x/vulndb: potential Go vuln in sigs.k8s.io/azurefile-csi-driver: GHSA-qjqg-4wg7-957h

[GoVulnBot]

In GitHub Security Advisory GHSA-qjqg-4wg7-957h, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
sigs.k8s.io/azurefile-csi-driver	1.30.1	= 1.30.0

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: sigs.k8s.io/azurefile-csi-driver
      versions:
        - introduced: TODO (earliest fixed "1.30.1", vuln range "= 1.30.0")
      packages:
        - package: sigs.k8s.io/azurefile-csi-driver
    - module: sigs.k8s.io/azurefile-csi-driver
      versions:
        - introduced: TODO (earliest fixed "1.29.4", vuln range "<= 1.29.3")
      packages:
        - package: sigs.k8s.io/azurefile-csi-driver
summary: azure-file-csi-driver leaks service account tokens in the logs in sigs.k8s.io/azurefile-csi-driver
cves:
    - CVE-2024-3744
ghsas:
    - GHSA-qjqg-4wg7-957h
references:
    - report: https://github.com/kubernetes/kubernetes/issues/124759
    - web: https://groups.google.com/g/kubernetes-security-announce/c/hcgZE2MQo1A/m/Y4C6q-CYAgAJ
    - fix: https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/a1b7446de942136419f07394efeef804523f87ae
    - fix: https://github.com/kubernetes-sigs/azurefile-csi-driver/commit/e11ff3dc2c03894cde692213308f9991e7bbd5bf
    - advisory: https://github.com/advisories/GHSA-qjqg-4wg7-957h
notes:
    - fix: 'module merge error: could not merge versions of module sigs.k8s.io/azurefile-csi-driver: invalid or non-canonical semver version (found TODO (earliest fixed "1.30.1", vuln range "= 1.30.0"))'
source:
    id: GHSA-qjqg-4wg7-957h

[gopherbot]

Change https://go.dev/cl/586484 mentions this issue: data/reports: add 73 unreviewed reports

[gopherbot]

Change https://go.dev/cl/590039 mentions this issue: data/reports: add 51 reports