Annotate new snyk sigstore entry

.snyk

@@ -95,3 +95,10 @@ ignore:
         expires: 2026-06-01T10:53:10.182Z
         created: 2026-05-08T10:53:10.201Z
 
+  # sigstore/timestamp-authority v2 | Score 6.7 | Not exploitable: cosign runs in runner service image, not in user code sandbox; user code cannot call or interact with sigstore tooling
+  SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930:
+    - '*':
+        reason: Waiting for base image fix
+        expires: 2026-06-01T10:53:10.182Z
+        created: 2026-05-14T00:00:00.000Z
+

docs/vulns/CVE-2025-15558.txt

@@ -0,0 +1,6 @@
+CVE-2025-15558 | docker/cli/cli-plugins/manager | CVSS 7.0 | High
+What: On Windows, Docker CLI searches for plugins in C:\ProgramData\Docker\cli-
+plugins, which does not exist by default. A low-privileged attacker can create it
+and plant malicious plugin binaries that execute with elevated context.
+For cyber-dojo: cyber-dojo runs on Linux.
+Verdict: Not applicable. Windows-only vulnerability.

docs/vulns/CVE-2025-47911.txt

@@ -0,0 +1,6 @@
+CVE-2025-47911 | golang.org/x/net/html | CVSS 6.9 | Medium
+What: Quadratic parsing complexity in html.Parse() on certain inputs -- a related
+DoS vector in the same function.
+For cyber-dojo: Docker daemon components use this library internally. User code
+has --net=none and cannot send HTML to the Docker daemon's HTML parser.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2025-47913.txt

@@ -0,0 +1,5 @@
+CVE-2025-47913 | golang.org/x/crypto/ssh/agent | CVSS 7.1 | High
+What: A malicious SSH agent sends a single 0x06 byte (SSH_AGENT_SUCCESS) which is
+unmarshalled into the wrong type, causing a panic in List() and SignWithFlags().
+For cyber-dojo: No SSH agent surface reachable from user code. --net=none.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2025-47914.txt

@@ -0,0 +1,6 @@
+CVE-2025-47914 | golang.org/x/crypto/ssh/agent | CVSS 6.9 | Medium
+What: An out-of-bounds read in the SSH agent server -- a malformed message causes
+a panic and crash.
+For cyber-dojo: No SSH agent is exposed to user code. --net=none prevents any
+network contact.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2025-52881.txt

@@ -0,0 +1,14 @@
+CVE-2025-52881 | opencontainers/selinux/go-selinux | CVSS 7.3 | High
+What: A race condition in how the library writes to procfs files. An attacker with
+low local privileges can redirect write operations via symlinks or shared mounts to
+reach targets like /proc/sysrq-trigger, potentially crashing the host or altering
+kernel parameters.
+For cyber-dojo: This is the most structurally interesting entry on this list. The
+go-selinux library is used by containerd and runc when applying SELinux labels to
+containers. Two mitigations apply: (1) sandboxed containers run with
+--security-opt=no-new-privileges, blocking the setuid transitions SELinux labels
+are often used alongside; (2) the race requires the attacker to already have local
+access to the host filesystem's procfs, which user code cannot reach -- the
+container's /proc is a private mount namespace.
+Verdict: Not exploitable by user code given namespace isolation. Worth monitoring
+if the runner ever runs on a host where SELinux is actively enforcing.

docs/vulns/CVE-2025-58181.txt

@@ -0,0 +1,6 @@
+CVE-2025-58181 | golang.org/x/crypto/ssh | CVSS 6.9 | Medium
+What: A Go SSH server allocates memory without limits when processing GSSAPI
+authentication requests with excessive numbers of mechanisms, leading to memory
+exhaustion.
+For cyber-dojo: The runner does not expose an SSH server. User code has --net=none.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2025-58190.txt

@@ -0,0 +1,6 @@
+CVE-2025-58190 | golang.org/x/net/html | CVSS 6.9 | Medium
+What: An infinite loop in html.Parse() triggered by specially crafted HTML input,
+exhausting CPU until the process is killed.
+For cyber-dojo: Docker daemon components use this library internally. User code
+has --net=none and cannot send HTML to the Docker daemon's HTML parser.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2025-61984.txt

@@ -0,0 +1,10 @@
+CVE-2025-61984 | OpenSSH (Alpine, tagged ALPINE322) | CVSS 5.3 | Medium
+What: Control characters in SSH usernames (from command-line or config percent-
+sequence expansion) are not sanitised, enabling injection into a ProxyCommand.
+For cyber-dojo: An ssh client vulnerability requiring the operator to run ssh with
+a crafted username, with ProxyCommand configured. User code runs with --net=none --
+no outbound SSH connection is possible. The ProxyCommand vector requires a
+pre-configured SSH client config, which the sandbox does not have.
+Note: Tagged ALPINE322 but the image is Alpine 3.23 -- the scanner is matching on
+the OpenSSH package version, not the Alpine minor version.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2025-61985.txt

@@ -0,0 +1,10 @@
+CVE-2025-61985 | OpenSSH (Alpine, tagged ALPINE322) | CVSS 5.3 | Medium
+What: A null byte in an ssh:// URI is not neutralised. When ProxyCommand is
+configured, this can lead to code execution.
+For cyber-dojo: An ssh client vulnerability requiring the operator to run ssh with
+a crafted URI, with ProxyCommand configured. User code runs with --net=none -- no
+outbound SSH connection is possible. The ProxyCommand vector requires a
+pre-configured SSH client config, which the sandbox does not have.
+Note: Tagged ALPINE322 but the image is Alpine 3.23 -- the scanner is matching on
+the OpenSSH package version, not the Alpine minor version.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2026-24051.txt

@@ -0,0 +1,6 @@
+CVE-2026-24051 | go.opentelemetry.io/otel/sdk/resource | CVSS 7.3 | High
+What: Untrusted search path. The resource detection code executes the ioreg command
+without validating PATH, so a malicious binary placed earlier in PATH is executed
+instead. ioreg is a macOS-specific command.
+For cyber-dojo: cyber-dojo runs on Linux.
+Verdict: Not applicable. macOS-only vulnerability.

docs/vulns/CVE-2026-27135.txt

@@ -0,0 +1,5 @@
+CVE-2026-27135 | nghttp2 | CVSS 7.5 | High
+What: An HTTP/2 vulnerability in nghttp2 (the C library underlying curl and other tools).
+For cyber-dojo: Same reasoning as curl -- no network access from user code. nghttp2
+would only be reachable by something sending HTTP/2 to a service that uses it.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2026-29181.txt

@@ -0,0 +1,10 @@
+CVE-2026-29181 | go.opentelemetry.io/otel baggage, propagation, internal/global,
+                  OTLP trace/metric exporters | CVSS 8.7 | High
+What: The baggage package fails to throttle header processing. Sending many baggage
+header lines in HTTP requests -- even individually within size limits -- causes
+unbounded CPU and memory allocation, crashing the service. Six Snyk IDs
+(15928416, 15928418, 15928420, 15954196, 15954197, 15954212) all belong to this
+same DoS pattern across different OTel packages.
+For cyber-dojo: User code runs with --net=none and cannot send HTTP requests with
+crafted baggage headers to any OTel endpoint.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2026-32280.txt

@@ -0,0 +1,9 @@
+CVE-2026-32280 | Go stdlib 1.25.8 | CVSS 7.5 | High
+What: One of three Go standard library vulnerabilities fixed in 1.25.9, affecting
+the Docker daemon and containerd binaries compiled with Go. See also CVE-2026-32281
+and CVE-2026-32283.
+For cyber-dojo: These would be reachable only through interaction with the Docker
+daemon API. User code is completely isolated from the Docker socket -- the sandbox
+container has no path to the Docker daemon.
+Verdict: Not exploitable by user code. Could matter if something external with
+Docker API access exploited them.

docs/vulns/CVE-2026-32281.txt

@@ -0,0 +1,9 @@
+CVE-2026-32281 | Go stdlib 1.25.8 | CVSS 7.5 | High
+What: One of three Go standard library vulnerabilities fixed in 1.25.9, affecting
+the Docker daemon and containerd binaries compiled with Go. See also CVE-2026-32280
+and CVE-2026-32283.
+For cyber-dojo: These would be reachable only through interaction with the Docker
+daemon API. User code is completely isolated from the Docker socket -- the sandbox
+container has no path to the Docker daemon.
+Verdict: Not exploitable by user code. Could matter if something external with
+Docker API access exploited them.

docs/vulns/CVE-2026-32283.txt

@@ -0,0 +1,9 @@
+CVE-2026-32283 | Go stdlib 1.25.8 | CVSS 7.5 | High
+What: One of three Go standard library vulnerabilities fixed in 1.25.9, affecting
+the Docker daemon and containerd binaries compiled with Go. See also CVE-2026-32280
+and CVE-2026-32281.
+For cyber-dojo: These would be reachable only through interaction with the Docker
+daemon API. User code is completely isolated from the Docker socket -- the sandbox
+container has no path to the Docker daemon.
+Verdict: Not exploitable by user code. Could matter if something external with
+Docker API access exploited them.

docs/vulns/CVE-2026-33186.txt

@@ -0,0 +1,9 @@
+CVE-2026-33186 | gRPC-Go | CVSS 9.1 | Critical
+What: gRPC-Go servers accept HTTP/2 :path headers without a leading slash (e.g.
+Service/Method instead of /Service/Method), causing path-based deny rules in
+grpc/authz interceptors to silently fail to match.
+For cyber-dojo: User code runs with --net=none and cannot send any network frames
+to anything, let alone a gRPC endpoint. This CVE requires a network-reachable gRPC
+service with an auth policy that has a fallback-allow rule.
+Verdict: Not exploitable by user code. Relevant only if something in your
+infrastructure exposes a gRPC service to untrusted callers.

docs/vulns/CVE-2026-33747.txt

@@ -0,0 +1,9 @@
+CVE-2026-33747 | moby/buildkit/source/http | CVSS 8.6 | High
+What: Directory traversal in BuildKit's HTTP source module. A crafted API message
+sent when an untrusted frontend is used can write files outside the intended storage
+root via path traversal sequences.
+For cyber-dojo: cyber-dojo runs pre-built language images and does not invoke
+docker build against user-supplied content. BuildKit's HTTP source is never
+exercised by user-submitted code.
+Verdict: Not relevant. Would only matter if docker build were run with user-
+controlled #syntax directives or --build-arg BUILDKIT_SYNTAX.

docs/vulns/CVE-2026-33748.txt

@@ -0,0 +1,8 @@
+CVE-2026-33748 | moby/buildkit/source/git, client/llb, util/gitutil | CVSS 8.2 | High
+What: Symlink attack in BuildKit's Git URL processing. A crafted subdir value in
+a Git URL fragment can escape the repository root. Requires builds using Git URLs
+with a subpath component pointing to a symlink in an untrusted repository. Three
+separate Snyk IDs (15790741, 15790742, 15790743, 15790744) all map to this one CVE
+across different BuildKit packages.
+For cyber-dojo: cyber-dojo does not build from user-supplied Git URLs.
+Verdict: Not relevant.

docs/vulns/CVE-2026-33814.txt

@@ -0,0 +1,9 @@
+CVE-2026-33814 | golang.org/x/net/http2 | CVSS 8.7 | High
+What: An infinite loop in HTTP/2 SETTINGS frame processing. When the transport
+receives a SETTINGS_MAX_FRAME_SIZE value of 0 it endlessly writes CONTINUATION
+frames, exhausting resources and crashing the service.
+For cyber-dojo: golang.org/x/net/http2 is used by Docker daemon and Go-based
+tooling in the base image. User code runs with --net=none and cannot send
+crafted HTTP/2 SETTINGS frames to any endpoint.
+Verdict: Not exploitable by user code. Requires sending a malformed SETTINGS
+frame to a reachable HTTP/2 server.

docs/vulns/CVE-2026-34040.txt

@@ -0,0 +1,14 @@
+CVE-2026-34040 | Docker Engine | CVSS 8.8 | High | marked "not fixed"
+What: Bypass of Docker authorization (AuthZ) plugins by padding a container
+creation API request body beyond 1 MB. The middleware drops oversized bodies before
+they reach the AuthZ plugin, which then approves the empty-looking request. Patch
+was in 29.3.1.
+Note: The image is 29.4.1 which should include that fix -- the "not fixed" flag
+from the scanner may be a false positive or a mismatch on a bundled sub-component.
+Worth verifying with `docker version` inside the image.
+For cyber-dojo: Even if the bug were present, cyber-dojo does not use Docker AuthZ
+plugins (OPA, Prisma Cloud, etc.). Sandbox security is enforced via docker run flags
+directly -- --net=none, --user, --security-opt=no-new-privileges -- not via plugin
+policy. This CVE only matters if a third-party AuthZ plugin is standing between the
+caller and the Docker daemon.
+Verdict: Not relevant to cyber-dojo's threat model. No AuthZ plugins in use.

docs/vulns/CVE-2026-34986.txt

@@ -0,0 +1,9 @@
+CVE-2026-34986 | go-jose v4 (github.com/go-jose/go-jose/v4) | CVSS 7.5 | High
+What: Panic in JWE decryption. When the alg field specifies a key-wrapping algorithm
+and the encrypted_key field is empty (or shorter than 16 bytes), cipher.KeyUnwrap()
+calculates a zero or negative slice length, triggering a Go runtime panic. Any
+service that decrypts JWE tokens from untrusted input is affected.
+For cyber-dojo: go-jose is used by containerd and Docker daemon internals for JWE
+handling. User code has --net=none and cannot send crafted JWE tokens to these
+services.
+Verdict: Not exploitable by user code.

docs/vulns/CVE-2026-35385.txt

@@ -0,0 +1,7 @@
+CVE-2026-35385 | OpenSSH | CVSS 7.5 | High | not fixed
+What: A vulnerability in OpenSSH (likely a memory safety issue in the server path).
+For cyber-dojo: The dind image ships OpenSSH for ssh-keygen used in Docker's TLS
+cert tooling -- sshd is not started in a normal dind deployment. Even if sshd were
+somehow running, user code has --net=none and cannot reach it.
+Verdict: Not exploitable by user code. Would only matter if sshd were running and
+a port were exposed, which is not the case in a standard dind deployment.

docs/vulns/CVE-2026-35469.txt

@@ -0,0 +1,9 @@
+CVE-2026-35469 | spdystream | CVSS 8.7 | High
+What: DoS -- the SPDY/3 frame parser allocates memory based on attacker-controlled
+counts/lengths without bounds checks. A single malformed SPDY frame (zlib-compressed,
+so small on the wire) can exhaust process memory and crash the service.
+For cyber-dojo: spdystream is used by Kubernetes client-go for kubectl exec /
+port-forward style streaming. User code has --net=none and cannot send SPDY frames
+to anything. An external attacker with access to whatever exposes spdystream could
+DoS the service, but that is an infrastructure concern, not a sandbox concern.
+Verdict: Not exploitable by user code. Infrastructure DoS risk only.

docs/vulns/CVE-2026-3805.txt

@@ -0,0 +1,7 @@
+CVE-2026-3805 | curl | CVSS 7.5 | High | not fixed
+What: A vulnerability in curl (likely TLS/HTTP processing -- curl CVEs at this score
+are usually buffer overflows in protocol parsing).
+For cyber-dojo: curl is in the dind image for Docker's own use (pulling images, health
+checks). User code runs with --net=none and cannot invoke curl to reach any external
+server, and cannot interact with curl running inside the dind environment.
+Verdict: Not exploitable by user code.

docs/vulns/SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406.txt

@@ -0,0 +1,10 @@
+SNYK-GOLANG-GITHUBCOMAWSAWSSDKGOV2SERVICECLOUDWATCHLOGS-16316406 | aws-sdk-go-v2 CloudWatch Logs | CVSS 8.2 | High | no CVE assigned
+What: An uncaught exception in the EventStream decoder crashes the host process
+when it receives a crafted EventStream response containing an invalid header
+value type byte outside the valid range.
+For cyber-dojo: aws-sdk-go-v2 is used by the Go agent to ship logs to
+CloudWatch. The crafted response would need to arrive over the TLS-protected
+CloudWatch endpoint, requiring a MITM position on that connection. User code
+runs with --net=none and cannot interact with the CloudWatch connection at all.
+Verdict: Not exploitable by user code. DoS-only; requires MITM of a TLS
+CloudWatch endpoint.

docs/vulns/SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930.txt

@@ -0,0 +1,11 @@
+SNYK-GOLANG-GITHUBCOMSIGSTORETIMESTAMPAUTHORITYV2PKGVERIFICATION-16134930 | sigstore/timestamp-authority v2 | CVSS 6.7 | Medium
+What: Improper certificate validation in VerifyTimestampResponse. An attacker
+can prepend a forged certificate to the certificate bag so that signature
+validation uses one certificate while authorization is checked against another,
+bypassing time-based policy controls. Fixed in v2.0.6.
+For cyber-dojo: The affected code lives inside the cosign binary in the base
+image. cosign runs in the runner service container, not in user code sandbox
+containers. User code cannot call cosign or interact with sigstore tooling in
+any way. The attack vector is local and requires controlling the certificate
+chain passed to the binary -- not achievable from within the sandbox.
+Verdict: Not exploitable by user code. cosign is not accessible from the sandbox.

docs/vulns/SNYK-GOLANG-GOETCDIOBBOLT-15922383.txt

@@ -0,0 +1,9 @@
+SNYK-GOLANG-GOETCDIOBBOLT-15922383 | go.etcd.io/bbolt | no CVE assigned yet
+What: Bucket.Stats() panics with an index out-of-range when it encounters a branch
+page with zero elements (corrupted or partially-written database). Fix merged
+2026-03-30; no release tag at time of writing.
+For cyber-dojo: bbolt is an embedded key-value store used by containerd for its
+metadata. The panic requires a corrupted bbolt database, which user code cannot
+cause -- the containerd metadata store is entirely outside the sandbox.
+Verdict: Not exploitable by user code. Data-corruption resilience concern for
+containerd, not a sandbox escape risk.