Skip to content

Commit

Permalink
data/reports: add 44 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-2576.yaml
  - data/reports/GO-2024-2695.yaml
  - data/reports/GO-2024-2737.yaml
  - data/reports/GO-2024-2795.yaml
  - data/reports/GO-2024-2799.yaml
  - data/reports/GO-2024-2715.yaml
  - data/reports/GO-2024-2798.yaml
  - data/reports/GO-2024-2793.yaml
  - data/reports/GO-2024-2705.yaml
  - data/reports/GO-2024-2808.yaml
  - data/reports/GO-2024-2875.yaml
  - data/reports/GO-2024-2635.yaml
  - data/reports/GO-2024-2707.yaml
  - data/reports/GO-2024-2797.yaml
  - data/reports/GO-2024-2726.yaml
  - data/reports/GO-2024-2650.yaml
  - data/reports/GO-2024-2698.yaml
  - data/reports/GO-2024-2760.yaml
  - data/reports/GO-2024-2788.yaml
  - data/reports/GO-2024-2629.yaml
  - data/reports/GO-2024-2771.yaml
  - data/reports/GO-2024-2794.yaml
  - data/reports/GO-2024-2637.yaml
  - data/reports/GO-2024-2734.yaml
  - data/reports/GO-2024-2764.yaml
  - data/reports/GO-2024-2762.yaml
  - data/reports/GO-2024-2566.yaml
  - data/reports/GO-2024-2789.yaml
  - data/reports/GO-2024-2664.yaml
  - data/reports/GO-2024-2688.yaml
  - data/reports/GO-2024-2697.yaml
  - data/reports/GO-2024-2719.yaml
  - data/reports/GO-2024-2718.yaml
  - data/reports/GO-2024-2468.yaml
  - data/reports/GO-2024-2717.yaml
  - data/reports/GO-2024-2761.yaml
  - data/reports/GO-2024-2796.yaml
  - data/reports/GO-2024-2706.yaml
  - data/reports/GO-2024-2722.yaml
  - data/reports/GO-2024-2665.yaml
  - data/reports/GO-2024-2750.yaml
  - data/reports/GO-2024-2809.yaml
  - data/reports/GO-2024-2696.yaml
  - data/reports/GO-2024-2732.yaml

Fixes #2576
Fixes #2695
Fixes #2737
Fixes #2795
Fixes #2799
Fixes #2715
Fixes #2798
Fixes #2793
Fixes #2705
Fixes #2808
Fixes #2875
Fixes #2635
Fixes #2707
Fixes #2797
Fixes #2726
Fixes #2650
Fixes #2698
Fixes #2760
Fixes #2788
Fixes #2629
Fixes #2771
Fixes #2794
Fixes #2637
Fixes #2734
Fixes #2764
Fixes #2762
Fixes #2566
Fixes #2789
Fixes #2664
Fixes #2688
Fixes #2697
Fixes #2719
Fixes #2718
Fixes #2468
Fixes #2717
Fixes #2761
Fixes #2796
Fixes #2706
Fixes #2722
Fixes #2665
Fixes #2750
Fixes #2809
Fixes #2696
Fixes #2732

Change-Id: I8f664cb56ccc1fbce1437179178f78fa3825a1c5
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/590278
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
  • Loading branch information
@tatianab
tatianab committed Jun 5, 2024
1 parent 69991d5 commit 8ed6db9
Show file tree
Hide file tree
Showing 88 changed files with 3,973 additions and 0 deletions.
65 changes: 65 additions & 0 deletions data/osv/GO-2024-2468.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,65 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2468",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2022-3328",
"GHSA-cjqf-877p-7m3f"
],
"summary": "snapd Race Condition vulnerability in github.com/snapcore/snapd",
"details": "snapd Race Condition vulnerability in github.com/snapcore/snapd",
"affected": [
{
"package": {
"name": "github.com/snapcore/snapd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-3328"
},
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-cjqf-877p-7m3f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-3328"
},
{
"type": "FIX",
"url": "https://github.com/snapcore/snapd/commit/21ebc51f00b8a1417888faa2e83a372fd29d0f5e"
},
{
"type": "FIX",
"url": "https://github.com/snapcore/snapd/commit/6226cdc57052f4b7057d92f2e549aa169e35cd2d"
},
{
"type": "FIX",
"url": "https://github.com/snapcore/snapd/pull/12380"
},
{
"type": "WEB",
"url": "https://ubuntu.com/security/notices/USN-5753-1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2468",
"review_status": "UNREVIEWED"
}
}
49 changes: 49 additions & 0 deletions data/osv/GO-2024-2566.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2566",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-24776",
"GHSA-r833-w756-h5p2"
],
"summary": "Mattermost fails to check the required permissions in github.com/mattermost/mattermost/server/v8",
"details": "Mattermost fails to check the required permissions in github.com/mattermost/mattermost/server/v8",
"affected": [
{
"package": {
"name": "github.com/mattermost/mattermost/server/v8",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-r833-w756-h5p2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-24776"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2566",
"review_status": "UNREVIEWED"
}
}
61 changes: 61 additions & 0 deletions data/osv/GO-2024-2576.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,61 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2576",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-1485",
"GHSA-84xv-jfrm-h4gm"
],
"summary": "registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library",
"details": "registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library",
"affected": [
{
"package": {
"name": "github.com/devfile/registry-support/registry-library",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-84xv-jfrm-h4gm"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1485"
},
{
"type": "WEB",
"url": "https://access.redhat.com/security/cve/CVE-2024-1485"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2264106"
},
{
"type": "WEB",
"url": "https://github.com/devfile/registry-support/commit/0e44b9ca6d03fac4fc3f77d37656d56dc5defe0d"
},
{
"type": "WEB",
"url": "https://github.com/devfile/registry-support/pull/197"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2576",
"review_status": "UNREVIEWED"
}
}
49 changes: 49 additions & 0 deletions data/osv/GO-2024-2629.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2629",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-1442",
"GHSA-5mxf-42f5-j782"
],
"summary": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana",
"details": "Grafana's users with permissions to create a data source can CRUD all data sources in github.com/grafana/grafana",
"affected": [
{
"package": {
"name": "github.com/grafana/grafana",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-5mxf-42f5-j782"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1442"
},
{
"type": "WEB",
"url": "https://grafana.com/security/security-advisories/cve-2024-1442"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2629",
"review_status": "UNREVIEWED"
}
}
49 changes: 49 additions & 0 deletions data/osv/GO-2024-2635.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2635",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-1952",
"GHSA-r4fm-g65h-cr54"
],
"summary": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost/server/v8",
"details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost/server/v8",
"affected": [
{
"package": {
"name": "github.com/mattermost/mattermost/server/v8",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-r4fm-g65h-cr54"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-1952"
},
{
"type": "WEB",
"url": "https://mattermost.com/security-updates"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2635",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-2637.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2637",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-28197",
"GHSA-mq4x-r2w3-j7mr"
],
"summary": "Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel",
"details": "Account Takeover via Session Fixation in Zitadel [Bypassing MFA] in github.com/zitadel/zitadel",
"affected": [
{
"package": {
"name": "github.com/zitadel/zitadel",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-mq4x-r2w3-j7mr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-28197"
},
{
"type": "FIX",
"url": "https://github.com/zitadel/zitadel/commit/d4c553b75a214e41299af010ef4b26174a0f802c"
},
{
"type": "FIX",
"url": "https://github.com/zitadel/zitadel/commit/e82cb51eb819c6cdba8123c9c34c5739b46b29eb"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2637",
"review_status": "UNREVIEWED"
}
}
47 changes: 47 additions & 0 deletions data/osv/GO-2024-2650.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2650",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-v8mx-hp2q-gw85"
],
"summary": "Golang SDK for Vela Insecure Variable Substitution in github.com/go-vela/sdk-go",
"details": "Golang SDK for Vela Insecure Variable Substitution in github.com/go-vela/sdk-go",
"affected": [
{
"package": {
"name": "github.com/go-vela/sdk-go",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.23.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/go-vela/sdk-go/security/advisories/GHSA-v8mx-hp2q-gw85"
},
{
"type": "FIX",
"url": "https://github.com/go-vela/sdk-go/commit/e3a34719badf37928e60f4402abe51f8b50055e1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2650",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 8ed6db9

Please sign in to comment.