x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-mv55-23xp-3wp8 #645

julieqiu · 2022-08-01T18:19:14Z

In GitHub Security Advisory GHSA-mv55-23xp-3wp8, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/kiali/kiali	1.33.0	< 1.33.0

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/kiali/kiali
    versions:
      - fixed: 1.33.0
description: An incorrect access control flaw was found in the kiali-operator in versions
    before 1.33.0. This flaw allows an attacker with a basic level of access to the
    cluster (to deploy a kiali operand) to use this vulnerability and deploy a given
    image to anywhere in the cluster, potentially gaining access to privileged service
    account tokens. The highest threat from this vulnerability is to data confidentiality
    and integrity as well as system availability.
published: 2021-06-08T20:09:36Z
last_modified: 2021-06-15T19:56:21Z
cves:
  - CVE-2021-3495
ghsas:
  - GHSA-mv55-23xp-3wp8
links:
    context:
      - https://github.com/advisories/GHSA-mv55-23xp-3wp8

The text was updated successfully, but these errors were encountered:

rolandshoemaker · 2022-08-03T17:49:06Z

Vuln in tool.

gopherbot · 2024-06-14T19:55:05Z

Change https://go.dev/cl/592770 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:37:19Z

Change https://go.dev/cl/607223 mentions this issue: data/reports: unexclude 20 reports (21)

- data/reports/GO-2022-0642.yaml - data/reports/GO-2022-0644.yaml - data/reports/GO-2022-0645.yaml - data/reports/GO-2022-0647.yaml - data/reports/GO-2022-0649.yaml - data/reports/GO-2022-0700.yaml - data/reports/GO-2022-0703.yaml - data/reports/GO-2022-0704.yaml - data/reports/GO-2022-0705.yaml - data/reports/GO-2022-0707.yaml - data/reports/GO-2022-0708.yaml - data/reports/GO-2022-0709.yaml - data/reports/GO-2022-0732.yaml - data/reports/GO-2022-0749.yaml - data/reports/GO-2022-0751.yaml - data/reports/GO-2022-0752.yaml - data/reports/GO-2022-0759.yaml - data/reports/GO-2022-0760.yaml - data/reports/GO-2022-0769.yaml - data/reports/GO-2022-0770.yaml Updates #642 Updates #644 Updates #645 Updates #647 Updates #649 Updates #700 Updates #703 Updates #704 Updates #705 Updates #707 Updates #708 Updates #709 Updates #732 Updates #749 Updates #751 Updates #752 Updates #759 Updates #760 Updates #769 Updates #770 Change-Id: I3dabcc907fd498009a9bd4cf865198037615717e Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607223 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Damien Neil <dneil@google.com>

julieqiu assigned rolandshoemaker Aug 3, 2022

rolandshoemaker added the NotGoVuln label Aug 3, 2022

rolandshoemaker closed this as completed Aug 3, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 10, 2022

GoVulnBot mentioned this issue Sep 25, 2023

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-6f4m-j56w-55c3 #2075

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-mv55-23xp-3wp8 #645

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-mv55-23xp-3wp8 #645

julieqiu commented Aug 1, 2022

rolandshoemaker commented Aug 3, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-mv55-23xp-3wp8 #645

x/vulndb: potential Go vuln in github.com/kiali/kiali: GHSA-mv55-23xp-3wp8 #645

Comments

julieqiu commented Aug 1, 2022

rolandshoemaker commented Aug 3, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024