Skip to content

Commit

Permalink
data/reports: update GO-2024-2527
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-2527.yaml

Updates #2527
Fixes #2952

Change-Id: I9026e48ff8f896fd653f3accb55fbe1f5c630a07
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/597355
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
  • Loading branch information
@timothy-king
timothy-king committed Jul 9, 2024
1 parent 002e9e9 commit e5e5fe1
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 22 deletions.
27 changes: 14 additions & 13 deletions data/osv/GO-2024-2527.json
View file
Original file line number Diff line number Diff line change
Expand Up @@ -3,16 +3,15 @@
"id": "GO-2024-2527",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"withdrawn": "2024-07-01T15:21:57Z",
"aliases": [
"GHSA-5x4g-q5rc-36jp"
],
"summary": "WITHDRAWN: Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3",
"details": "(This report has been withdrawn with reason: \"too many false positives\"). .\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: go.etcd.io/etcd/client/pkg/v3 before v3.3.23, from v3.4.0-rc.0 before v3.4.10.",
"summary": "Insecure ciphers are allowed by default in go.etcd.io/etcd",
"details": "The TLS ciphers list supported by etcd contains insecure cipher suites. Users may specify that an insecure cipher is used via “--cipher-suites” flag. A list of secure suites is used by default.",
"affected": [
{
"package": {
"name": "go.etcd.io/etcd/client/pkg/v3",
"name": "go.etcd.io/etcd",
"ecosystem": "Go"
},
"ranges": [
Expand All @@ -21,26 +20,28 @@
"events": [
{
"introduced": "0"
},
{
"fixed": "0.5.0-alpha.5.0.20221102000833-1f054980bc27"
}
]
}
],
"ecosystem_specific": {
"imports": [
{
"path": "go.etcd.io/etcd/pkg/tlsutil"
}
],
"custom_ranges": [
{
"type": "ECOSYSTEM",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.3.23"
},
{
"introduced": "3.4.0-rc.0"
"introduced": "3.2.22"
},
{
"fixed": "3.4.10"
"fixed": "3.4.22"
}
]
}
Expand All @@ -56,6 +57,6 @@
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2527",
"review_status": "UNREVIEWED"
"review_status": "REVIEWED"
}
}
23 changes: 14 additions & 9 deletions data/reports/GO-2024-2527.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,20 +1,25 @@
id: GO-2024-2527
modules:
- module: go.etcd.io/etcd/client/pkg/v3
- module: go.etcd.io/etcd
versions:
- fixed: 0.5.0-alpha.5.0.20221102000833-1f054980bc27
non_go_versions:
- fixed: 3.3.23
- introduced: 3.4.0-rc.0
- fixed: 3.4.10
vulnerable_at: 3.5.14
summary: 'WITHDRAWN: Etcd pkg Insecure ciphers are allowed by default in go.etcd.io/etcd/client/pkg/v3'
description: '(This report has been withdrawn with reason: "too many false positives"). '
withdrawn: 2024-07-01T15:21:57Z
- introduced: 3.2.22
- fixed: 3.4.22
vulnerable_at: 0.5.0-alpha.5.0.20220915004622-85b640cee793
packages:
- package: go.etcd.io/etcd/pkg/tlsutil
summary: Insecure ciphers are allowed by default in go.etcd.io/etcd
description: |-
The TLS ciphers list supported by etcd contains insecure cipher suites. Users
may specify that an insecure cipher is used via “--cipher-suites” flag. A
list of secure suites is used by default.
ghsas:
- GHSA-5x4g-q5rc-36jp
references:
- advisory: https://github.com/etcd-io/etcd/security/advisories/GHSA-5x4g-q5rc-36jp
source:
id: GHSA-5x4g-q5rc-36jp
created: 2024-06-14T11:40:23.789526-04:00
review_status: UNREVIEWED
review_status: REVIEWED
unexcluded: EFFECTIVELY_PRIVATE

0 comments on commit e5e5fe1

Please sign in to comment.