-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 44 unreviewed reports
- data/reports/GO-2024-2576.yaml - data/reports/GO-2024-2695.yaml - data/reports/GO-2024-2737.yaml - data/reports/GO-2024-2795.yaml - data/reports/GO-2024-2799.yaml - data/reports/GO-2024-2715.yaml - data/reports/GO-2024-2798.yaml - data/reports/GO-2024-2793.yaml - data/reports/GO-2024-2705.yaml - data/reports/GO-2024-2808.yaml - data/reports/GO-2024-2875.yaml - data/reports/GO-2024-2635.yaml - data/reports/GO-2024-2707.yaml - data/reports/GO-2024-2797.yaml - data/reports/GO-2024-2726.yaml - data/reports/GO-2024-2650.yaml - data/reports/GO-2024-2698.yaml - data/reports/GO-2024-2760.yaml - data/reports/GO-2024-2788.yaml - data/reports/GO-2024-2629.yaml - data/reports/GO-2024-2771.yaml - data/reports/GO-2024-2794.yaml - data/reports/GO-2024-2637.yaml - data/reports/GO-2024-2734.yaml - data/reports/GO-2024-2764.yaml - data/reports/GO-2024-2762.yaml - data/reports/GO-2024-2566.yaml - data/reports/GO-2024-2789.yaml - data/reports/GO-2024-2664.yaml - data/reports/GO-2024-2688.yaml - data/reports/GO-2024-2697.yaml - data/reports/GO-2024-2719.yaml - data/reports/GO-2024-2718.yaml - data/reports/GO-2024-2468.yaml - data/reports/GO-2024-2717.yaml - data/reports/GO-2024-2761.yaml - data/reports/GO-2024-2796.yaml - data/reports/GO-2024-2706.yaml - data/reports/GO-2024-2722.yaml - data/reports/GO-2024-2665.yaml - data/reports/GO-2024-2750.yaml - data/reports/GO-2024-2809.yaml - data/reports/GO-2024-2696.yaml - data/reports/GO-2024-2732.yaml Fixes #2576 Fixes #2695 Fixes #2737 Fixes #2795 Fixes #2799 Fixes #2715 Fixes #2798 Fixes #2793 Fixes #2705 Fixes #2808 Fixes #2875 Fixes #2635 Fixes #2707 Fixes #2797 Fixes #2726 Fixes #2650 Fixes #2698 Fixes #2760 Fixes #2788 Fixes #2629 Fixes #2771 Fixes #2794 Fixes #2637 Fixes #2734 Fixes #2764 Fixes #2762 Fixes #2566 Fixes #2789 Fixes #2664 Fixes #2688 Fixes #2697 Fixes #2719 Fixes #2718 Fixes #2468 Fixes #2717 Fixes #2761 Fixes #2796 Fixes #2706 Fixes #2722 Fixes #2665 Fixes #2750 Fixes #2809 Fixes #2696 Fixes #2732 Change-Id: I8f664cb56ccc1fbce1437179178f78fa3825a1c5 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/590278 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
- Loading branch information
Showing
88 changed files
with
3,973 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2468", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2022-3328", | ||
"GHSA-cjqf-877p-7m3f" | ||
], | ||
"summary": "snapd Race Condition vulnerability in github.com/snapcore/snapd", | ||
"details": "snapd Race Condition vulnerability in github.com/snapcore/snapd", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/snapcore/snapd", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-cjqf-877p-7m3f" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3328" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/snapcore/snapd/pull/12380" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://ubuntu.com/security/notices/USN-5753-1" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2468", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2566", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-24776", | ||
"GHSA-r833-w756-h5p2" | ||
], | ||
"summary": "Mattermost fails to check the required permissions in github.com/mattermost/mattermost/server/v8", | ||
"details": "Mattermost fails to check the required permissions in github.com/mattermost/mattermost/server/v8", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/mattermost/mattermost/server/v8", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-r833-w756-h5p2" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24776" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://mattermost.com/security-updates" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2566", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,61 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2576", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-1485", | ||
"GHSA-84xv-jfrm-h4gm" | ||
], | ||
"summary": "registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library", | ||
"details": "registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/devfile/registry-support/registry-library", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1485" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://access.redhat.com/security/cve/CVE-2024-1485" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/devfile/registry-support/pull/197" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2576", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2629", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-1442", | ||
"GHSA-5mxf-42f5-j782" | ||
], | ||
"summary": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana", | ||
"details": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/grafana/grafana", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-5mxf-42f5-j782" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1442" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://grafana.com/security/security-advisories/cve-2024-1442" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2629", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,49 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2635", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-1952", | ||
"GHSA-r4fm-g65h-cr54" | ||
], | ||
"summary": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost/server/v8", | ||
"details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost/server/v8", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/mattermost/mattermost/server/v8", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-r4fm-g65h-cr54" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1952" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://mattermost.com/security-updates" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2635", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,53 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2637", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-28197", | ||
"GHSA-mq4x-r2w3-j7mr" | ||
], | ||
"summary": "Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel", | ||
"details": "Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/zitadel/zitadel", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28197" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/zitadel/zitadel/commit/d4c553b75a214e41299af010ef4b26174a0f802c" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/zitadel/zitadel/commit/e82cb51eb819c6cdba8123c9c34c5739b46b29eb" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2637", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,47 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2650", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"GHSA-v8mx-hp2q-gw85" | ||
], | ||
"summary": "Golang SDK for Vela Insecure Variable Substitution in github.com/go-vela/sdk-go", | ||
"details": "Golang SDK for Vela Insecure Variable Substitution in github.com/go-vela/sdk-go", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/go-vela/sdk-go", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "0.23.2" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/go-vela/sdk-go/security/advisories/GHSA-v8mx-hp2q-gw85" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/go-vela/sdk-go/commit/e3a34719badf37928e60f4402abe51f8b50055e1" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2650", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
Oops, something went wrong.