-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 26 unreviewed reports
- data/reports/GO-2024-2804.yaml - data/reports/GO-2024-2811.yaml - data/reports/GO-2024-2816.yaml - data/reports/GO-2024-2817.yaml - data/reports/GO-2024-2843.yaml - data/reports/GO-2024-2844.yaml - data/reports/GO-2024-2847.yaml - data/reports/GO-2024-2848.yaml - data/reports/GO-2024-2849.yaml - data/reports/GO-2024-2850.yaml - data/reports/GO-2024-2851.yaml - data/reports/GO-2024-2852.yaml - data/reports/GO-2024-2854.yaml - data/reports/GO-2024-2855.yaml - data/reports/GO-2024-2856.yaml - data/reports/GO-2024-2857.yaml - data/reports/GO-2024-2865.yaml - data/reports/GO-2024-2866.yaml - data/reports/GO-2024-2867.yaml - data/reports/GO-2024-2871.yaml - data/reports/GO-2024-2872.yaml - data/reports/GO-2024-2877.yaml - data/reports/GO-2024-2880.yaml - data/reports/GO-2024-2882.yaml - data/reports/GO-2024-2885.yaml - data/reports/GO-2024-2886.yaml Fixes #2804 Fixes #2811 Fixes #2816 Fixes #2817 Fixes #2843 Fixes #2844 Fixes #2847 Fixes #2848 Fixes #2849 Fixes #2850 Fixes #2851 Fixes #2852 Fixes #2854 Fixes #2855 Fixes #2856 Fixes #2857 Fixes #2865 Fixes #2866 Fixes #2867 Fixes #2871 Fixes #2872 Fixes #2877 Fixes #2880 Fixes #2882 Fixes #2885 Fixes #2886 Change-Id: Ia746865818b99c2d6bd37b287461693a53b892d8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/590277 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
- Loading branch information
Showing
52 changed files
with
2,202 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,73 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2804", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-32967", | ||
| "GHSA-q5qj-x2h5-3945" | ||
| ], | ||
| "summary": "Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel", | ||
| "details": "Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/zitadel/zitadel", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-q5qj-x2h5-3945" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32967" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/zitadel/zitadel/commit/b918603b576d156a08b90917c14c2d019c82ffc6" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/zitadel/zitadel/releases/tag/v2.45.7" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/zitadel/zitadel/releases/tag/v2.46.7" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/zitadel/zitadel/releases/tag/v2.47.10" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/zitadel/zitadel/releases/tag/v2.48.5" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/zitadel/zitadel/releases/tag/v2.49.5" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/zitadel/zitadel/releases/tag/v2.50.3" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2804", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,57 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2811", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-33398", | ||
| "GHSA-6fg2-hvj9-832f" | ||
| ], | ||
| "summary": "piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator/v2", | ||
| "details": "piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator/v2", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/piraeusdatastore/piraeus-operator/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-6fg2-hvj9-832f" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33398" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/HouqiyuA/d0c11fae5ba4789946ae33175d0f9edb" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/HouqiyuA/k8s-rbac-poc" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://piraeus.io" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2811", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2816", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-33394", | ||
| "GHSA-4q63-mr2m-57hf" | ||
| ], | ||
| "summary": "kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt", | ||
| "details": "kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "kubevirt.io/kubevirt", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-4q63-mr2m-57hf" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33394" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2816", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2817", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-33396", | ||
| "GHSA-wccg-v638-j9q2" | ||
| ], | ||
| "summary": "karmada vulnerable to arbitrary code execution via a crafted command in github.com/karmada-io/karmada", | ||
| "details": "karmada vulnerable to arbitrary code execution via a crafted command in github.com/karmada-io/karmada", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/karmada-io/karmada", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/advisories/GHSA-wccg-v638-j9q2" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33396" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2817", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2843", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2022-39306", | ||
| "GHSA-2x6g-h2hg-rq84" | ||
| ], | ||
| "summary": "Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana", | ||
| "details": "Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/grafana/grafana", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://security.netapp.com/advisory/ntap-20221215-0004" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2843", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,49 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2844", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2022-39307", | ||
| "GHSA-3p62-42x7-gxg5" | ||
| ], | ||
| "summary": "Grafana User enumeration via forget password in github.com/grafana/grafana", | ||
| "details": "Grafana User enumeration via forget password in github.com/grafana/grafana", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/grafana/grafana", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://security.netapp.com/advisory/ntap-20221215-0004" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2844", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,53 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2847", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2022-35957", | ||
| "GHSA-ff5c-938w-8c9q" | ||
| ], | ||
| "summary": "Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana", | ||
| "details": "Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/grafana/grafana", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://security.netapp.com/advisory/ntap-20221215-0001" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2847", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.