接口功能介绍
获取镜像版本扫描结果列表
接口约束
无
URI
GET /v1/listRepoTagScanResult
路径参数
无
Query参数
参数 | 是否必填 | 参数类型 | 说明 | 示例 | 下级对象 |
---|---|---|---|---|---|
instanceId | 是 | Long | 实例ID | 1638470585571688449 | |
repositoryId | 是 | Long | 镜像仓库id | 1695041896390332417 | |
reference | 是 | String | 镜像digest或者tag | mytag | |
pageNow | 否 | Integer | 页码 | 1 | |
pageSize | 否 | Integer | 每页大小 | 10 |
请求参数
请求头header参数
参数 | 是否必填 | 参数类型 | 说明 | 示例 | 下级对象 |
---|---|---|---|---|---|
Content-Type | 是 | String | 类型 | application/json | |
regionId | 是 | String | 资源池编码 | bb9fdb42056f11eda1610242ac110002 |
请求体body参数
无
响应参数
参数 | 参数类型 | 说明 | 示例 | 下级对象 |
---|---|---|---|---|
statusCode | Integer | 响应码 | ||
message | String | 返回信息 | ||
returnObj | Object | 返回结果 | returnObj | |
error | String | 错误信息 |
表 returnObj
参数 | 参数类型 | 说明 | 示例 | 下级对象 |
---|---|---|---|---|
total | Integer | 总条数 | 5 | |
size | Integer | 每页条数 | 10 | |
current | Integer | 当前页码 | 1 | |
pages | Integer | 总页数 | 1 | |
records | Object | 漏洞详情列表 | records |
表 records
参数 | 参数类型 | 说明 | 示例 | 下级对象 |
---|---|---|---|---|
artifactDigests | String | 镜像摘要 | sha256:27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b | |
id | String | 漏洞ID | CVE-2019-3462 | |
severity | String | 漏洞紧急程度 | High | |
version | String | 版本 | 1.0.9.8.3 | |
description | String | 漏洞描述 | Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker, potentially leading to remote code execution on the target machine. | |
pakage | String | 包名 | apt |
枚举参数
无
请求示例
请求url
GET https://[endpoint].ctapi.ctyun.cn/v1/getRepoTagScanSummary?instanceId=1638470585571688449&repositoryId=1695041896390332417&reference=mytag
请求头header
{
"Content-Type":"application/json"
}
请求体body
无
响应示例
{
"message": "",
"returnObj": {
"current": 1,
"hitCount": false,
"optimizeCountSql": true,
"orders": [
],
"pages": 30,
"records": [
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
""
],
"description": "Incorrect sanitation of the 302 redirect field in HTTP transport method of apt versions 1.4.8 and earlier can lead to content injection by a MITM attacker,
potentially leading to remote code execution on the target machine.",
"id": "CVE-2019-3462",
"package": "apt",
"severity": "High",
"vendor_attributes": {
"cVSS": {
"nvd": {
"V3Vector": "CVSS: 3.1/AV: N/AC: H/PR: N/UI: N/S: U/C: H/I: H/A: H",
"V2Vector": "AV: N/AC: M/Au: N/C: C/I: C/A: C",
"V3Score": 8.1,
"V2Score": 9.3
}
}
},
"version": "1.0.9.8.3"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-295"
],
"description": "The apt package in Debian jessie before 1.0.9.8.4,
in Debian unstable before 1.4~beta2,
in Ubuntu 14.04 LTS before 1.0.1ubuntu2.17,
in Ubuntu 16.04 LTS before 1.2.15ubuntu0.2,
and in Ubuntu 16.10 before 1.3.2ubuntu0.1 allows man-in-the-middle attackers to bypass a repository-signing protection mechanism by leveraging improper error handling when validating InRelease file signatures.",
"id": "CVE-2016-1252",
"package": "apt",
"severity": "Medium",
"vendor_attributes": {
"cVSS": {
"nvd": {
"V3Vector": "CVSS: 3.1/AV: N/AC: H/PR: N/UI: N/S: U/C: N/I: H/A: N",
"V2Vector": "AV: N/AC: M/Au: N/C: N/I: P/A: N",
"V3Score": 5.9,
"V2Score": 4.3
}
}
},
"version": "1.0.9.8.3"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-20",
"CWE-125"
],
"description": "Missing input validation in the ar/tar implementations of APT before version 2.1.2 could result in denial of service when processing specially crafted deb files.",
"id": "CVE-2020-3810",
"package": "apt",
"severity": "Medium",
"vendor_attributes": {
"cVSS": {
"nvd": {
"V3Vector": "CVSS: 3.1/AV: L/AC: L/PR: N/UI: R/S: U/C: N/I: N/A: H",
"V2Vector": "AV: N/AC: M/Au: N/C: N/I: N/A: P",
"V3Score": 5.5,
"V2Score": 4.3
}
}
},
"version": "1.0.9.8.3"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-20"
],
"description": "Bash before 4.4 allows local users to execute arbitrary commands with root privileges via crafted SHELLOPTS and PS4 environment variables.",
"id": "CVE-2016-7543",
"package": "bash",
"severity": "High",
"vendor_attributes": {
"cVSS": {
"redhat": {
"V3Vector": "CVSS: 3.0/AV: L/AC: H/PR: L/UI: N/S: U/C: H/I: H/A: H",
"V2Vector": "AV: L/AC: M/Au: N/C: C/I: C/A: C",
"V3Score": 7,
"V2Score": 6.9
},
"nvd": {
"V3Vector": "CVSS: 3.0/AV: L/AC: L/PR: N/UI: N/S: U/C: H/I: H/A: H",
"V2Vector": "AV: L/AC: L/Au: N/C: C/I: C/A: C",
"V3Score": 8.4,
"V2Score": 7.2
}
}
},
"version": "4.3-11"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-862"
],
"description": "rbash in Bash before 4.4-beta2 did not prevent the shell user from modifying BASH_CMDS,
thus allowing the user to execute any command with the permissions of the shell.",
"id": "CVE-2019-9924",
"package": "bash",
"severity": "High",
"vendor_attributes": {
"cVSS": {
"redhat": {
"V3Vector": "CVSS: 3.1/AV: L/AC: L/PR: L/UI: N/S: U/C: H/I: H/A: H",
"V3Score": 7.8
},
"nvd": {
"V3Vector": "CVSS: 3.1/AV: L/AC: L/PR: L/UI: N/S: U/C: H/I: H/A: H",
"V2Vector": "AV: L/AC: L/Au: N/C: C/I: C/A: C",
"V3Score": 7.8,
"V2Score": 7.2
}
}
},
"version": "4.3-11"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-416"
],
"description": "popd in bash might allow local users to bypass the restricted shell and cause a use-after-free via a crafted address.",
"id": "CVE-2016-9401",
"package": "bash",
"severity": "Medium",
"vendor_attributes": {
"cVSS": {
"redhat": {
"V3Vector": "CVSS: 3.0/AV: L/AC: L/PR: L/UI: N/S: U/C: N/I: N/A: L",
"V2Vector": "AV: L/AC: M/Au: N/C: N/I: N/A: P",
"V3Score": 3.3,
"V2Score": 1.9
},
"nvd": {
"V3Vector": "CVSS: 3.1/AV: L/AC: L/PR: L/UI: N/S: U/C: N/I: N/A: H",
"V2Vector": "AV: L/AC: L/Au: N/C: N/I: N/A: P",
"V3Score": 5.5,
"V2Score": 2.1
}
}
},
"version": "4.3-11"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-78"
],
"description": "The expansion of '\\h' in the prompt string in bash 4.3 allows remote authenticated users to execute arbitrary code via shell metacharacters placed in 'hostname' of a machine.",
"id": "CVE-2016-0634",
"package": "bash",
"severity": "Low",
"vendor_attributes": {
"cVSS": {
"redhat": {
"V3Vector": "CVSS: 3.0/AV: L/AC: H/PR: N/UI: N/S: U/C: L/I: L/A: L",
"V2Vector": "AV: L/AC: H/Au: N/C: P/I: P/A: P",
"V3Score": 4.9,
"V2Score": 3.7
},
"nvd": {
"V3Vector": "CVSS: 3.0/AV: N/AC: H/PR: L/UI: N/S: U/C: H/I: H/A: H",
"V2Vector": "AV: N/AC: M/Au: S/C: P/I: P/A: P",
"V3Score": 7.5,
"V2Score": 6
}
}
},
"version": "4.3-11"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-264"
],
"description": "runuser in util-linux allows local users to escape to the parent session via a crafted TIOCSTI ioctl call,
which pushes characters to the terminal's input buffer.",
"id": "CVE-2016-2779",
"package": "bsdutils",
"severity": "High",
"vendor_attributes": {
"cVSS": {
"redhat": {
"V3Vector": "CVSS: 3.0/AV: L/AC: L/PR: N/UI: R/S: C/C: H/I: H/A: H",
"V2Vector": "AV: L/AC: H/Au: N/C: C/I: C/A: C",
"V3Score": 8.6,
"V2Score": 6.2
},
"nvd": {
"V3Vector": "CVSS: 3.0/AV: L/AC: L/PR: L/UI: N/S: U/C: H/I: H/A: H",
"V2Vector": "AV: L/AC: L/Au: N/C: C/I: C/A: C",
"V3Score": 7.8,
"V2Score": 7.2
}
}
},
"version": "2.25.2-6"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
""
],
"description": "The parse_dos_extended function in partitions/dos.c in the libblkid library in util-linux allows physically proximate attackers to cause a denial of service (memory consumption) via a crafted MSDOS partition table with an extended partition boot record at zero offset.",
"id": "CVE-2016-5011",
"package": "bsdutils",
"severity": "Medium",
"vendor_attributes": {
"cVSS": {
"redhat": {
"V3Vector": "CVSS: 3.0/AV: P/AC: L/PR: N/UI: N/S: U/C: N/I: N/A: H",
"V2Vector": "AV: L/AC: L/Au: N/C: N/I: N/A: C",
"V3Score": 4.6,
"V2Score": 4.9
},
"nvd": {
"V3Vector": "CVSS: 3.1/AV: P/AC: L/PR: N/UI: N/S: U/C: N/I: N/A: H",
"V2Vector": "AV: L/AC: L/Au: N/C: N/I: N/A: C",
"V3Score": 4.6,
"V2Score": 4.9
}
}
},
"version": "2.25.2-6"
},
{
"artifact_digests": "
[
\"sha256: 27dcbcfcc51ff2e1144f31758900f881b209ca0555d55cbc20d72cfae23b405b\"
]
",
"cwe_ids": [
"CWE-20"
],
"description": "chroot in GNU coreutils,
when used with --userspec,
allows local users to escape to the parent session via a crafted TIOCSTI ioctl call,
which pushes characters to the terminal's input buffer.",
"id": "CVE-2016-2781",
"package": "coreutils",
"severity": "Low",
"vendor_attributes": {
"cVSS": {
"redhat": {
"V3Vector": "CVSS: 3.0/AV: L/AC: L/PR: N/UI: R/S: C/C: H/I: H/A: H",
"V2Vector": "AV: L/AC: H/Au: N/C: C/I: C/A: C",
"V3Score": 8.6,
"V2Score": 6.2
},
"nvd": {
"V3Vector": "CVSS: 3.0/AV: L/AC: L/PR: L/UI: N/S: C/C: N/I: H/A: N",
"V2Vector": "AV: L/AC: L/Au: N/C: N/I: P/A: N",
"V3Score": 6.5,
"V2Score": 2.1
}
}
},
"version": "8.23-4"
}
],
"searchCount": true,
"size": 10,
"total": 298
},
"statusCode": 0
}
状态码
请参考 状态码
错误码
请参考 错误码