x/vulndb: potential Go vuln in github.com/open-feature/open-feature-operator: GHSA-cwf6-xj49-wp83

[GoVulnBot]

In GitHub Security Advisory GHSA-cwf6-xj49-wp83, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/open-feature/open-feature-operator	0.2.32	< 0.2.32

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/open-feature/open-feature-operator
    versions:
      - fixed: 0.2.32
    packages:
      - package: github.com/open-feature/open-feature-operator
summary: ' OpenFeature Operator vulnerable to Cluster-level Privilege Escalation'
description: |-
    ### Impact

    On a node controlled by an attacker or malicious user, the lax permissions configured on `open-feature-operator-controller-manager` can be used to further escalate the privileges of any service account in the cluster.

    The increased privileges could be used to modify cluster state, leading to DoS, or read sensitive data, including secrets.

    ### Patches

    The patch mitigates this issue by restricting the resources the `open-feature-operator-controller-manager` can modify.
cves:
  - CVE-2023-29018
ghsas:
  - GHSA-cwf6-xj49-wp83
references:
  - advisory: https://github.com/open-feature/open-feature-operator/security/advisories/GHSA-cwf6-xj49-wp83
  - web: https://github.com/open-feature/open-feature-operator/releases/tag/v0.2.32
  - advisory: https://github.com/advisories/GHSA-cwf6-xj49-wp83

[gopherbot]

Change https://go.dev/cl/485916 mentions this issue: data/excluded: batch add GO-2023-1729, GO-2023-1728, GO-2023-1727, GO-2023-1723, GO-2023-1721, GO-2023-1720

[gopherbot]

Change https://go.dev/cl/592760 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606785 mentions this issue: data/reports: unexclude 20 reports (5)