Available Information in PagerDuty with Xray Integration

JFrog Integrations Documentation

ft:sourceType
Paligo

Once you have setup using the walkthrough below, the following metadata will become available in PagerDuty:

CUSTOM DETAILS

created

2019-11-21T04:47:09.837Z

cve

CVE-2019-19126

description

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

impacted_artifacts

[ { "depth": 0, "display_name": "connector:0.8.0", "infected_files": [ { "depth": 0, "display_name": "debian:buster:libc6:2.28-10", "name": "libc6:2.28-10", "parent_sha": "9411f38bb959244da6cb01b9baeb079f9e5193832ad5c7b4ad3aa45301f50e1c", "path": "", "pkg_type": "Debian", "sha256": "30fe03584a947466c61145df3cd7ea3c0503aa319b8bc913f373701fdff44e85" } ], "name": "manifest.json", "parent_sha": "6537920ab5240121a74713c46c3f5a3f0a13db43fe16684be6db91dd21706501", "path": "default/integrations/connector/0.8.0/", "pkg_type": "Docker", "sha1": "", "sha256": "6537920ab5240121a74713c46c3f5a3f0a13db43fe16684be6db91dd21706501" } ]

provider

JFrog

severity

Low

summary

On the x86-64 architecture, the GNU C Library (aka glibc) before 2.31 fails to ignore the LD_PREFER_MAP_32BIT_EXEC environment variable during program execution after a security transition, allowing local attackers to restrict the possible mapping addresses for loaded libraries and thus bypass ASLR for a setuid program.

type

security

policy

PD_Test-2-policy

watch

PD_Test-2-Watch