package name	jackson	Highest
Vendor	pom	groupid	io.quarkus	Highest
Product	pom	parent-artifactid	quarkus-jackson-parent	Medium
Product	Manifest	specification-title	Quarkus - Jackson - Runtime	Medium
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson	Low
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	io	Highest
Product	pom	artifactid	quarkus-jackson	Highest
Product	file	name	quarkus-jackson	High
Product	pom	name	Quarkus - Jackson - Runtime	High
Product	Manifest	Implementation-Title	Quarkus - Jackson - Runtime	High
Product	Manifest	os-name	Linux	Medium
Product	jar	package name	jackson	Highest
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Identifiers

pkg:maven/io.quarkus/quarkus-jackson@1.2.0.Final (Confidence:High)
cpe:2.3:a:quarkus:quarkus:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)

quarkus-kubernetes-client-1.2.0.Final.jar

Description:

Interact with Kubernetes and develop Kubernetes Operators

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-kubernetes-client/1.2.0.Final/quarkus-kubernetes-client-1.2.0.Final.jar
MD5: 97a853c124da7945e41c4778a5eb7042
SHA1: 40431f242fa7153056cf42b97769833ca99399c1
SHA256:3d61a02e62a1d205f22a47c515d52ee540ddf3b8ef45c6382591ecda9bdb062d
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	quarkus-kubernetes-client	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	jar	package name	kubernetes	Highest
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	jar	package name	client	Highest
Vendor	pom	parent-artifactid	quarkus-kubernetes-client-parent	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client	Low
Vendor	pom	name	Quarkus - Kubernetes Client - Runtime	High
Vendor	pom	artifactid	quarkus-kubernetes-client	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	groupid	io.quarkus	Highest
Product	pom	artifactid	quarkus-kubernetes-client	Highest
Product	pom	parent-artifactid	quarkus-kubernetes-client-parent	Medium
Product	file	name	quarkus-kubernetes-client	High
Product	Manifest	Implementation-Title	Quarkus - Kubernetes Client - Runtime	High
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	Manifest	specification-title	Quarkus - Kubernetes Client - Runtime	Medium
Product	jar	package name	kubernetes	Highest
Product	jar	package name	client	Highest
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client	Low
Product	jar	package name	io	Highest
Product	pom	name	Quarkus - Kubernetes Client - Runtime	High
Product	Manifest	os-name	Linux	Medium
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Identifiers

pkg:maven/io.quarkus/quarkus-kubernetes-client@1.2.0.Final (Confidence:High)
cpe:2.3:a:quarkus:quarkus:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)
cpe:2.3:a:redhat:kubernetes-client:1.2.0:*:*:*:*:*:*:* (Confidence:Highest)

reactive-streams-1.0.3.jar

Description:

A Protocol for Asynchronous Non-Blocking Data Sequence

License:

CC0: http://creativecommons.org/publicdomain/zero/1.0/

File Path: /home/jenkins/.mvnrepository/org/reactivestreams/reactive-streams/1.0.3/reactive-streams-1.0.3.jar
MD5: 69122b098fff1c6b1bf2cd3b355e7e03
SHA1: d9fb7a7926ffa635b3dcaa5049fb2bfa25b3e7d0
SHA256:1dee0481072d19c929b623e155e14d2f6085dc011529a0a0dbefc84cf571d865
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	automatic-module-name	org.reactivestreams	Medium
Vendor	pom	name	reactive-streams	High
Vendor	Manifest	bundle-symbolicname	org.reactivestreams.reactive-streams	Medium
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Vendor	jar	package name	reactivestreams	Highest
Vendor	Manifest	bundle-docurl	http://reactive-streams.org	Low
Vendor	pom	groupid	org.reactivestreams	Highest
Vendor	pom	groupid	reactivestreams	Highest
Vendor	pom	url	http://www.reactive-streams.org/	Highest
Vendor	file	name	reactive-streams	High
Vendor	pom	artifactid	reactive-streams	Low
Product	Manifest	automatic-module-name	org.reactivestreams	Medium
Product	pom	name	reactive-streams	High
Product	Manifest	bundle-symbolicname	org.reactivestreams.reactive-streams	Medium
Product	Manifest	Bundle-Name	reactive-streams	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.6))"	Low
Product	jar	package name	reactivestreams	Highest
Product	Manifest	bundle-docurl	http://reactive-streams.org	Low
Product	pom	artifactid	reactive-streams	Highest
Product	pom	groupid	reactivestreams	Highest
Product	file	name	reactive-streams	High
Product	pom	url	http://www.reactive-streams.org/	Medium
Version	file	version	1.0.3	High
Version	pom	version	1.0.3	Highest
Version	Manifest	Bundle-Version	1.0.3	High

Identifiers

pkg:maven/org.reactivestreams/reactive-streams@1.0.3 (Confidence:High)

resteasy-client-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-client/3.15.0.Final/resteasy-client-3.15.0.Final.jar
MD5: d29a786f1921d924f27025e29bbb4961
SHA1: 8ac39445e8806bd82006877d1e987e303bb14efd
SHA256:ddd4087c2d16fbcbd208b3fd2f3ced8e4def72018253cb0f149f47981074f11e
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	pom	artifactid	resteasy-client	Low
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	jar	package name	client	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	jar	package name	jaxrs	Highest
Vendor	pom	name	RESTEasy JAX-RS Client	High
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-client	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	file	name	resteasy-client	High
Vendor	Manifest	os-name	Linux	Medium
Product	Manifest	specification-title	RESTEasy JAX-RS Client	Medium
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	artifactid	resteasy-client	Highest
Product	jar	package name	jboss	Highest
Product	jar	package name	client	Highest
Product	Manifest	Implementation-Title	RESTEasy JAX-RS Client	High
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	jar	package name	jaxrs	Highest
Product	pom	name	RESTEasy JAX-RS Client	High
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-client	Low
Product	file	name	resteasy-client	High
Product	Manifest	os-name	Linux	Medium
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Identifiers

pkg:maven/org.jboss.resteasy/resteasy-client@3.15.0.Final (Confidence:High)
cpe:2.3:a:redhat:resteasy:3.15.0:*:*:*:*:*:*:* (Confidence:Highest)

resteasy-jackson2-provider-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jackson2-provider/3.15.0.Final/resteasy-jackson2-provider-3.15.0.Final.jar
MD5: 12d04533eda2a68f6a0eafeb15c76b8f
SHA1: 149e9ba330b467f1992c612fbc294298edb7a59f
SHA256:ec21a99def3e4f49e509a482cef139402b1a25ae12e86ed724cc694da3f6a57a
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-jackson2-provider	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	jar	package name	jboss	Highest
Vendor	pom	artifactid	resteasy-jackson2-provider	Low
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	file	name	resteasy-jackson2-provider	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	name	RESTEasy Jackson 2 Provider	High
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-jackson2-provider	Low
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	Manifest	specification-title	RESTEasy Jackson 2 Provider	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	Manifest	Implementation-Title	RESTEasy Jackson 2 Provider	High
Product	jar	package name	jboss	Highest
Product	pom	artifactid	resteasy-jackson2-provider	Highest
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	file	name	resteasy-jackson2-provider	High
Product	Manifest	os-name	Linux	Medium
Product	pom	name	RESTEasy Jackson 2 Provider	High
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Identifiers

pkg:maven/org.jboss.resteasy/resteasy-jackson2-provider@3.15.0.Final (Confidence:High)
cpe:2.3:a:redhat:resteasy:3.15.0:*:*:*:*:*:*:* (Confidence:Highest)

resteasy-jaxb-provider-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxb-provider/3.15.0.Final/resteasy-jaxb-provider-3.15.0.Final.jar
MD5: e9b168cca34f3dc197b04db792427469
SHA1: cfea315075875de8fb54f833b72ec05b6c69b30d
SHA256:4ee1d651db94fb9f8207a3d0aa77a469c4a011be470d44cc43809a1c1e83e3e9
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	file	name	resteasy-jaxb-provider	High
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxb-provider	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	artifactid	resteasy-jaxb-provider	Low
Vendor	pom	name	RESTEasy JAXB Provider	High
Product	Manifest	specification-title	RESTEasy JAXB Provider	Medium
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	jboss	Highest
Product	file	name	resteasy-jaxb-provider	High
Product	Manifest	Implementation-Title	RESTEasy JAXB Provider	High
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	pom	artifactid	resteasy-jaxb-provider	Highest
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxb-provider	Low
Product	Manifest	os-name	Linux	Medium
Product	pom	name	RESTEasy JAXB Provider	High
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Identifiers

pkg:maven/org.jboss.resteasy/resteasy-jaxb-provider@3.15.0.Final (Confidence:High)
cpe:2.3:a:redhat:resteasy:3.15.0:*:*:*:*:*:*:* (Confidence:Highest)

resteasy-jaxrs-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxrs/3.15.0.Final/resteasy-jaxrs-3.15.0.Final.jar
MD5: 0745397d0abe02d81e4bd73c40cb0b79
SHA1: 3b74a65a99102ddd7e57b0ad2ab747c15a9aa571
SHA256:deb50838eb19788b1e6ae15a181a6aafba770040f95ea3937e74c9d478ce74ce
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	pom	name	RESTEasy JAX-RS Implementation	High
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	file	name	resteasy-jaxrs	High
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	jar	package name	jaxrs	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxrs	Low
Vendor	pom	artifactid	resteasy-jaxrs	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	name	RESTEasy JAX-RS Implementation	High
Product	jar	package name	jboss	Highest
Product	file	name	resteasy-jaxrs	High
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	jar	package name	jaxrs	Highest
Product	pom	artifactid	resteasy-jaxrs	Highest
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxrs	Low
Product	Manifest	Implementation-Title	RESTEasy JAX-RS Implementation	High
Product	Manifest	specification-title	RESTEasy JAX-RS Implementation	Medium
Product	Manifest	os-name	Linux	Medium
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Identifiers

pkg:maven/org.jboss.resteasy/resteasy-jaxrs@3.15.0.Final (Confidence:High)
cpe:2.3:a:redhat:resteasy:3.15.0:*:*:*:*:*:*:* (Confidence:Highest)

resteasy-multipart-provider-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-multipart-provider/3.15.0.Final/resteasy-multipart-provider-3.15.0.Final.jar
MD5: c442a9d90e994fd973394bb5fd6921af
SHA1: 1517ad86cab1647866c594d9cc2103323ecb9e82
SHA256:30dd1f984ce5f7b751408b5badf7365485f400db6e802cb5c5bceba4aa01df82
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	pom	name	RESTEasy Multipart Provider	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	file	name	resteasy-multipart-provider	High
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-multipart-provider	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	artifactid	resteasy-multipart-provider	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	name	RESTEasy Multipart Provider	High
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	file	name	resteasy-multipart-provider	High
Product	jar	package name	jboss	Highest
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	Manifest	specification-title	RESTEasy Multipart Provider	Medium
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-multipart-provider	Low
Product	Manifest	Implementation-Title	RESTEasy Multipart Provider	High
Product	Manifest	os-name	Linux	Medium
Product	pom	artifactid	resteasy-multipart-provider	Highest
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Identifiers

pkg:maven/org.jboss.resteasy/resteasy-multipart-provider@3.15.0.Final (Confidence:High)
cpe:2.3:a:redhat:resteasy:3.15.0:*:*:*:*:*:*:* (Confidence:Highest)

slf4j-api-1.7.16.jar

Description:

The slf4j API

File Path: /home/jenkins/.mvnrepository/org/slf4j/slf4j-api/1.7.16/slf4j-api-1.7.16.jar
MD5: 88a2b365604915be96d5a472209f6a37
SHA1: 3a6274f658487d5bfff9af3862beff6da1e7fd52
SHA256:e56288031f5e60652c06e7bb6e9fa410a61231ab54890f7b708fc6adc4107c5b
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	slf4j	Highest
Vendor	pom	parent-groupid	org.slf4j	Medium
Vendor	pom	groupid	org.slf4j	Highest
Vendor	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Vendor	file	name	slf4j-api	High
Vendor	pom	artifactid	slf4j-api	Low
Vendor	pom	url	http://www.slf4j.org	Highest
Vendor	Manifest	bundle-symbolicname	slf4j.api	Medium
Vendor	pom	parent-artifactid	slf4j-parent	Low
Vendor	pom	groupid	slf4j	Highest
Vendor	pom	name	SLF4J API Module	High
Product	pom	parent-artifactid	slf4j-parent	Medium
Product	pom	parent-groupid	org.slf4j	Medium
Product	pom	artifactid	slf4j-api	Highest
Product	Manifest	bundle-requiredexecutionenvironment	J2SE-1.5	Low
Product	file	name	slf4j-api	High
Product	Manifest	bundle-symbolicname	slf4j.api	Medium
Product	Manifest	Implementation-Title	slf4j-api	High
Product	pom	url	http://www.slf4j.org	Medium
Product	pom	name	SLF4J API Module	High
Product	jar	package name	slf4j	Highest
Product	pom	groupid	slf4j	Highest
Product	Manifest	Bundle-Name	slf4j-api	Medium
Version	Manifest	Implementation-Version	1.7.16	High
Version	Manifest	Bundle-Version	1.7.16	High
Version	file	version	1.7.16	High
Version	pom	version	1.7.16	Highest

Identifiers

pkg:maven/org.slf4j/slf4j-api@1.7.16 (Confidence:High)

slf4j-jboss-logging-1.2.0.Final.jar

Description:

slf4j to JBoss Logging Adapter

File Path: /home/jenkins/.mvnrepository/org/jboss/slf4j/slf4j-jboss-logging/1.2.0.Final/slf4j-jboss-logging-1.2.0.Final.jar
MD5: 0eb1cd6c7ae4250d88767bb869550ddf
SHA1: bff294c02b64ad6bf8af6e6994e186dc035e0a47
SHA256:15c573e27ee617c996a423da7ce75560a43663155a81158701342baca2faa0da
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	jboss.slf4j	Highest
Vendor	pom	name	slf4j to JBoss Logging Adapter	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	jar	package name	jboss	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	file	name	slf4j-jboss-logging	High
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	slf4j	Highest
Vendor	pom	groupid	org.jboss.slf4j	Highest
Vendor	Manifest	implementation-url	http://www.jboss.org	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.slf4j	Medium
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	jboss-parent	Low
Vendor	pom	url	http://www.jboss.org	Highest
Vendor	pom	artifactid	slf4j-jboss-logging	Low
Product	pom	groupid	jboss.slf4j	Highest
Product	pom	name	slf4j to JBoss Logging Adapter	High
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-groupid	org.jboss	Medium
Product	pom	url	http://www.jboss.org	Medium
Product	jar	package name	jboss	Highest
Product	file	name	slf4j-jboss-logging	High
Product	Manifest	Implementation-Title	slf4j to JBoss Logging Adapter	High
Product	Manifest	specification-title	slf4j to JBoss Logging Adapter	Medium
Product	jar	package name	slf4j	Highest
Product	pom	parent-artifactid	jboss-parent	Medium
Product	Manifest	implementation-url	http://www.jboss.org	Low
Product	pom	artifactid	slf4j-jboss-logging	Highest
Product	Manifest	os-name	Linux	Medium
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High
Version	pom	parent-version	1.2.0.Final	Low

Identifiers

pkg:maven/org.jboss.slf4j/slf4j-jboss-logging@1.2.0.Final (Confidence:High)

smallrye-config-1.5.1.jar

File Path: /home/jenkins/.mvnrepository/io/smallrye/config/smallrye-config/1.5.1/smallrye-config-1.5.1.jar
MD5: 1e37dc34ecc68f5605d45743dffd1c3d
SHA1: 364701d3537a7738a5e6bf75fa0f967c705e2adc
SHA256:0a0cca7d455f9f8d11619f785feeaa616716a5d6e2dbee2e258d0c6eb8872783
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	io.smallrye.config	Highest
Vendor	pom	name	SmallRye: MicroProfile Config Implementation	High
Vendor	pom	artifactid	smallrye-config	Low
Vendor	file	name	smallrye-config	High
Vendor	pom	parent-artifactid	smallrye-config-parent	Low
Vendor	jar	package name	config	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	jar	package name	smallrye	Highest
Vendor	jar	package name	io	Highest
Product	pom	groupid	io.smallrye.config	Highest
Product	pom	artifactid	smallrye-config	Highest
Product	pom	name	SmallRye: MicroProfile Config Implementation	High
Product	pom	parent-artifactid	smallrye-config-parent	Medium
Product	file	name	smallrye-config	High
Product	jar	package name	config	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	jar	package name	smallrye	Highest
Product	jar	package name	io	Highest
Version	file	version	1.5.1	High
Version	pom	version	1.5.1	Highest

Identifiers

pkg:maven/io.smallrye.config/smallrye-config@1.5.1 (Confidence:High)

smallrye-config-common-1.5.1.jar

File Path: /home/jenkins/.mvnrepository/io/smallrye/config/smallrye-config-common/1.5.1/smallrye-config-common-1.5.1.jar
MD5: 86f9fc5802e8903e554fd22c33dce0bc
SHA1: a7455c6ce2c1d907c2e1b4c4e32226f6350d854c
SHA256:09f01bee7e435d99a028375ea656d7b749423f71bc7c56b867105ad006d6a091
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	groupid	io.smallrye.config	Highest
Vendor	jar	package name	common	Highest
Vendor	file	name	smallrye-config-common	High
Vendor	pom	parent-artifactid	smallrye-config-parent	Low
Vendor	jar	package name	config	Highest
Vendor	pom	name	SmallRye: Common classes	High
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	jar	package name	smallrye	Highest
Vendor	jar	package name	io	Highest
Vendor	pom	artifactid	smallrye-config-common	Low
Product	pom	groupid	io.smallrye.config	Highest
Product	jar	package name	common	Highest
Product	pom	parent-artifactid	smallrye-config-parent	Medium
Product	pom	artifactid	smallrye-config-common	Highest
Product	file	name	smallrye-config-common	High
Product	jar	package name	config	Highest
Product	pom	name	SmallRye: Common classes	High
Product	Manifest	build-jdk-spec	1.8	Low
Product	jar	package name	smallrye	Highest
Product	jar	package name	io	Highest
Version	file	version	1.5.1	High
Version	pom	version	1.5.1	Highest

Identifiers

pkg:maven/io.smallrye.config/smallrye-config-common@1.5.1 (Confidence:High)

snakeyaml-1.27.jar

Description:

YAML 1.1 parser and emitter for Java

License:

Apache License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/yaml/snakeyaml/1.27/snakeyaml-1.27.jar
MD5: 466ff09da784f9f21b2e6bf3b486a8cd
SHA1: 359d62567480b07a679dc643f82fc926b100eed5
SHA256:7e7cce6740ed705bfdfaac7b442c1375d2986d2f2935936a5bd40c14e18fd736
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	yaml	Highest
Vendor	jar	package name	snakeyaml	Highest
Vendor	file	name	snakeyaml	High
Vendor	pom	url	http://www.snakeyaml.org	Highest
Vendor	Manifest	bundle-symbolicname	org.yaml.snakeyaml	Medium
Vendor	jar	package name	parser	Highest
Vendor	pom	groupid	yaml	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	pom	name	SnakeYAML	High
Vendor	pom	artifactid	snakeyaml	Low
Vendor	Manifest	automatic-module-name	org.yaml.snakeyaml	Medium
Vendor	jar	package name	emitter	Highest
Vendor	pom	groupid	org.yaml	Highest
Product	Manifest	Bundle-Name	SnakeYAML	Medium
Product	jar	package name	yaml	Highest
Product	jar	package name	snakeyaml	Highest
Product	file	name	snakeyaml	High
Product	Manifest	bundle-symbolicname	org.yaml.snakeyaml	Medium
Product	jar	package name	parser	Highest
Product	pom	groupid	yaml	Highest
Product	pom	url	http://www.snakeyaml.org	Medium
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	pom	name	SnakeYAML	High
Product	Manifest	automatic-module-name	org.yaml.snakeyaml	Medium
Product	jar	package name	emitter	Highest
Product	pom	artifactid	snakeyaml	Highest
Version	file	version	1.27	High
Version	pom	version	1.27	Highest

Identifiers

pkg:maven/org.yaml/snakeyaml@1.27 (Confidence:High)
cpe:2.3:a:snakeyaml_project:snakeyaml:1.27:*:*:*:*:*:*:* (Confidence:Highest)

txw2-2.3.3-b01.jar

Description:

        TXW is a library that allows you to write XML documents.

File Path: /home/jenkins/.mvnrepository/org/glassfish/jaxb/txw2/2.3.3-b01/txw2-2.3.3-b01.jar
MD5: 4e7db62b457d1876874d46956e0a9ff4
SHA1: 4679019bd1f908a792a07ef9db542cf37759367e
SHA256:d0de4c8f2ab610409c6659f44d7962200306ef9a6e9cb96a611ccf1e683a9f36
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	sun	Highest
Vendor	pom	groupid	glassfish.jaxb	Highest
Vendor	pom	name	TXW2 Runtime	High
Vendor	jar	package name	txw	Highest
Vendor	pom	parent-artifactid	jaxb-txw-parent	Low
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	file	name	txw2	High
Vendor	Manifest	git-revision	7d3cd30	Low
Vendor	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Vendor	jar (hint)	package name	oracle	Highest
Vendor	jar	package name	xml	Highest
Vendor	jar	package name	txw2	Highest
Vendor	Manifest	Implementation-Vendor-Id	org.eclipse	Medium
Vendor	pom	groupid	org.glassfish.jaxb	Highest
Vendor	Manifest	Implementation-Vendor	Eclipse Foundation	High
Vendor	pom	artifactid	txw2	Low
Product	jar	package name	sun	Highest
Product	pom	groupid	glassfish.jaxb	Highest
Product	pom	name	TXW2 Runtime	High
Product	jar	package name	txw	Highest
Product	Manifest	specification-title	Jakarta XML Binding	Medium
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	txw2	High
Product	Manifest	git-revision	7d3cd30	Low
Product	Manifest	Implementation-Title	Jakarta XML Binding Implementation	High
Product	pom	parent-groupid	com.sun.xml.bind.mvn	Medium
Product	jar	package name	xml	Highest
Product	jar	package name	txw2	Highest
Product	pom	artifactid	txw2	Highest
Product	pom	parent-artifactid	jaxb-txw-parent	Medium
Version	pom	version	2.3.3-b01	Highest
Version	Manifest	Implementation-Version	2.3.3-b01	High
Version	Manifest	build-id	2.3.3-b01	Medium

Identifiers

pkg:maven/org.glassfish.jaxb/txw2@2.3.3-b01 (Confidence:High)

wildfly-common-1.5.0.Final-format-001.jar

License:

Apache License 2.0: http://repository.jboss.org/licenses/apache-2.0.txt

File Path: /home/jenkins/.mvnrepository/org/wildfly/common/wildfly-common/1.5.0.Final-format-001/wildfly-common-1.5.0.Final-format-001.jar
MD5: 8da4ec4b383b3b133ba05d7c763dd8bf
SHA1: 2ede1a86b07475cf0657288e0c5dd1e5e47d12da
SHA256:150e6c8c4b588e50570051151b16e10f99cb771527e563e4958bbd6649c27a9c
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	wildfly	Highest
Vendor	pom	groupid	wildfly.common	Highest
Vendor	jar	package name	common	Highest
Vendor	jar	package name	org	Highest
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	parent-groupid	org.jboss	Medium
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	Manifest	implementation-url	http://www.jboss.org/wildfly-common	Low
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	pom	groupid	org.wildfly.common	Highest
Vendor	file	name	wildfly-common	High
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	Manifest	multi-release	true	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	Implementation-Vendor-Id	org.wildfly.common	Medium
Vendor	pom	parent-artifactid	jboss-parent-mr-jar	Low
Vendor	pom	artifactid	wildfly-common	Low
Product	jar	package name	wildfly	Highest
Product	pom	groupid	wildfly.common	Highest
Product	jar	package name	common	Highest
Product	jar	package name	org	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-groupid	org.jboss	Medium
Product	Manifest	implementation-url	http://www.jboss.org/wildfly-common	Low
Product	file	name	wildfly-common	High
Product	Manifest	multi-release	true	Low
Product	Manifest	specification-title	wildfly-common	Medium
Product	Manifest	Implementation-Title	wildfly-common	High
Product	pom	parent-artifactid	jboss-parent-mr-jar	Medium
Product	pom	artifactid	wildfly-common	Highest
Product	Manifest	os-name	Linux	Medium
Version	Manifest	Implementation-Version	1.5.0.Final-format-001	High
Version	pom	version	1.5.0.Final-format-001	Highest
Version	pom	parent-version	1.5.0.Final-format-001	Low

Identifiers

pkg:maven/org.wildfly.common/wildfly-common@1.5.0.Final-format-001 (Confidence:High)

zjsonpatch-0.3.0.jar

Description:

Java Library to find / apply JSON Patches according to RFC 6902

License:

The Apache Software License, Version 2.0: http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/io/fabric8/zjsonpatch/0.3.0/zjsonpatch-0.3.0.jar
MD5: c47f98189f594bd86ccbf40c5391b600
SHA1: d3ebf0f291297649b4c8dc3ecc81d2eddedc100d
SHA256:ae4e5e931646a25cb09b55186de4f3346e358e01130bef279ddf495a719c71d5
Referenced In Project/Scope:Entando K8S Controller for Entando Cluster Infrastructure Deployments:compile

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	zjsonpatch	High
Vendor	jar	package name	zjsonpatch	Highest
Vendor	jar	package name	fabric8	Highest
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	url	fabric8io/zjsonpatch/	Highest
Vendor	Manifest	implementation-url	https://github.com/fabric8io/zjsonpatch/	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	jar	package name	io	Highest
Vendor	pom	artifactid	zjsonpatch	Low
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Vendor	Manifest	Implementation-Vendor-Id	io.fabric8	Medium
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	build-timestamp	${build.datetime}	Low
Vendor	pom	name	zjsonpatch	High
Vendor	pom	groupid	io.fabric8	Highest
Vendor	Manifest	bundle-symbolicname	io.fabric8.zjsonpatch	Medium
Product	file	name	zjsonpatch	High
Product	pom	artifactid	zjsonpatch	Highest
Product	Manifest	specification-title	zjsonpatch	Medium
Product	jar	package name	zjsonpatch	Highest
Product	jar	package name	fabric8	Highest
Product	Manifest	Bundle-Name	zjsonpatch	Medium
Product	Manifest	os-arch	amd64	Low
Product	Manifest	implementation-url	https://github.com/fabric8io/zjsonpatch/	Low
Product	Manifest	Implementation-Title	zjsonpatch	High
Product	jar	package name	io	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.7))"	Low
Product	Manifest	os-name	Linux	Medium
Product	pom	url	fabric8io/zjsonpatch/	High
Product	Manifest	build-timestamp	${build.datetime}	Low
Product	pom	name	zjsonpatch	High
Product	Manifest	bundle-symbolicname	io.fabric8.zjsonpatch	Medium
Product	pom	groupid	io.fabric8	Highest
Version	pom	version	0.3.0	Highest
Version	Manifest	Bundle-Version	0.3.0	High
Version	Manifest	Implementation-Version	0.3.0	High
Version	file	version	0.3.0	High

Identifiers

pkg:maven/io.fabric8/zjsonpatch@0.3.0 (Confidence:High)

Suppressed Vulnerabilities

arc-1.2.0.Final.jar

File Path: /home/jenkins/.mvnrepository/io/quarkus/arc/arc/1.2.0.Final/arc-1.2.0.Final.jar
MD5: 407b54e2c412dfa51b8dc739149def9e
SHA1: 8ca3834e147a87ef27da11abcbf4da73fa3f4e7f
SHA256: 2b86becbf25944307b5b6b442b749d6a79dbd206afc338ab776183d332d2007e

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	arc	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	groupid	io.quarkus.arc	Highest
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	jar	package name	arc	Highest
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus.arc	Medium
Vendor	pom	artifactid	arc	Low
Vendor	Manifest	implementation-url	http://www.jboss.org/arc-parent/arc	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	name	ArC - Runtime	High
Vendor	pom	parent-artifactid	arc-parent	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	parent-artifactid	arc-parent	Medium
Product	pom	artifactid	arc	Highest
Product	file	name	arc	High
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	quarkus	Highest
Product	pom	groupid	io.quarkus.arc	Highest
Product	jar	package name	arc	Highest
Product	jar	package name	io	Highest
Product	Manifest	implementation-url	http://www.jboss.org/arc-parent/arc	Low
Product	Manifest	Implementation-Title	ArC - Runtime	High
Product	Manifest	specification-title	ArC - Runtime	Medium
Product	pom	name	ArC - Runtime	High
Product	Manifest	os-name	Linux	Medium
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2017-18640 suppressed

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900 suppressed

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1666499

Vulnerable Software & Versions: (show all)

CVE-2020-10693 suppressed

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

CWE-20 Improper Input Validation

Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13692 suppressed

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

CWE-611 Improper Restriction of XML External Entity Reference ('XXE')

Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

CVSSv2:

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.7)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13956 suppressed

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

NVD-CWE-noinfo

Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714
CONFIRM - https://github.com/keycloak/keycloak/pull/7053

Vulnerable Software & Versions: (show all)

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

Vulnerable Software & Versions: (show all)

CVE-2020-25638 suppressed

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

HIGH (7.4)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649 suppressed

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908 suppressed

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

CWE-732 Incorrect Permission Assignment for Critical Resource

Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

CVSSv2:

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

LOW (3.3)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

entando-k8s-custom-model-6.3.4.jar

Description:

Entando's Kubernetes Custom Resources

License:

GNU LESSER GENERAL PUBLIC LICENSE, Version 2.1, February 1999: https://www.gnu.org/licenses/lgpl-2.1.txt

File Path: /home/jenkins/.mvnrepository/org/entando/entando-k8s-custom-model/6.3.4/entando-k8s-custom-model-6.3.4.jar
MD5: c744809d5012ba2e91767c76349709bd
SHA1: d40dc798900cb12eb1275bca1ce755a59a3aa09d
SHA256: d77e0ec0f4eb5707ebf3668bee92afeefed142b80506ba90f59e566a55002c94

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-build	6.3.4	Low
Vendor	pom	organization name	Entando Inc.	High
Vendor	Manifest	build-jdk-spec	11	Low
Vendor	file	name	entando-k8s-custom-model	High
Vendor	jar	package name	kubernetes	Highest
Vendor	jar	package name	entando	Highest
Vendor	Manifest	Implementation-Vendor	Entando Inc.	High
Vendor	jar	package name	model	Highest
Vendor	pom	url	https://central.entando.com	Highest
Vendor	pom	groupid	org.entando	Highest
Vendor	pom	artifactid	entando-k8s-custom-model	Low
Vendor	pom	organization url	http://www.entando.com/	Medium
Vendor	pom	groupid	entando	Highest
Vendor	pom	parent-groupid	org.entando	Medium
Vendor	pom	parent-artifactid	entando-quarkus-parent	Low
Vendor	pom	name	Entando Kubernetes Custom Model	High
Product	Manifest	implementation-build	6.3.4	Low
Product	Manifest	Implementation-Title	Entando Kubernetes Custom Model	High
Product	Manifest	build-jdk-spec	11	Low
Product	file	name	entando-k8s-custom-model	High
Product	jar	package name	kubernetes	Highest
Product	jar	package name	entando	Highest
Product	jar	package name	model	Highest
Product	pom	organization url	http://www.entando.com/	Low
Product	pom	parent-artifactid	entando-quarkus-parent	Medium
Product	pom	organization name	Entando Inc.	Low
Product	pom	artifactid	entando-k8s-custom-model	Highest
Product	pom	groupid	entando	Highest
Product	pom	parent-groupid	org.entando	Medium
Product	pom	name	Entando Kubernetes Custom Model	High
Product	pom	url	https://central.entando.com	Medium
Version	file	version	6.3.4	High
Version	Manifest	implementation-build	6.3.4	Low
Version	pom	parent-version	6.3.4	Low
Version	pom	version	6.3.4	Highest
Version	Manifest	Implementation-Version	6.3.4	High

Suppressed Identifiers

cpe:2.3:a:kubernetes:kubernetes:6.3.4:*:*:*:*:*:*:* suppressed (Confidence:Low)
- Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs

Suppressed Vulnerabilities

CVE-2020-8554 suppressed

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

CWE-863 Incorrect Authorization

CVSSv2:

Base Score: MEDIUM (6.0)
Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSSv3:

MEDIUM (5.0)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

keycloak-admin-client-9.0.3.jar

File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-admin-client/9.0.3/keycloak-admin-client-9.0.3.jar
MD5: 61a28fd1ca633bbee49d099f65d65862
SHA1: d7f19c2de49e6aa201951a7845d5f8e24973097a
SHA256: 5d16705f1f739499769e8ab7cb88b76030431f1f06e0e562442434156b8c359d

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.keycloak	Medium
Vendor	pom	name	Keycloak Admin REST Client	High
Vendor	jar	package name	keycloak	Highest
Vendor	pom	artifactid	keycloak-admin-client	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	groupid	keycloak	Highest
Vendor	pom	groupid	org.keycloak	Highest
Vendor	jar	package name	client	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	parent-artifactid	keycloak-integration-parent	Low
Vendor	jar	package name	admin	Highest
Vendor	pom	parent-groupid	org.keycloak	Medium
Vendor	file	name	keycloak-admin-client	High
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	implementation-url	http://keycloak.org/keycloak-integration-parent/keycloak-admin-client	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	name	Keycloak Admin REST Client	High
Product	jar	package name	keycloak	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-artifactid	keycloak-integration-parent	Medium
Product	pom	groupid	keycloak	Highest
Product	pom	artifactid	keycloak-admin-client	Highest
Product	jar	package name	client	Highest
Product	jar	package name	admin	Highest
Product	pom	parent-groupid	org.keycloak	Medium
Product	file	name	keycloak-admin-client	High
Product	Manifest	implementation-url	http://keycloak.org/keycloak-integration-parent/keycloak-admin-client	Low
Product	Manifest	os-name	Linux	Medium
Product	Manifest	Implementation-Title	Keycloak Admin REST Client	High
Product	Manifest	specification-title	Keycloak Admin REST Client	Medium
Version	Manifest	Implementation-Version	9.0.3	High
Version	file	version	9.0.3	High
Version	pom	version	9.0.3	Highest

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2020-10758 suppressed

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

CWE-770 Allocation of Resources Without Limits or Throttling

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10770 suppressed

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

CWE-601 URL Redirection to Untrusted Site ('Open Redirect')

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-10776 suppressed

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

CWE-79 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSSv3:

MEDIUM (4.8)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-14302 suppressed

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

CWE-294 Authentication Bypass by Capture-replay

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

MEDIUM (4.9)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-14359 suppressed

A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.

CWE-305 Authentication Bypass by Primary Weakness

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

CVE-2020-14366 suppressed

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-14389 suppressed

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

CWE-269 Improper Privilege Management

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSSv3:

HIGH (8.1)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-1694 suppressed

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.

CWE-732 Incorrect Permission Assignment for Critical Resource

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (4.9)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

CWE-20 Improper Input Validation

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1725 suppressed

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

CWE-863 Incorrect Authorization

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

CWE-1021 Improper Restriction of Rendered UI Layers or Frames

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1758 suppressed

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

CWE-295 Improper Certificate Validation

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.9)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-27838 suppressed

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

CWE-287 Improper Authentication

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1906797

Vulnerable Software & Versions: (show all)

keycloak-common-9.0.3.jar

Description:

Common library and dependencies shared with server and all adapters

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-common/9.0.3/keycloak-common-9.0.3.jar
MD5: 904371bebd3b8d8944e7793087a95357
SHA1: 75406689a282c91c52b258167ec1d1d8d902348e
SHA256: 979f8b1c9db5ca8dbb5aa2eac73920e640e575f3090a926c85d29025b458c0ee

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.keycloak	Medium
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	file	name	keycloak-common	High
Vendor	jar	package name	common	Highest
Vendor	jar	package name	keycloak	Highest
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	Manifest	implementation-url	http://keycloak.org/keycloak-common	Low
Vendor	pom	groupid	keycloak	Highest
Vendor	pom	groupid	org.keycloak	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	artifactid	keycloak-common	Low
Vendor	pom	name	Keycloak Common	High
Vendor	pom	parent-groupid	org.keycloak	Medium
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	bundle-symbolicname	org.keycloak.keycloak-common	Medium
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	keycloak-parent	Low
Product	Manifest	specification-title	Keycloak Common	Medium
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	file	name	keycloak-common	High
Product	jar	package name	common	Highest
Product	Manifest	Implementation-Title	Keycloak Common	High
Product	jar	package name	keycloak	Highest
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	pom	artifactid	keycloak-common	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-artifactid	keycloak-parent	Medium
Product	Manifest	implementation-url	http://keycloak.org/keycloak-common	Low
Product	pom	groupid	keycloak	Highest
Product	Manifest	Bundle-Name	Keycloak Common	Medium
Product	pom	name	Keycloak Common	High
Product	pom	parent-groupid	org.keycloak	Medium
Product	Manifest	bundle-symbolicname	org.keycloak.keycloak-common	Medium
Product	Manifest	os-name	Linux	Medium
Version	Manifest	Bundle-Version	9.0.3	High
Version	Manifest	Implementation-Version	9.0.3	High
Version	file	version	9.0.3	High
Version	pom	version	9.0.3	Highest

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2020-10758 suppressed

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10770 suppressed

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-10776 suppressed

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSSv3:

MEDIUM (4.8)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-14302 suppressed

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

MEDIUM (4.9)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-14359 suppressed

A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

CVE-2020-14366 suppressed

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-14389 suppressed

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

Base Score: MEDIUM (5.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSSv3:

HIGH (8.1)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-1694 suppressed

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (4.9)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

CWE-20 Improper Input Validation

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1725 suppressed

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

CWE-863 Incorrect Authorization

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1758 suppressed

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.9)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-27838 suppressed

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

CWE-287 Improper Authentication

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1906797

Vulnerable Software & Versions: (show all)

keycloak-core-9.0.3.jar

License:

https://www.apache.org/licenses/LICENSE-2.0

File Path: /home/jenkins/.mvnrepository/org/keycloak/keycloak-core/9.0.3/keycloak-core-9.0.3.jar
MD5: cbfe7dce03d6484b9484fe001f2c9bdb
SHA1: 25064b55a0323c359ab3b3794b2bc656ccb47571
SHA256: a276663e6902c820f3484a18dabb2a9e1094be1306defd9a3a36d11e0ec6d007

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.keycloak	Medium
Vendor	Manifest	implementation-url	http://keycloak.org/keycloak-core	Low
Vendor	Manifest	bundle-docurl	http://www.jboss.org	Low
Vendor	pom	name	Keycloak Core	High
Vendor	jar	package name	keycloak	Highest
Vendor	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	pom	artifactid	keycloak-core	Low
Vendor	pom	groupid	keycloak	Highest
Vendor	pom	groupid	org.keycloak	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	parent-groupid	org.keycloak	Medium
Vendor	file	name	keycloak-core	High
Vendor	Manifest	bundle-symbolicname	org.keycloak.keycloak-core	Medium
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	parent-artifactid	keycloak-parent	Low
Product	Manifest	implementation-url	http://keycloak.org/keycloak-core	Low
Product	Manifest	bundle-docurl	http://www.jboss.org	Low
Product	pom	name	Keycloak Core	High
Product	jar	package name	keycloak	Highest
Product	Manifest	originally-created-by	Apache Maven Bundle Plugin	Low
Product	Manifest	os-arch	amd64	Low
Product	pom	parent-artifactid	keycloak-parent	Medium
Product	pom	groupid	keycloak	Highest
Product	Manifest	specification-title	Keycloak Core	Medium
Product	Manifest	Bundle-Name	Keycloak Core	Medium
Product	Manifest	Implementation-Title	Keycloak Core	High
Product	pom	parent-groupid	org.keycloak	Medium
Product	file	name	keycloak-core	High
Product	Manifest	bundle-symbolicname	org.keycloak.keycloak-core	Medium
Product	pom	artifactid	keycloak-core	Highest
Product	Manifest	os-name	Linux	Medium
Version	Manifest	Bundle-Version	9.0.3	High
Version	Manifest	Implementation-Version	9.0.3	High
Version	file	version	9.0.3	High
Version	pom	version	9.0.3	Highest

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2020-10758 suppressed

A vulnerability was found in Keycloak before 11.0.1 where DoS attack is possible by sending twenty requests simultaneously to the specified keycloak server, all with a Content-Length header value that exceeds the actual byte count of the request body.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-10770 suppressed

A flaw was found in Keycloak before 13.0.0, where it is possible to force the server to call out an unverified URL using the OIDC parameter request_uri. This flaw allows an attacker to use this parameter to execute a Server-side request forgery (SSRF) attack.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-10776 suppressed

A flaw was found in Keycloak before version 12.0.0, where it is possible to add unsafe schemes for the redirect_uri parameter. This flaw allows an attacker to perform a Cross-site scripting attack.

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:N/I:P/A:N

CVSSv3:

MEDIUM (4.8)
CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-14302 suppressed

A flaw was found in Keycloak before 13.0.0 where an external identity provider, after successful authentication, redirects to a Keycloak endpoint that accepts multiple invocations with the use of the same "state" parameter. This flaw allows a malicious user to perform replay attacks.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:P/A:N

CVSSv3:

MEDIUM (4.9)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-14359 suppressed

A vulnerability was found in all versions of keycloak, where on using lower case HTTP headers (via cURL) we can bypass our Gatekeeper. Lower case headers are also accepted by some webservers (e.g. Jetty). This means there is no protection when we put a Gatekeeper in front of a Jetty server and use lowercase headers.

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:*

CVE-2020-14366 suppressed

A vulnerability was found in keycloak, where path traversal using URL-encoded path segments in the request is possible because the resources endpoint applies a transformation of the url path to the file path. Only few specific folder hierarchies can be exposed by this flaw

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-14389 suppressed

It was found that Keycloak before version 12.0.0 would permit a user with only view-profile role to manage the resources in the new account console, allowing access and modification of data the user was not intended to have.

Base Score: MEDIUM (5.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSSv3:

HIGH (8.1)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 12.0.0

CVE-2020-1694 suppressed

A flaw was found in all versions of Keycloak before 10.0.0, where the NodeJS adapter did not support the verify-token-audience. This flaw results in some users having access to sensitive information outside of their permissions.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (4.9)
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 10.0.0

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

CWE-20 Improper Input Validation

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1725 suppressed

A flaw was found in keycloak before version 13.0.0. In some scenarios a user still has access to a resource after changing the role mappings in Keycloak and after expiration of the previous access token.

CWE-863 Incorrect Authorization

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (5.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions:

cpe:2.3:a:redhat:keycloak:*:*:*:*:*:*:*:* versions up to (excluding) 13.0.0

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1758 suppressed

A flaw was found in Keycloak in versions before 10.0.0, where it does not perform the TLS hostname verification while sending emails using the SMTP server. This flaw allows an attacker to perform a man-in-the-middle (MITM) attack.

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.9)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-27838 suppressed

A flaw was found in keycloak in versions prior to 13.0.0. The client registration endpoint allows fetching information about PUBLIC clients (like client secret) without authentication which could be an issue if the same PUBLIC client changed to CONFIDENTIAL later. The highest threat from this vulnerability is to data confidentiality.

CWE-287 Improper Authentication

Notes: These are generally serverside vulnerabilities. The entando-k8s containers that use Keycloak run as background processes that do not expose services.

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1906797

Vulnerable Software & Versions: (show all)

kubernetes-client-4.7.0.jar

File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-client/4.7.0/kubernetes-client-4.7.0.jar
MD5: 1d356d064e8186b15903298b43e6be1d
SHA1: 12547e58b775e415157315048224be39e3944afa
SHA256: b30d0b9908d4e3f9f6a050d05e568de892f9616de4fecdac131fde3e246bf3c7

Evidence

Type	Source	Name	Value	Confidence
Vendor	jar	package name	fabric8	Highest
Vendor	pom	parent-artifactid	kubernetes-client-project	Low
Vendor	jar	package name	kubernetes	Highest
Vendor	pom	name	Fabric8 :: Kubernetes :: Java Client	High
Vendor	pom	artifactid	kubernetes-client	Low
Vendor	file	name	kubernetes-client	High
Vendor	jar	package name	client	Highest
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	pom	groupid	io.fabric8	Highest
Vendor	jar	package name	io	Highest
Product	jar	package name	fabric8	Highest
Product	pom	parent-artifactid	kubernetes-client-project	Medium
Product	pom	artifactid	kubernetes-client	Highest
Product	jar	package name	kubernetes	Highest
Product	pom	name	Fabric8 :: Kubernetes :: Java Client	High
Product	file	name	kubernetes-client	High
Product	jar	package name	client	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	pom	groupid	io.fabric8	Highest
Product	jar	package name	io	Highest
Version	pom	version	4.7.0	Highest
Version	file	version	4.7.0	High

Suppressed Identifiers

cpe:2.3:a:kubernetes:kubernetes:4.7.0:*:*:*:*:*:*:* suppressed (Confidence:Highest)
- Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs

Suppressed Vulnerabilities

CVE-2020-8554 suppressed

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

CWE-863 Incorrect Authorization

CVSSv2:

Base Score: MEDIUM (6.0)
Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSSv3:

MEDIUM (5.0)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

CVE-2020-8570 suppressed

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs

CVSSv2:

Base Score: MEDIUM (6.4)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

kubernetes-model-4.7.0.jar

Description:

Java client for Kubernetes and OpenShift

License:

http://www.apache.org/licenses/LICENSE-2.0.txt

File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model/4.7.0/kubernetes-model-4.7.0.jar
MD5: 87609db8395ebd5136763394a11eb8fc
SHA1: cf4831621a7f61deb5e87c9390ef7b970f16d909
SHA256: 1ecfcd2bfd4ddfe457723af295ef5ec7231f02aafb9c8799fa7fb73d446411fe

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Fabric8 :: Kubernetes Model	High
Vendor	jar	package name	fabric8	Highest
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	kubernetes	Highest
Vendor	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Vendor	file	name	kubernetes-model	High
Vendor	Manifest	bundle-docurl	http://redhat.com	Low
Vendor	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model/	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	jar	package name	io	Highest
Vendor	Manifest	Implementation-Vendor	Red Hat	High
Vendor	Manifest	bundle-symbolicname	io.fabric8.kubernetes-model	Medium
Vendor	Manifest	Implementation-Vendor-Id	io.fabric8	Medium
Vendor	pom	parent-artifactid	kubernetes-model-generator	Low
Vendor	pom	artifactid	kubernetes-model	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	build-timestamp	${build.datetime}	Low
Vendor	Manifest	specification-vendor	Red Hat	Low
Vendor	pom	groupid	io.fabric8	Highest
Product	pom	name	Fabric8 :: Kubernetes Model	High
Product	jar	package name	fabric8	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	kubernetes	Highest
Product	Manifest	require-capability	osgi.ee;filter:="(&(osgi.ee=JavaSE)(version=1.8))"	Low
Product	file	name	kubernetes-model	High
Product	Manifest	bundle-docurl	http://redhat.com	Low
Product	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model/	Low
Product	jar	package name	io	Highest
Product	Manifest	Implementation-Title	Fabric8 :: Kubernetes Model	High
Product	Manifest	Bundle-Name	Fabric8 :: Kubernetes Model	Medium
Product	Manifest	bundle-symbolicname	io.fabric8.kubernetes-model	Medium
Product	Manifest	specification-title	Fabric8 :: Kubernetes Model	Medium
Product	jar	package name	openshift	Highest
Product	pom	artifactid	kubernetes-model	Highest
Product	Manifest	os-name	Linux	Medium
Product	Manifest	build-timestamp	${build.datetime}	Low
Product	pom	groupid	io.fabric8	Highest
Product	pom	parent-artifactid	kubernetes-model-generator	Medium
Version	pom	version	4.7.0	Highest
Version	file	version	4.7.0	High
Version	Manifest	Bundle-Version	4.7.0	High
Version	Manifest	Implementation-Version	4.7.0	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2020-8570 suppressed

Kubernetes Java client libraries in version 10.0.0 and versions prior to 9.0.1 allow writes to paths outside of the current directory when copying multiple files from a remote pod which sends a maliciously crafted archive. This can potentially overwrite any files on the system of the process executing the client code.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs

CVSSv2:

Base Score: MEDIUM (6.4)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

kubernetes-model-common-4.7.0.jar

File Path: /home/jenkins/.mvnrepository/io/fabric8/kubernetes-model-common/4.7.0/kubernetes-model-common-4.7.0.jar
MD5: 1845c2fd17622c1f9980ddbf3183e84e
SHA1: 38e88a4bdf0d4a77089927494aa60358b8b66455
SHA256: b5bdb86d95feba870016a67304f822a26112db7c30eb4bc656ef502a44a660f3

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	name	Fabric8 :: Kubernetes Model :: Common	High
Vendor	jar	package name	fabric8	Highest
Vendor	Manifest	os-arch	amd64	Low
Vendor	file	name	kubernetes-model-common	High
Vendor	jar	package name	kubernetes	Highest
Vendor	Manifest	build-timestamp	Wed, 8 Jan 2020 13:20:45 +0000	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	Manifest	build-jdk-spec	1.8	Low
Vendor	jar	package name	model	Highest
Vendor	Manifest	Implementation-Vendor	Red Hat	High
Vendor	jar	package name	io	Highest
Vendor	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/	Low
Vendor	pom	parent-artifactid	kubernetes-model-generator	Low
Vendor	pom	artifactid	kubernetes-model-common	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	Manifest	specification-vendor	Red Hat	Low
Vendor	pom	groupid	io.fabric8	Highest
Product	pom	name	Fabric8 :: Kubernetes Model :: Common	High
Product	jar	package name	fabric8	Highest
Product	Manifest	os-arch	amd64	Low
Product	file	name	kubernetes-model-common	High
Product	jar	package name	kubernetes	Highest
Product	Manifest	build-timestamp	Wed, 8 Jan 2020 13:20:45 +0000	Low
Product	jar	package name	model	Highest
Product	Manifest	build-jdk-spec	1.8	Low
Product	Manifest	Implementation-Title	Fabric8 :: Kubernetes Model :: Common	High
Product	Manifest	specification-title	Fabric8 :: Kubernetes Model :: Common	Medium
Product	jar	package name	io	Highest
Product	Manifest	implementation-url	http://fabric8.io/kubernetes-model-generator/kubernetes-model-common/	Low
Product	pom	artifactid	kubernetes-model-common	Highest
Product	Manifest	os-name	Linux	Medium
Product	pom	groupid	io.fabric8	Highest
Product	pom	parent-artifactid	kubernetes-model-generator	Medium
Version	pom	version	4.7.0	Highest
Version	file	version	4.7.0	High
Version	Manifest	Implementation-Version	4.7.0	High

Suppressed Identifiers

cpe:2.3:a:kubernetes:kubernetes:4.7.0:*:*:*:*:*:*:* suppressed (Confidence:Highest)
- Notes: A whole lot of false positives based on K8S's internals that have nothing to do with our CRDs

Suppressed Vulnerabilities

CVE-2020-8554 suppressed

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

CWE-863 Incorrect Authorization

CVSSv2:

Base Score: MEDIUM (6.0)
Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSSv3:

MEDIUM (5.0)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

quarkus-arc-1.2.0.Final.jar

Description:

Build time CDI dependency injection

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-arc/1.2.0.Final/quarkus-arc-1.2.0.Final.jar
MD5: de77bd4f237b2efcf13d7554829541e4
SHA1: fcabaf0c5a861f5cd0980f22a6f435dcf29fc953
SHA256: e93823a596983132117f966bda5f15c3f69f99f59ffdef3d0b2a4a154b9400fc

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc	Low
Vendor	pom	parent-artifactid	quarkus-arc-parent	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	jar	package name	runtime	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	artifactid	quarkus-arc	Low
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	jar	package name	arc	Highest
Vendor	pom	name	Quarkus - ArC - Runtime	High
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	file	name	quarkus-arc	High
Vendor	pom	groupid	io.quarkus	Highest
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-arc-parent/quarkus-arc	Low
Product	Manifest	Implementation-Title	Quarkus - ArC - Runtime	High
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	Manifest	specification-title	Quarkus - ArC - Runtime	Medium
Product	pom	artifactid	quarkus-arc	Highest
Product	jar	package name	runtime	Highest
Product	jar	package name	arc	Highest
Product	jar	package name	io	Highest
Product	pom	name	Quarkus - ArC - Runtime	High
Product	Manifest	os-name	Linux	Medium
Product	file	name	quarkus-arc	High
Product	pom	parent-artifactid	quarkus-arc-parent	Medium
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2017-18640 suppressed

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900 suppressed

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1666499

Vulnerable Software & Versions: (show all)

CVE-2020-10693 suppressed

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13692 suppressed

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.7)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13956 suppressed

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714
CONFIRM - https://github.com/keycloak/keycloak/pull/7053

Vulnerable Software & Versions: (show all)

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

Vulnerable Software & Versions: (show all)

CVE-2020-25638 suppressed

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

HIGH (7.4)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649 suppressed

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908 suppressed

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

LOW (3.3)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

quarkus-core-1.2.0.Final.jar

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-core/1.2.0.Final/quarkus-core-1.2.0.Final.jar
MD5: 995fbfc0f4271f21957f67ed13f3cd99
SHA1: ffef221351007b5a644241ebfcc9fd938755b801
SHA256: 3aaf703ac1f70a5dfb1e5d3eb9ead5d715ca208633dd95f9cfdc5b90883170da

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	quarkus-core	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	pom	parent-artifactid	quarkus-core-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	jar	package name	runtime	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core	Low
Vendor	pom	artifactid	quarkus-core	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	name	Quarkus - Core - Runtime	High
Vendor	pom	groupid	io.quarkus	Highest
Product	pom	artifactid	quarkus-core	Highest
Product	pom	parent-artifactid	quarkus-core-parent	Medium
Product	file	name	quarkus-core	High
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	runtime	Highest
Product	jar	package name	io	Highest
Product	Manifest	Implementation-Title	Quarkus - Core - Runtime	High
Product	Manifest	specification-title	Quarkus - Core - Runtime	Medium
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-core-parent/quarkus-core	Low
Product	Manifest	os-name	Linux	Medium
Product	pom	name	Quarkus - Core - Runtime	High
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2017-18640 suppressed

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900 suppressed

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1666499

Vulnerable Software & Versions: (show all)

CVE-2020-10693 suppressed

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13692 suppressed

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.7)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13956 suppressed

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714
CONFIRM - https://github.com/keycloak/keycloak/pull/7053

Vulnerable Software & Versions: (show all)

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

Vulnerable Software & Versions: (show all)

CVE-2020-25638 suppressed

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

HIGH (7.4)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649 suppressed

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908 suppressed

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

LOW (3.3)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

quarkus-jackson-1.2.0.Final.jar

Description:

Jackson Databind support

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-jackson/1.2.0.Final/quarkus-jackson-1.2.0.Final.jar
MD5: 25ef78d56d890aec97cffe91a5eae0c8
SHA1: e90c574855ea58b882d1c5b7d1e7a48b689ffeda
SHA256: 6efb762c51ef1858de941b24a0591b9c998ab20ecb53d237968e8784ba0a38e7

Evidence

Type	Source	Name	Value	Confidence
Vendor	pom	artifactid	quarkus-jackson	Low
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	pom	parent-artifactid	quarkus-jackson-parent	Low
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	file	name	quarkus-jackson	High
Vendor	pom	name	Quarkus - Jackson - Runtime	High
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	jar	package name	jackson	Highest
Vendor	pom	groupid	io.quarkus	Highest
Product	pom	parent-artifactid	quarkus-jackson-parent	Medium
Product	Manifest	specification-title	Quarkus - Jackson - Runtime	Medium
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-jackson-parent/quarkus-jackson	Low
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	io	Highest
Product	pom	artifactid	quarkus-jackson	Highest
Product	file	name	quarkus-jackson	High
Product	pom	name	Quarkus - Jackson - Runtime	High
Product	Manifest	Implementation-Title	Quarkus - Jackson - Runtime	High
Product	Manifest	os-name	Linux	Medium
Product	jar	package name	jackson	Highest
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2017-18640 suppressed

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900 suppressed

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1666499

Vulnerable Software & Versions: (show all)

CVE-2020-10693 suppressed

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13692 suppressed

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.7)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13956 suppressed

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714
CONFIRM - https://github.com/keycloak/keycloak/pull/7053

Vulnerable Software & Versions: (show all)

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

Vulnerable Software & Versions: (show all)

CVE-2020-25638 suppressed

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

HIGH (7.4)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649 suppressed

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8908 suppressed

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

LOW (3.3)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

quarkus-kubernetes-client-1.2.0.Final.jar

Description:

Interact with Kubernetes and develop Kubernetes Operators

File Path: /home/jenkins/.mvnrepository/io/quarkus/quarkus-kubernetes-client/1.2.0.Final/quarkus-kubernetes-client-1.2.0.Final.jar
MD5: 97a853c124da7945e41c4778a5eb7042
SHA1: 40431f242fa7153056cf42b97769833ca99399c1
SHA256: 3d61a02e62a1d205f22a47c515d52ee540ddf3b8ef45c6382591ecda9bdb062d

Evidence

Type	Source	Name	Value	Confidence
Vendor	file	name	quarkus-kubernetes-client	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	quarkus	Highest
Vendor	jar	package name	kubernetes	Highest
Vendor	Manifest	Implementation-Vendor-Id	io.quarkus	Medium
Vendor	jar	package name	client	Highest
Vendor	pom	parent-artifactid	quarkus-kubernetes-client-parent	Low
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	jar	package name	io	Highest
Vendor	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client	Low
Vendor	pom	name	Quarkus - Kubernetes Client - Runtime	High
Vendor	pom	artifactid	quarkus-kubernetes-client	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	groupid	io.quarkus	Highest
Product	pom	artifactid	quarkus-kubernetes-client	Highest
Product	pom	parent-artifactid	quarkus-kubernetes-client-parent	Medium
Product	file	name	quarkus-kubernetes-client	High
Product	Manifest	Implementation-Title	Quarkus - Kubernetes Client - Runtime	High
Product	jar	package name	quarkus	Highest
Product	Manifest	os-arch	amd64	Low
Product	Manifest	specification-title	Quarkus - Kubernetes Client - Runtime	Medium
Product	jar	package name	kubernetes	Highest
Product	jar	package name	client	Highest
Product	Manifest	implementation-url	http://www.jboss.org/quarkus-parent/quarkus-build-parent/quarkus-kubernetes-client-parent/quarkus-kubernetes-client	Low
Product	jar	package name	io	Highest
Product	pom	name	Quarkus - Kubernetes Client - Runtime	High
Product	Manifest	os-name	Linux	Medium
Product	pom	groupid	io.quarkus	Highest
Version	pom	version	1.2.0.Final	Highest
Version	Manifest	Implementation-Version	1.2.0.Final	High

Suppressed Identifiers

cpe:2.3:a:kubernetes:kubernetes:1.2.0:*:*:*:*:*:*:* suppressed (Confidence:Highest)
- Notes: These vulnerabilities are K8S server side vulnerabilities related to specific versions of K8S. Somehow this version of Quarkus has been linked to certain versions of K8S. The client only needs to upgrade to later versions of the K8S to avoid these vulnerabilities

Suppressed Vulnerabilities

CVE-2015-7528 suppressed

Kubernetes before 1.2.0-alpha.5 allows remote attackers to read arbitrary pod logs via a container name.

CWE-200 Information Exposure

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

CONFIRM - https://github.com/kubernetes/kubernetes/pull/17886
CONFIRM - https://github.com/kubernetes/kubernetes/releases/tag/v1.2.0-alpha.5
CONFIRM - https://github.com/openshift/origin/pull/6113
REDHAT - RHSA-2015:2544
REDHAT - RHSA-2015:2615

Vulnerable Software & Versions: (show all)

CVE-2017-18640 suppressed

The Alias feature in SnakeYAML 1.18 allows entity expansion during a load operation, a related issue to CVE-2003-1564.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2018-1002105 suppressed

In all Kubernetes versions prior to v1.10.11, v1.11.5, and v1.12.3, incorrect handling of error responses to proxied upgrade requests in the kube-apiserver allowed specially crafted requests to establish a connection through the Kubernetes API server to backend servers, then send arbitrary requests over the same connection directly to the backend, authenticated with the Kubernetes API server's TLS credentials used to establish the backend connection.

CWE-388

CVSSv2:

Base Score: HIGH (7.5)
Vector: /AV:N/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

CRITICAL (9.8)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

BID - 106068
CONFIRM - https://github.com/kubernetes/kubernetes/issues/71411
CONFIRM - https://groups.google.com/forum/#!topic/kubernetes-announce/GVllWCg6L88
CONFIRM - https://security.netapp.com/advisory/ntap-20190416-0001/
EXPLOIT-DB - 46052
EXPLOIT-DB - 46053
MISC - https://github.com/evict/poc_CVE-2018-1002105
MISC - https://www.coalfire.com/The-Coalfire-Blog/December-2018/Kubernetes-Vulnerability-What-You-Can-Should-Do
MLIST - [oss-security] 20190628 Re: linux-distros membership application - Microsoft
MLIST - [oss-security] 20190706 Re: linux-distros membership application - Microsoft
MLIST - [oss-security] 20190706 Re: linux-distros membership application - Microsoft
REDHAT - RHSA-2018:3537
REDHAT - RHSA-2018:3549
REDHAT - RHSA-2018:3551
REDHAT - RHSA-2018:3598
REDHAT - RHSA-2018:3624
REDHAT - RHSA-2018:3742
REDHAT - RHSA-2018:3752
REDHAT - RHSA-2018:3754
SUSE - openSUSE-SU-2020:0554

Vulnerable Software & Versions: (show all)

CVE-2019-1002100 suppressed

In all Kubernetes versions prior to v1.11.8, v1.12.6, and v1.13.4, users that are authorized to make patch requests to the Kubernetes API Server can send a specially crafted patch of type "json-patch" (e.g. `kubectl patch --type json` or `"Content-Type: application/json-patch+json"`) that consumes excessive resources while processing, causing a Denial of Service on the API Server.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

MEDIUM (6.5)
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

BID - 107290
CONFIRM - https://github.com/kubernetes/kubernetes/issues/74534
CONFIRM - https://groups.google.com/forum/#!topic/kubernetes-announce/vmUUNkYfG9g
CONFIRM - https://security.netapp.com/advisory/ntap-20190416-0002/
REDHAT - RHSA-2019:1851
REDHAT - RHSA-2019:3239

Vulnerable Software & Versions: (show all)

CVE-2019-11246 suppressed

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.12.9, versions prior to 1.13.6, versions prior to 1.14.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:

Base Score: MEDIUM (4.3)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2019-11248 suppressed

The debugging endpoint /debug/pprof is exposed over the unauthenticated Kubelet healthz port. The go pprof endpoint is exposed over the Kubelet's healthz port. This debugging endpoint can potentially leak sensitive information such as internal Kubelet memory addresses and configuration, or for limited denial of service. Versions prior to 1.15.0, 1.14.4, 1.13.8, and 1.12.10 are affected. The issue is of medium severity, but not exposed by the default configuration.

CWE-862 Missing Authorization

CVSSv2:

Base Score: MEDIUM (6.4)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:P

CVSSv3:

HIGH (8.2)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

References:

Vulnerable Software & Versions: (show all)

CVE-2019-11249 suppressed

The kubectl cp command allows copying files between containers and the user machine. To copy files from a container, Kubernetes runs tar inside the container to create a tar archive, copies it over the network, and kubectl unpacks it on the user’s machine. If the tar binary in the container is malicious, it could run any code and output unexpected, malicious results. An attacker could use this to write files to any path on the user’s machine when kubectl cp is called, limited only by the system permissions of the local user. Kubernetes affected versions include versions prior to 1.13.9, versions prior to 1.14.5, versions prior to 1.15.2, and versions 1.1, 1.2, 1.4, 1.4, 1.5, 1.6, 1.7, 1.8, 1.9, 1.10, 1.11, 1.12.

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:N/I:P/A:P

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

References:

CONFIRM - https://github.com/kubernetes/kubernetes/issues/80984
CONFIRM - https://security.netapp.com/advisory/ntap-20190919-0003/
MLIST - v1.13.9, v1.14.5, v1.15.2 released to address CVE-2019-11247, CVE-2019-11249
REDHAT - RHBA-2019:2794
REDHAT - RHBA-2019:2816
REDHAT - RHBA-2019:2824
REDHAT - RHSA-2019:3239
REDHAT - RHSA-2019:3811

Vulnerable Software & Versions: (show all)

CVE-2019-11250 suppressed

The Kubernetes client-go library logs request headers at verbosity levels of 7 or higher. This can disclose credentials to unauthorized users via logs or command output. Kubernetes components (such as kube-apiserver) prior to v1.16.0, which make use of basic or bearer token authentication, and run at high verbosity levels, are affected.

CWE-532 Information Exposure Through Log Files

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

CONFIRM - https://github.com/kubernetes/kubernetes/issues/81114
CONFIRM - https://security.netapp.com/advisory/ntap-20190919-0003/
MLIST - [oss-security] 20201016 Kubernetes: Multiple secret leaks when verbose logging is enabled
REDHAT - RHSA-2019:4052
REDHAT - RHSA-2019:4087

Vulnerable Software & Versions: (show all)

CVE-2019-11252 suppressed

The Kubernetes kube-controller-manager in versions v1.0-v1.17 is vulnerable to a credential leakage via error messages in mount failure logs and events for AzureFile and CephFS volumes.

CWE-209 Information Exposure Through an Error Message

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

MISC - https://github.com/kubernetes/kubernetes/pull/88684

Vulnerable Software & Versions:

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* versions from (including) 1.0.0; versions up to (including) 1.17.0

CVE-2019-11253 suppressed

Improper input validation in the Kubernetes API server in versions v1.0-1.12 and versions prior to v1.13.12, v1.14.8, v1.15.5, and v1.16.2 allows authorized users to send malicious YAML or JSON payloads, causing the API server to consume excessive CPU or memory, potentially crashing and becoming unavailable. Prior to v1.14.0, default RBAC policy authorized anonymous users to submit requests that could trigger this vulnerability. Clusters upgraded from a version prior to v1.14.0 keep the more permissive policy by default for backwards compatibility.

CWE-776 Improper Restriction of Recursive Entity References in DTDs ('XML Entity Expansion')

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References:

CONFIRM - https://github.com/kubernetes/kubernetes/issues/83253
CONFIRM - https://security.netapp.com/advisory/ntap-20191031-0006/
MLIST - CVE-2019-11253: denial of service vulnerability from malicious YAML or JSON payloads
REDHAT - RHSA-2019:3239
REDHAT - RHSA-2019:3811
REDHAT - RHSA-2019:3905

Vulnerable Software & Versions: (show all)

CVE-2019-11254 suppressed

The Kubernetes API Server component in versions 1.1-1.14, and versions prior to 1.15.10, 1.16.7 and 1.17.3 allows an authorized user who sends malicious YAML payloads to cause the kube-apiserver to consume excessive CPU cycles while parsing YAML.

NVD-CWE-Other

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2019-14900 suppressed

A flaw was found in Hibernate ORM in versions before 5.3.18, 5.4.18 and 5.5.0.Beta1. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SELECT or GROUP BY parts of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks.

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.5)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1666499

Vulnerable Software & Versions: (show all)

CVE-2019-9946 suppressed

Cloud Native Computing Foundation (CNCF) CNI (Container Networking Interface) 0.7.4 has a network firewall misconfiguration which affects Kubernetes. The CNI 'portmap' plugin, used to setup HostPorts for CNI, inserts rules at the front of the iptables nat chains; which take precedence over the KUBE- SERVICES chain. Because of this, the HostPort/portmap rule could match incoming traffic even if there were better fitting, more specific service definition rules like NodePorts later in the chain. The issue is fixed in CNI 0.7.5 and Kubernetes 1.11.9, 1.12.7, 1.13.5, and 1.14.0.

CWE-670 Always-Incorrect Control Flow Implementation

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

CONFIRM - https://github.com/containernetworking/plugins/pull/269#issuecomment-477683272
CONFIRM - https://security.netapp.com/advisory/ntap-20190416-0002/
FEDORA - FEDORA-2019-24217abfdf
FEDORA - FEDORA-2019-d2b57d3b19
REDHAT - RHBA-2019:0862

Vulnerable Software & Versions: (show all)

CVE-2020-10693 suppressed

A flaw was found in Hibernate Validator version 6.1.2.Final. A bug in the message interpolation processor enables invalid EL expressions to be evaluated as if they were valid. This flaw allows attackers to bypass input sanitation (escaping, stripping) controls that developers may have put in place when handling user-controlled data in error messages.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13692 suppressed

PostgreSQL JDBC Driver (aka PgJDBC) before 42.2.13 allows XXE.

Base Score: MEDIUM (6.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (7.7)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-13956 suppressed

Apache HttpClient versions prior to version 4.5.13 and 5.0.3 can misinterpret malformed authority component in request URIs passed to the library as java.net.URI object and pick the wrong target host for request execution.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-1714 suppressed

A flaw was found in Keycloak before version 11.0.0, where the code base contains usages of ObjectInputStream without type checks. This flaw allows an attacker to inject arbitrarily serialized Java Objects, which would then get deserialized in a privileged context and potentially lead to remote code execution.

Base Score: MEDIUM (6.5)
Vector: /AV:N/AC:L/Au:S/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1714
CONFIRM - https://github.com/keycloak/keycloak/pull/7053

Vulnerable Software & Versions: (show all)

CVE-2020-1728 suppressed

A vulnerability was found in all versions of Keycloak where, the pages on the Admin Console area of the application are completely missing general HTTP security headers in HTTP-responses. This does not directly lead to a security issue, yet it might aid attackers in their efforts to exploit other problems. The flaws unnecessarily make the servers more prone to Clickjacking, channel downgrade attacks and other similar client-based attack vectors.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

MEDIUM (5.4)
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N

References:

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2020-1728

Vulnerable Software & Versions: (show all)

CVE-2020-25638 suppressed

A flaw was found in hibernate-core in versions prior to and including 5.4.23.Final. A SQL injection in the implementation of the JPA Criteria API can permit unsanitized literals when a literal is used in the SQL comments of the query. This flaw could allow an attacker to access unauthorized information or possibly conduct further attacks. The highest threat from this vulnerability is to data confidentiality and integrity.

Base Score: MEDIUM (5.8)
Vector: /AV:N/AC:M/Au:N/C:P/I:P/A:N

CVSSv3:

HIGH (7.4)
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-25649 suppressed

A flaw was found in FasterXML Jackson Databind, where it did not have entity expansion secured properly. This flaw allows vulnerability to XML external entity (XXE) attacks. The highest threat from this vulnerability is data integrity.

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:N/I:P/A:N

CVSSv3:

HIGH (7.5)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8552 suppressed

The Kubernetes API server component in versions prior to 1.15.9, 1.16.0-1.16.6, and 1.17.0-1.17.2 has been found to be vulnerable to a denial of service attack via successful API requests.

CWE-770 Allocation of Resources Without Limits or Throttling

CVSSv2:

Base Score: MEDIUM (4.0)
Vector: /AV:N/AC:L/Au:S/C:N/I:N/A:P

CVSSv3:

MEDIUM (4.3)
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8554 suppressed

Kubernetes API server in all versions allow an attacker who is able to create a ClusterIP service and set the spec.externalIPs field, to intercept traffic to that IP address. Additionally, an attacker who is able to patch the status (which is considered a privileged operation and should not typically be granted to users) of a LoadBalancer service can set the status.loadBalancer.ingress.ip to similar effect.

CWE-863 Incorrect Authorization

CVSSv2:

Base Score: MEDIUM (6.0)
Vector: /AV:N/AC:M/Au:S/C:P/I:P/A:P

CVSSv3:

MEDIUM (5.0)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L

References:

Vulnerable Software & Versions:

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:*

CVE-2020-8555 suppressed

The Kubernetes kube-controller-manager in versions v1.0-1.14, versions prior to v1.15.12, v1.16.9, v1.17.5, and version v1.18.0 are vulnerable to a Server Side Request Forgery (SSRF) that allows certain authorized users to leak up to 500 bytes of arbitrary information from unprotected endpoints within the master's host network (such as link-local or loopback services).

CWE-918 Server-Side Request Forgery (SSRF)

CVSSv2:

Base Score: LOW (3.5)
Vector: /AV:N/AC:M/Au:S/C:P/I:N/A:N

CVSSv3:

MEDIUM (6.3)
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N

References:

CONFIRM - https://github.com/kubernetes/kubernetes/issues/91542
CONFIRM - https://security.netapp.com/advisory/ntap-20200724-0005/
FEDORA - FEDORA-2020-aeea04cd13
MLIST - N/A
MLIST - [oss-security] 20200601 CVE-2020-8555: Kubernetes: Half-Blind SSRF in kube-controller-manager

Vulnerable Software & Versions: (show all)

CVE-2020-8557 suppressed

The Kubernetes kubelet component in versions 1.1-1.16.12, 1.17.0-1.17.8 and 1.18.0-1.18.5 do not account for disk usage by a pod which writes to its own /etc/hosts file. The /etc/hosts file mounted in a pod by kubelet is not included by the kubelet eviction manager when calculating ephemeral storage usage by a pod. If a pod writes a large amount of data to the /etc/hosts file, it could fill the storage space of the node and cause the node to fail.

CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion')

CVSSv2:

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:N/I:N/A:P

CVSSv3:

MEDIUM (5.5)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8558 suppressed

The Kubelet and kube-proxy components in versions 1.1.0-1.16.10, 1.17.0-1.17.6, and 1.18.0-1.18.3 were found to contain a security issue which allows adjacent hosts to reach TCP and UDP services bound to 127.0.0.1 running on the node or in the node's network namespace. Such a service is generally thought to be reachable only by other processes on the same host, but due to this defeect, could be reachable by other hosts on the same LAN as the node, or by containers running on the same node as the service.

CWE-287 Improper Authentication

CVSSv2:

Base Score: MEDIUM (5.8)
Vector: /AV:A/AC:L/Au:N/C:P/I:P/A:P

CVSSv3:

HIGH (8.8)
CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

Vulnerable Software & Versions: (show all)

CVE-2020-8563 suppressed

In Kubernetes clusters using VSphere as a cloud provider, with a logging level set to 4 or above, VSphere cloud credentials will be leaked in the cloud controller manager's log. This affects < v1.19.3.

CWE-532 Information Exposure Through Log Files

CVSSv2:

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.5)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

References:

CONFIRM - https://github.com/kubernetes/kubernetes/issues/95621
CONFIRM - https://security.netapp.com/advisory/ntap-20210122-0006/
MLIST - Multiple secret leaks when verbose logging is enabled

Vulnerable Software & Versions:

cpe:2.3:a:kubernetes:kubernetes:*:*:*:*:*:*:*:* versions up to (excluding) 1.19.3

CVE-2020-8908 suppressed

A temp directory creation vulnerability exists in all versions of Guava, allowing an attacker with access to the machine to potentially access data in a temporary directory created by the Guava API com.google.common.io.Files.createTempDir(). By default, on unix-like systems, the created directory is world-readable (readable by an attacker with access to the system). The method in question has been marked @Deprecated in versions 30.0 and later and should not be used. For Android developers, we recommend choosing a temporary directory API provided by Android, such as context.getCacheDir(). For other Java developers, we recommend migrating to the Java 7 API java.nio.file.Files.createTempDirectory() which explicitly configures permissions of 700, or configuring the Java runtime's java.io.tmpdir system property to point to a location whose permissions are appropriately configured.

Base Score: LOW (2.1)
Vector: /AV:L/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

LOW (3.3)
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

References:

Vulnerable Software & Versions: (show all)

resteasy-client-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-client/3.15.0.Final/resteasy-client-3.15.0.Final.jar
MD5: d29a786f1921d924f27025e29bbb4961
SHA1: 8ac39445e8806bd82006877d1e987e303bb14efd
SHA256: ddd4087c2d16fbcbd208b3fd2f3ced8e4def72018253cb0f149f47981074f11e

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	pom	artifactid	resteasy-client	Low
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	jar	package name	client	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	jar	package name	jaxrs	Highest
Vendor	pom	name	RESTEasy JAX-RS Client	High
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-client	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	file	name	resteasy-client	High
Vendor	Manifest	os-name	Linux	Medium
Product	Manifest	specification-title	RESTEasy JAX-RS Client	Medium
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	artifactid	resteasy-client	Highest
Product	jar	package name	jboss	Highest
Product	jar	package name	client	Highest
Product	Manifest	Implementation-Title	RESTEasy JAX-RS Client	High
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	jar	package name	jaxrs	Highest
Product	pom	name	RESTEasy JAX-RS Client	High
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-client	Low
Product	file	name	resteasy-client	High
Product	Manifest	os-name	Linux	Medium
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2021-20289 suppressed

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

CWE-209 Information Exposure Through an Error Message

Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the server is updated.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Vulnerable Software & Versions:

cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* versions up to (including) 4.6.0

resteasy-jackson2-provider-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jackson2-provider/3.15.0.Final/resteasy-jackson2-provider-3.15.0.Final.jar
MD5: 12d04533eda2a68f6a0eafeb15c76b8f
SHA1: 149e9ba330b467f1992c612fbc294298edb7a59f
SHA256: ec21a99def3e4f49e509a482cef139402b1a25ae12e86ed724cc694da3f6a57a

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-jackson2-provider	Low
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	jar	package name	jboss	Highest
Vendor	pom	artifactid	resteasy-jackson2-provider	Low
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	file	name	resteasy-jackson2-provider	High
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	name	RESTEasy Jackson 2 Provider	High
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-jackson2-provider	Low
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	Manifest	specification-title	RESTEasy Jackson 2 Provider	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	Manifest	Implementation-Title	RESTEasy Jackson 2 Provider	High
Product	jar	package name	jboss	Highest
Product	pom	artifactid	resteasy-jackson2-provider	Highest
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	file	name	resteasy-jackson2-provider	High
Product	Manifest	os-name	Linux	Medium
Product	pom	name	RESTEasy Jackson 2 Provider	High
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2021-20289 suppressed

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

CWE-209 Information Exposure Through an Error Message

Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the server is updated.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Vulnerable Software & Versions:

cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* versions up to (including) 4.6.0

resteasy-jaxb-provider-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxb-provider/3.15.0.Final/resteasy-jaxb-provider-3.15.0.Final.jar
MD5: e9b168cca34f3dc197b04db792427469
SHA1: cfea315075875de8fb54f833b72ec05b6c69b30d
SHA256: 4ee1d651db94fb9f8207a3d0aa77a469c4a011be470d44cc43809a1c1e83e3e9

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	file	name	resteasy-jaxb-provider	High
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxb-provider	Low
Vendor	Manifest	os-name	Linux	Medium
Vendor	pom	artifactid	resteasy-jaxb-provider	Low
Vendor	pom	name	RESTEasy JAXB Provider	High
Product	Manifest	specification-title	RESTEasy JAXB Provider	Medium
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	jar	package name	jboss	Highest
Product	file	name	resteasy-jaxb-provider	High
Product	Manifest	Implementation-Title	RESTEasy JAXB Provider	High
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	pom	artifactid	resteasy-jaxb-provider	Highest
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxb-provider	Low
Product	Manifest	os-name	Linux	Medium
Product	pom	name	RESTEasy JAXB Provider	High
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2021-20289 suppressed

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

CWE-209 Information Exposure Through an Error Message

Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the server is updated.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Vulnerable Software & Versions:

cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* versions up to (including) 4.6.0

resteasy-jaxrs-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-jaxrs/3.15.0.Final/resteasy-jaxrs-3.15.0.Final.jar
MD5: 0745397d0abe02d81e4bd73c40cb0b79
SHA1: 3b74a65a99102ddd7e57b0ad2ab747c15a9aa571
SHA256: deb50838eb19788b1e6ae15a181a6aafba770040f95ea3937e74c9d478ce74ce

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	pom	name	RESTEasy JAX-RS Implementation	High
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	file	name	resteasy-jaxrs	High
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	jar	package name	jaxrs	Highest
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxrs	Low
Vendor	pom	artifactid	resteasy-jaxrs	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	pom	name	RESTEasy JAX-RS Implementation	High
Product	jar	package name	jboss	Highest
Product	file	name	resteasy-jaxrs	High
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	jar	package name	jaxrs	Highest
Product	pom	artifactid	resteasy-jaxrs	Highest
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-jaxrs	Low
Product	Manifest	Implementation-Title	RESTEasy JAX-RS Implementation	High
Product	Manifest	specification-title	RESTEasy JAX-RS Implementation	Medium
Product	Manifest	os-name	Linux	Medium
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2021-20289 suppressed

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

CWE-209 Information Exposure Through an Error Message

Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the server is updated.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Vulnerable Software & Versions:

cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* versions up to (including) 4.6.0

resteasy-multipart-provider-3.15.0.Final.jar

File Path: /home/jenkins/.mvnrepository/org/jboss/resteasy/resteasy-multipart-provider/3.15.0.Final/resteasy-multipart-provider-3.15.0.Final.jar
MD5: c442a9d90e994fd973394bb5fd6921af
SHA1: 1517ad86cab1647866c594d9cc2103323ecb9e82
SHA256: 30dd1f984ce5f7b751408b5badf7365485f400db6e802cb5c5bceba4aa01df82

Evidence

Type	Source	Name	Value	Confidence
Vendor	Manifest	Implementation-Vendor-Id	org.jboss.resteasy	Medium
Vendor	pom	name	RESTEasy Multipart Provider	High
Vendor	Manifest	os-arch	amd64	Low
Vendor	jar	package name	resteasy	Highest
Vendor	file	name	resteasy-multipart-provider	High
Vendor	jar	package name	jboss	Highest
Vendor	pom	parent-artifactid	resteasy-jaxrs-all	Low
Vendor	pom	groupid	org.jboss.resteasy	Highest
Vendor	Manifest	java-vendor	Oracle Corporation	Medium
Vendor	pom	parent-groupid	org.jboss.resteasy	Medium
Vendor	hint analyzer	vendor	redhat	Highest
Vendor	Manifest	specification-vendor	JBoss by Red Hat	Low
Vendor	pom	groupid	jboss.resteasy	Highest
Vendor	Manifest	implementation-url	http://rest-easy.org/resteasy-multipart-provider	Low
Vendor	Manifest	Implementation-Vendor	JBoss by Red Hat	High
Vendor	pom	artifactid	resteasy-multipart-provider	Low
Vendor	Manifest	os-name	Linux	Medium
Product	pom	name	RESTEasy Multipart Provider	High
Product	pom	parent-artifactid	resteasy-jaxrs-all	Medium
Product	jar	package name	resteasy	Highest
Product	Manifest	os-arch	amd64	Low
Product	file	name	resteasy-multipart-provider	High
Product	jar	package name	jboss	Highest
Product	pom	parent-groupid	org.jboss.resteasy	Medium
Product	pom	groupid	jboss.resteasy	Highest
Product	Manifest	specification-title	RESTEasy Multipart Provider	Medium
Product	Manifest	implementation-url	http://rest-easy.org/resteasy-multipart-provider	Low
Product	Manifest	Implementation-Title	RESTEasy Multipart Provider	High
Product	Manifest	os-name	Linux	Medium
Product	pom	artifactid	resteasy-multipart-provider	Highest
Version	pom	version	3.15.0.Final	Highest
Version	Manifest	Implementation-Version	3.15.0.Final	High

Suppressed Identifiers

None

Suppressed Vulnerabilities

CVE-2021-20289 suppressed

A flaw was found in RESTEasy in all versions of RESTEasy up to 4.6.0.Final. The endpoint class and method names are returned as part of the exception response when RESTEasy cannot convert one of the request URI path or query values to the matching JAX-RS resource method's parameter value. The highest threat from this vulnerability is to data confidentiality.

CWE-209 Information Exposure Through an Error Message

Notes: Not much we can do about this one except for wait for Keycloak 8. We can only update the client if the server is updated.

CVSSv2:

Base Score: MEDIUM (5.0)
Vector: /AV:N/AC:L/Au:N/C:P/I:N/A:N

CVSSv3:

MEDIUM (5.3)
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References:

MISC - https://bugzilla.redhat.com/show_bug.cgi?id=1935927

Vulnerable Software & Versions:

cpe:2.3:a:redhat:resteasy:*:*:*:*:*:*:*:* versions up to (including) 4.6.0

How to read the report | Suppressing false positives | Getting Help: github issues

Project: Entando K8S Controller for Entando Cluster Infrastructure Deployments

org.entando:entando-k8s-cluster-infrastructure-controller:6.3.7

Summary

Dependencies

apache-mime4j-0.6.jar

Evidence

Identifiers

apiguardian-api-1.1.0.jar

Evidence

Identifiers

arc-1.2.0.Final.jar

Evidence

Identifiers

automaton-1.11-8.jar

Evidence

Identifiers

bcpkix-jdk15on-1.60.jar

Evidence

Identifiers

bcprov-jdk15on-1.68.jar

Evidence

Identifiers

btf-1.2.jar

Evidence

Identifiers

checker-qual-2.5.2.jar

Evidence

Identifiers

commons-codec-1.13.jar

Evidence

Identifiers

commons-io-2.6.jar

Evidence

Identifiers

commons-lang3-3.9.jar

Evidence

Identifiers

commons-logging-1.2.jar

Evidence

Identifiers

entando-k8s-custom-model-6.3.4.jar

Evidence

Identifiers

entando-k8s-operator-common-6.3.19.jar

Evidence

Identifiers

failureaccess-1.0.1.jar

Evidence

Identifiers

generex-1.0.2.jar

Evidence

Identifiers

graal-sdk-19.2.1.jar

Evidence

Identifiers

guava-30.1-jre.jar

Evidence

Identifiers

hamcrest-core-1.3.jar

Evidence

Identifiers

httpclient-4.5.13.jar

Evidence

Identifiers

httpcore-4.4.13.jar

Evidence

Identifiers

istack-commons-runtime-3.0.10.jar

Evidence

Identifiers

jackson-annotations-2.12.0.jar

Evidence

Identifiers

jackson-core-2.12.0.jar

Evidence

Identifiers

jackson-coreutils-1.6.jar

Evidence

Identifiers