From 08b42c7fedbaee3b5b607fd0e98c57badd212150 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Fri, 16 Aug 2024 17:08:11 -0400 Subject: [PATCH] data/reports: regenerate 50 reports - data/reports/GO-2024-2428.yaml - data/reports/GO-2024-2442.yaml - data/reports/GO-2024-2444.yaml - data/reports/GO-2024-2445.yaml - data/reports/GO-2024-2446.yaml - data/reports/GO-2024-2447.yaml - data/reports/GO-2024-2448.yaml - data/reports/GO-2024-2449.yaml - data/reports/GO-2024-2450.yaml - data/reports/GO-2024-2478.yaml - data/reports/GO-2024-2485.yaml - data/reports/GO-2024-2486.yaml - data/reports/GO-2024-2488.yaml - data/reports/GO-2024-2499.yaml - data/reports/GO-2024-2501.yaml - data/reports/GO-2024-2505.yaml - data/reports/GO-2024-2508.yaml - data/reports/GO-2024-2509.yaml - data/reports/GO-2024-2511.yaml - data/reports/GO-2024-2513.yaml - data/reports/GO-2024-2514.yaml - data/reports/GO-2024-2515.yaml - data/reports/GO-2024-2517.yaml - data/reports/GO-2024-2519.yaml - data/reports/GO-2024-2520.yaml - data/reports/GO-2024-2523.yaml - data/reports/GO-2024-2540.yaml - data/reports/GO-2024-2541.yaml - data/reports/GO-2024-2566.yaml - data/reports/GO-2024-2568.yaml - data/reports/GO-2024-2569.yaml - data/reports/GO-2024-2576.yaml - data/reports/GO-2024-2578.yaml - data/reports/GO-2024-2579.yaml - data/reports/GO-2024-2580.yaml - data/reports/GO-2024-2582.yaml - data/reports/GO-2024-2588.yaml - data/reports/GO-2024-2589.yaml - data/reports/GO-2024-2590.yaml - data/reports/GO-2024-2591.yaml - data/reports/GO-2024-2592.yaml - data/reports/GO-2024-2593.yaml - data/reports/GO-2024-2594.yaml - data/reports/GO-2024-2595.yaml - data/reports/GO-2024-2597.yaml - data/reports/GO-2024-2629.yaml - data/reports/GO-2024-2635.yaml - data/reports/GO-2024-2636.yaml - data/reports/GO-2024-2637.yaml - data/reports/GO-2024-2641.yaml Updates golang/vulndb#2428 Updates golang/vulndb#2442 Updates golang/vulndb#2444 Updates golang/vulndb#2445 Updates golang/vulndb#2446 Updates golang/vulndb#2447 Updates golang/vulndb#2448 Updates golang/vulndb#2449 Updates golang/vulndb#2450 Updates golang/vulndb#2478 Updates golang/vulndb#2485 Updates golang/vulndb#2486 Updates golang/vulndb#2488 Updates golang/vulndb#2499 Updates golang/vulndb#2501 Updates golang/vulndb#2505 Updates golang/vulndb#2508 Updates golang/vulndb#2509 Updates golang/vulndb#2511 Updates golang/vulndb#2513 Updates golang/vulndb#2514 Updates golang/vulndb#2515 Updates golang/vulndb#2517 Updates golang/vulndb#2519 Updates golang/vulndb#2520 Updates golang/vulndb#2523 Updates golang/vulndb#2540 Updates golang/vulndb#2541 Updates golang/vulndb#2566 Updates golang/vulndb#2568 Updates golang/vulndb#2569 Updates golang/vulndb#2576 Updates golang/vulndb#2578 Updates golang/vulndb#2579 Updates golang/vulndb#2580 Updates golang/vulndb#2582 Updates golang/vulndb#2588 Updates golang/vulndb#2589 Updates golang/vulndb#2590 Updates golang/vulndb#2591 Updates golang/vulndb#2592 Updates golang/vulndb#2593 Updates golang/vulndb#2594 Updates golang/vulndb#2595 Updates golang/vulndb#2597 Updates golang/vulndb#2629 Updates golang/vulndb#2635 Updates golang/vulndb#2636 Updates golang/vulndb#2637 Updates golang/vulndb#2641 Change-Id: If02ad5ae2b621addda56b45d8c84b0476a12737b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606358 Reviewed-by: Damien Neil Auto-Submit: Tatiana Bradley LUCI-TryBot-Result: Go LUCI --- data/osv/GO-2024-2442.json | 5 +++-- data/osv/GO-2024-2445.json | 5 +++-- data/osv/GO-2024-2447.json | 5 +++-- data/osv/GO-2024-2449.json | 5 +++-- data/osv/GO-2024-2568.json | 2 +- data/osv/GO-2024-2569.json | 2 +- data/osv/GO-2024-2635.json | 18 ++---------------- data/reports/GO-2024-2428.yaml | 4 +--- data/reports/GO-2024-2442.yaml | 5 +++-- data/reports/GO-2024-2444.yaml | 9 +++------ data/reports/GO-2024-2445.yaml | 7 +++++-- data/reports/GO-2024-2446.yaml | 9 +++------ data/reports/GO-2024-2447.yaml | 7 ++++--- data/reports/GO-2024-2448.yaml | 7 ++----- data/reports/GO-2024-2449.yaml | 7 +++++-- data/reports/GO-2024-2450.yaml | 9 +++------ data/reports/GO-2024-2478.yaml | 2 +- data/reports/GO-2024-2485.yaml | 4 +--- data/reports/GO-2024-2486.yaml | 4 +--- data/reports/GO-2024-2488.yaml | 4 +--- data/reports/GO-2024-2499.yaml | 4 +--- data/reports/GO-2024-2501.yaml | 4 +--- data/reports/GO-2024-2505.yaml | 4 +--- data/reports/GO-2024-2508.yaml | 4 +--- data/reports/GO-2024-2509.yaml | 4 +--- data/reports/GO-2024-2511.yaml | 4 +--- data/reports/GO-2024-2513.yaml | 4 +--- data/reports/GO-2024-2514.yaml | 4 +--- data/reports/GO-2024-2515.yaml | 4 +--- data/reports/GO-2024-2517.yaml | 4 +--- data/reports/GO-2024-2519.yaml | 4 +--- data/reports/GO-2024-2520.yaml | 4 +--- data/reports/GO-2024-2523.yaml | 4 +--- data/reports/GO-2024-2540.yaml | 4 +--- data/reports/GO-2024-2541.yaml | 7 ++----- data/reports/GO-2024-2566.yaml | 7 ++----- data/reports/GO-2024-2568.yaml | 8 ++------ data/reports/GO-2024-2569.yaml | 8 ++------ data/reports/GO-2024-2576.yaml | 4 ++-- data/reports/GO-2024-2578.yaml | 2 +- data/reports/GO-2024-2579.yaml | 2 +- data/reports/GO-2024-2580.yaml | 2 +- data/reports/GO-2024-2582.yaml | 4 ++-- data/reports/GO-2024-2588.yaml | 6 ++---- data/reports/GO-2024-2589.yaml | 6 ++---- data/reports/GO-2024-2590.yaml | 6 ++---- data/reports/GO-2024-2591.yaml | 6 ++---- data/reports/GO-2024-2592.yaml | 6 ++---- data/reports/GO-2024-2593.yaml | 6 ++---- data/reports/GO-2024-2594.yaml | 6 ++---- data/reports/GO-2024-2595.yaml | 6 ++---- data/reports/GO-2024-2597.yaml | 2 +- data/reports/GO-2024-2629.yaml | 4 +--- data/reports/GO-2024-2635.yaml | 8 ++------ data/reports/GO-2024-2636.yaml | 2 +- data/reports/GO-2024-2637.yaml | 2 +- data/reports/GO-2024-2641.yaml | 2 +- 57 files changed, 101 insertions(+), 187 deletions(-) diff --git a/data/osv/GO-2024-2442.json b/data/osv/GO-2024-2442.json index 7dc0b401..622b93ce 100644 --- a/data/osv/GO-2024-2442.json +++ b/data/osv/GO-2024-2442.json @@ -3,11 +3,12 @@ "id": "GO-2024-2442", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", + "withdrawn": "2024-01-23T12:50:23Z", "aliases": [ "GHSA-76cc-p55w-63g3" ], - "summary": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport", - "details": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", + "summary": "Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport", + "details": "Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", "affected": [ { "package": { diff --git a/data/osv/GO-2024-2445.json b/data/osv/GO-2024-2445.json index 466af466..6ccb7be7 100644 --- a/data/osv/GO-2024-2445.json +++ b/data/osv/GO-2024-2445.json @@ -3,11 +3,12 @@ "id": "GO-2024-2445", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", + "withdrawn": "2024-01-23T12:50:08Z", "aliases": [ "GHSA-c9v7-wmwj-vf6x" ], - "summary": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport", - "details": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", + "summary": "Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport", + "details": "Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", "affected": [ { "package": { diff --git a/data/osv/GO-2024-2447.json b/data/osv/GO-2024-2447.json index 9f404f46..1cb32ade 100644 --- a/data/osv/GO-2024-2447.json +++ b/data/osv/GO-2024-2447.json @@ -3,11 +3,12 @@ "id": "GO-2024-2447", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", + "withdrawn": "2024-01-23T12:50:39Z", "aliases": [ "GHSA-hw4x-mcx5-9q36" ], - "summary": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport", - "details": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", + "summary": "Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport", + "details": "Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", "affected": [ { "package": { diff --git a/data/osv/GO-2024-2449.json b/data/osv/GO-2024-2449.json index 887c3778..89d55e5a 100644 --- a/data/osv/GO-2024-2449.json +++ b/data/osv/GO-2024-2449.json @@ -3,11 +3,12 @@ "id": "GO-2024-2449", "modified": "0001-01-01T00:00:00Z", "published": "0001-01-01T00:00:00Z", + "withdrawn": "2024-01-23T12:49:53Z", "aliases": [ "GHSA-vfxf-76hv-v4w4" ], - "summary": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport", - "details": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", + "summary": "Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport", + "details": "Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.", "affected": [ { "package": { diff --git a/data/osv/GO-2024-2568.json b/data/osv/GO-2024-2568.json index 2bbef690..2076f7e3 100644 --- a/data/osv/GO-2024-2568.json +++ b/data/osv/GO-2024-2568.json @@ -20,7 +20,7 @@ "type": "SEMVER", "events": [ { - "introduced": "0" + "introduced": "1.14.0" }, { "fixed": "1.14.7" diff --git a/data/osv/GO-2024-2569.json b/data/osv/GO-2024-2569.json index 485992f3..ab3f4064 100644 --- a/data/osv/GO-2024-2569.json +++ b/data/osv/GO-2024-2569.json @@ -20,7 +20,7 @@ "type": "SEMVER", "events": [ { - "introduced": "0" + "introduced": "1.14.0" }, { "fixed": "1.14.7" diff --git a/data/osv/GO-2024-2635.json b/data/osv/GO-2024-2635.json index 3556b207..b0d7bf83 100644 --- a/data/osv/GO-2024-2635.json +++ b/data/osv/GO-2024-2635.json @@ -8,7 +8,7 @@ "GHSA-r4fm-g65h-cr54" ], "summary": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server", - "details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.1.9.", + "details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server", "affected": [ { "package": { @@ -79,21 +79,7 @@ ] } ], - "ecosystem_specific": { - "custom_ranges": [ - { - "type": "ECOSYSTEM", - "events": [ - { - "introduced": "0" - }, - { - "fixed": "8.1.9" - } - ] - } - ] - } + "ecosystem_specific": {} } ], "references": [ diff --git a/data/reports/GO-2024-2428.yaml b/data/reports/GO-2024-2428.yaml index fc182078..3ffad52f 100644 --- a/data/reports/GO-2024-2428.yaml +++ b/data/reports/GO-2024-2428.yaml @@ -11,8 +11,6 @@ cves: - CVE-2023-5044 ghsas: - GHSA-fp9f-44c2-cw27 -unknown_aliases: - - BIT-nginx-ingress-controller-2023-5044 references: - advisory: https://github.com/advisories/GHSA-fp9f-44c2-cw27 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-5044 @@ -22,6 +20,6 @@ references: - web: https://security.netapp.com/advisory/ntap-20240307-0012 source: id: GHSA-fp9f-44c2-cw27 - created: 2024-06-14T11:34:12.417676-04:00 + created: 2024-08-16T15:55:16.958982-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2442.yaml b/data/reports/GO-2024-2442.yaml index 7b24f274..838c14ce 100644 --- a/data/reports/GO-2024-2442.yaml +++ b/data/reports/GO-2024-2442.yaml @@ -7,13 +7,14 @@ modules: - introduced: 14.0.0 - fixed: 14.2.4 vulnerable_at: 3.2.17+incompatible -summary: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport +summary: 'Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport' +withdrawn: "2024-01-23T12:50:23Z" ghsas: - GHSA-76cc-p55w-63g3 references: - advisory: https://github.com/gravitational/teleport/security/advisories/GHSA-76cc-p55w-63g3 source: id: GHSA-76cc-p55w-63g3 - created: 2024-06-14T11:35:01.72578-04:00 + created: 2024-08-16T15:56:08.836802-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2444.yaml b/data/reports/GO-2024-2444.yaml index 8bc465c0..f6c44344 100644 --- a/data/reports/GO-2024-2444.yaml +++ b/data/reports/GO-2024-2444.yaml @@ -1,7 +1,7 @@ id: GO-2024-2444 modules: - module: github.com/mattermost/mattermost-server - vulnerable_at: 9.9.0+incompatible + vulnerable_at: 9.11.0+incompatible - module: github.com/mattermost/mattermost-server/v5 vulnerable_at: 5.39.3 - module: github.com/mattermost/mattermost-server/v6 @@ -9,15 +9,12 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.7 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server cves: - CVE-2023-50333 ghsas: - GHSA-9w97-9rqx-8v4j -unknown_aliases: - - BIT-mattermost-2023-50333 - - CGA-28fj-7rmv-xw55 references: - advisory: https://github.com/advisories/GHSA-9w97-9rqx-8v4j - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-50333 @@ -25,6 +22,6 @@ references: - web: https://mattermost.com/security-updates source: id: GHSA-9w97-9rqx-8v4j - created: 2024-06-26T16:12:41.49358-04:00 + created: 2024-08-16T15:57:37.961165-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2445.yaml b/data/reports/GO-2024-2445.yaml index 40ea7cb6..1d3d91af 100644 --- a/data/reports/GO-2024-2445.yaml +++ b/data/reports/GO-2024-2445.yaml @@ -8,7 +8,10 @@ modules: - introduced: 14.0.0 - fixed: 14.2.4 vulnerable_at: 3.2.17+incompatible -summary: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport +summary: |- + Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP + access in github.com/gravitational/teleport +withdrawn: "2024-01-23T12:50:08Z" ghsas: - GHSA-c9v7-wmwj-vf6x references: @@ -17,6 +20,6 @@ references: - fix: https://github.com/gravitational/teleport/pull/36136 source: id: GHSA-c9v7-wmwj-vf6x - created: 2024-06-14T11:35:27.699279-04:00 + created: 2024-08-16T15:58:42.619857-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2446.yaml b/data/reports/GO-2024-2446.yaml index eb34f148..ce415a5f 100644 --- a/data/reports/GO-2024-2446.yaml +++ b/data/reports/GO-2024-2446.yaml @@ -1,7 +1,7 @@ id: GO-2024-2446 modules: - module: github.com/mattermost/mattermost-server - vulnerable_at: 9.9.0+incompatible + vulnerable_at: 9.11.0+incompatible - module: github.com/mattermost/mattermost-server/v5 vulnerable_at: 5.39.3 - module: github.com/mattermost/mattermost-server/v6 @@ -9,21 +9,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.7 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server cves: - CVE-2023-7113 ghsas: - GHSA-h3gq-j7p9-x3p4 -unknown_aliases: - - BIT-mattermost-2023-7113 - - CGA-pcxv-43r4-92mm references: - advisory: https://github.com/advisories/GHSA-h3gq-j7p9-x3p4 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-7113 - web: https://mattermost.com/security-updates source: id: GHSA-h3gq-j7p9-x3p4 - created: 2024-06-26T16:12:13.229043-04:00 + created: 2024-08-16T15:59:00.341654-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2447.yaml b/data/reports/GO-2024-2447.yaml index 4cea6d57..c817b512 100644 --- a/data/reports/GO-2024-2447.yaml +++ b/data/reports/GO-2024-2447.yaml @@ -9,8 +9,9 @@ modules: - fixed: 14.2.4 vulnerable_at: 3.2.17+incompatible summary: |- - Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low - privileged users in github.com/gravitational/teleport + Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts + is possible from low privileged users in github.com/gravitational/teleport +withdrawn: "2024-01-23T12:50:39Z" ghsas: - GHSA-hw4x-mcx5-9q36 references: @@ -19,6 +20,6 @@ references: - fix: https://github.com/gravitational/teleport/pull/36127 source: id: GHSA-hw4x-mcx5-9q36 - created: 2024-06-14T11:35:35.160981-04:00 + created: 2024-08-16T15:59:03.836685-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2448.yaml b/data/reports/GO-2024-2448.yaml index ad8a9e71..0f86fd84 100644 --- a/data/reports/GO-2024-2448.yaml +++ b/data/reports/GO-2024-2448.yaml @@ -11,7 +11,7 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.7 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: |- Mattermost notified all users in the channel when using WebSockets to respond individually in github.com/mattermost/mattermost-server @@ -19,9 +19,6 @@ cves: - CVE-2023-48732 ghsas: - GHSA-q7rx-w656-fwmv -unknown_aliases: - - BIT-mattermost-2023-48732 - - CGA-jhcr-g7wj-9vq2 references: - advisory: https://github.com/advisories/GHSA-q7rx-w656-fwmv - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-48732 @@ -29,6 +26,6 @@ references: - web: https://mattermost.com/security-updates source: id: GHSA-q7rx-w656-fwmv - created: 2024-06-26T16:10:54.767283-04:00 + created: 2024-08-16T15:59:06.451782-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2449.yaml b/data/reports/GO-2024-2449.yaml index 00ee7c05..4a654063 100644 --- a/data/reports/GO-2024-2449.yaml +++ b/data/reports/GO-2024-2449.yaml @@ -8,7 +8,10 @@ modules: - introduced: 14.0.0 - fixed: 14.2.4 vulnerable_at: 3.2.17+incompatible -summary: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport +summary: |- + Withdrawn Advisory: User-provided environment values allow execution on macOS + agents in github.com/gravitational/teleport +withdrawn: "2024-01-23T12:49:53Z" ghsas: - GHSA-vfxf-76hv-v4w4 references: @@ -17,6 +20,6 @@ references: - fix: https://github.com/gravitational/teleport/pull/36132 source: id: GHSA-vfxf-76hv-v4w4 - created: 2024-06-14T11:35:44.744025-04:00 + created: 2024-08-16T15:59:25.038667-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2450.yaml b/data/reports/GO-2024-2450.yaml index 7c549249..0a2457af 100644 --- a/data/reports/GO-2024-2450.yaml +++ b/data/reports/GO-2024-2450.yaml @@ -3,7 +3,7 @@ modules: - module: github.com/mattermost/mattermost-server non_go_versions: - fixed: 7.8.10 - vulnerable_at: 9.9.0+incompatible + vulnerable_at: 9.11.0+incompatible - module: github.com/mattermost/mattermost-server/v5 vulnerable_at: 5.39.3 - module: github.com/mattermost/mattermost-server/v6 @@ -11,21 +11,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.1 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server cves: - CVE-2023-47858 ghsas: - GHSA-w88v-pjr8-cmv2 -unknown_aliases: - - BIT-mattermost-2023-47858 - - CGA-4m9j-264v-7mr3 references: - advisory: https://github.com/advisories/GHSA-w88v-pjr8-cmv2 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-47858 - web: https://mattermost.com/security-updates source: id: GHSA-w88v-pjr8-cmv2 - created: 2024-06-26T16:13:37.899374-04:00 + created: 2024-08-16T15:59:27.824124-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2478.yaml b/data/reports/GO-2024-2478.yaml index 687a87ee..7974f835 100644 --- a/data/reports/GO-2024-2478.yaml +++ b/data/reports/GO-2024-2478.yaml @@ -19,6 +19,6 @@ references: - web: https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24 source: id: GHSA-g4x3-mfpj-f335 - created: 2024-06-26T16:14:26.250749-04:00 + created: 2024-08-16T16:37:28.044846-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2485.yaml b/data/reports/GO-2024-2485.yaml index c581653a..b1ef82c8 100644 --- a/data/reports/GO-2024-2485.yaml +++ b/data/reports/GO-2024-2485.yaml @@ -10,8 +10,6 @@ cves: - CVE-2020-10661 ghsas: - GHSA-j6vv-vv26-rh7c -unknown_aliases: - - BIT-vault-2020-10661 references: - advisory: https://github.com/advisories/GHSA-j6vv-vv26-rh7c - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10661 @@ -20,6 +18,6 @@ references: - web: https://www.hashicorp.com/blog/category/vault source: id: GHSA-j6vv-vv26-rh7c - created: 2024-06-14T11:37:17.728135-04:00 + created: 2024-08-16T16:01:08.485499-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2486.yaml b/data/reports/GO-2024-2486.yaml index 9a583d8d..0e119d5a 100644 --- a/data/reports/GO-2024-2486.yaml +++ b/data/reports/GO-2024-2486.yaml @@ -10,8 +10,6 @@ cves: - CVE-2020-10660 ghsas: - GHSA-m979-w9wj-qfj9 -unknown_aliases: - - BIT-vault-2020-10660 references: - advisory: https://github.com/advisories/GHSA-m979-w9wj-qfj9 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10660 @@ -21,6 +19,6 @@ references: - web: https://www.hashicorp.com/blog/category/vault source: id: GHSA-m979-w9wj-qfj9 - created: 2024-06-14T11:37:27.238275-04:00 + created: 2024-08-16T16:01:23.539137-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2488.yaml b/data/reports/GO-2024-2488.yaml index 2fe563d7..66c79082 100644 --- a/data/reports/GO-2024-2488.yaml +++ b/data/reports/GO-2024-2488.yaml @@ -16,8 +16,6 @@ cves: - CVE-2020-16251 ghsas: - GHSA-4mp7-2m29-gqxf -unknown_aliases: - - BIT-vault-2020-16251 references: - advisory: https://github.com/advisories/GHSA-4mp7-2m29-gqxf - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-16251 @@ -26,6 +24,6 @@ references: - web: https://www.hashicorp.com/blog/category/vault source: id: GHSA-4mp7-2m29-gqxf - created: 2024-06-14T11:37:32.985013-04:00 + created: 2024-08-16T16:01:28.479046-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2499.yaml b/data/reports/GO-2024-2499.yaml index 8f57083e..586633cf 100644 --- a/data/reports/GO-2024-2499.yaml +++ b/data/reports/GO-2024-2499.yaml @@ -10,8 +10,6 @@ cves: - CVE-2024-24747 ghsas: - GHSA-xx8w-mq23-29g4 -unknown_aliases: - - BIT-minio-2024-24747 references: - advisory: https://github.com/minio/minio/security/advisories/GHSA-xx8w-mq23-29g4 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-24747 @@ -21,6 +19,6 @@ notes: - fix: 'github.com/minio/minio: could not add vulnerable_at: cannot auto-guess when fixed version is 0.0.0 pseudo-version' source: id: GHSA-xx8w-mq23-29g4 - created: 2024-06-14T11:38:05.147981-04:00 + created: 2024-08-16T16:01:42.373527-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2501.yaml b/data/reports/GO-2024-2501.yaml index de75da27..a900c40f 100644 --- a/data/reports/GO-2024-2501.yaml +++ b/data/reports/GO-2024-2501.yaml @@ -12,8 +12,6 @@ cves: - CVE-2020-25201 ghsas: - GHSA-496g-fr33-whrf -unknown_aliases: - - BIT-consul-2020-25201 references: - advisory: https://github.com/advisories/GHSA-496g-fr33-whrf - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-25201 @@ -24,6 +22,6 @@ references: - web: https://www.hashicorp.com/blog/category/consul source: id: GHSA-496g-fr33-whrf - created: 2024-06-14T11:38:16.725105-04:00 + created: 2024-08-16T16:01:47.105189-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2505.yaml b/data/reports/GO-2024-2505.yaml index 3da4ceec..8ce57f29 100644 --- a/data/reports/GO-2024-2505.yaml +++ b/data/reports/GO-2024-2505.yaml @@ -14,8 +14,6 @@ cves: - CVE-2020-28053 ghsas: - GHSA-6m72-467w-94rh -unknown_aliases: - - BIT-consul-2020-28053 references: - advisory: https://github.com/advisories/GHSA-6m72-467w-94rh - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-28053 @@ -26,6 +24,6 @@ references: - web: https://www.hashicorp.com/blog/category/consul source: id: GHSA-6m72-467w-94rh - created: 2024-06-14T11:38:32.702692-04:00 + created: 2024-08-16T16:01:57.658752-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2508.yaml b/data/reports/GO-2024-2508.yaml index 2b325990..6fe6bc57 100644 --- a/data/reports/GO-2024-2508.yaml +++ b/data/reports/GO-2024-2508.yaml @@ -12,8 +12,6 @@ cves: - CVE-2020-35177 ghsas: - GHSA-rpgp-9hmg-j25x -unknown_aliases: - - BIT-vault-2020-35177 references: - advisory: https://github.com/advisories/GHSA-rpgp-9hmg-j25x - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-35177 @@ -22,6 +20,6 @@ references: - web: https://github.com/hashicorp/vault/blob/master/CHANGELOG.md#161 source: id: GHSA-rpgp-9hmg-j25x - created: 2024-06-14T11:38:39.105424-04:00 + created: 2024-08-16T16:02:03.656561-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2509.yaml b/data/reports/GO-2024-2509.yaml index 64b03bb1..b74008a2 100644 --- a/data/reports/GO-2024-2509.yaml +++ b/data/reports/GO-2024-2509.yaml @@ -10,8 +10,6 @@ cves: - CVE-2021-3282 ghsas: - GHSA-rq95-xf66-j689 -unknown_aliases: - - BIT-vault-2021-3282 references: - advisory: https://github.com/advisories/GHSA-rq95-xf66-j689 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-3282 @@ -20,6 +18,6 @@ references: - web: https://security.gentoo.org/glsa/202207-01 source: id: GHSA-rq95-xf66-j689 - created: 2024-06-14T11:38:45.419225-04:00 + created: 2024-08-16T16:02:09.29089-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2511.yaml b/data/reports/GO-2024-2511.yaml index 789248f6..423f5a5d 100644 --- a/data/reports/GO-2024-2511.yaml +++ b/data/reports/GO-2024-2511.yaml @@ -10,8 +10,6 @@ cves: - CVE-2024-0831 ghsas: - GHSA-vgh3-mwxq-rcp8 -unknown_aliases: - - BIT-vault-2024-0831 references: - advisory: https://github.com/advisories/GHSA-vgh3-mwxq-rcp8 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-0831 @@ -21,6 +19,6 @@ references: - web: https://security.netapp.com/advisory/ntap-20240223-0005 source: id: GHSA-vgh3-mwxq-rcp8 - created: 2024-06-14T11:38:56.000042-04:00 + created: 2024-08-16T16:02:21.36344-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2513.yaml b/data/reports/GO-2024-2513.yaml index 2fd7946f..4a5ba8a4 100644 --- a/data/reports/GO-2024-2513.yaml +++ b/data/reports/GO-2024-2513.yaml @@ -9,8 +9,6 @@ cves: - CVE-2020-12458 ghsas: - GHSA-3jq7-8ph8-63xm -unknown_aliases: - - BIT-grafana-2020-12458 references: - advisory: https://github.com/advisories/GHSA-3jq7-8ph8-63xm - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-12458 @@ -23,6 +21,6 @@ references: - web: https://security.netapp.com/advisory/ntap-20200518-0001 source: id: GHSA-3jq7-8ph8-63xm - created: 2024-06-14T11:39:09.292022-04:00 + created: 2024-08-16T16:02:26.749427-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2514.yaml b/data/reports/GO-2024-2514.yaml index 99141056..2d03ca2f 100644 --- a/data/reports/GO-2024-2514.yaml +++ b/data/reports/GO-2024-2514.yaml @@ -10,8 +10,6 @@ cves: - CVE-2020-25816 ghsas: - GHSA-57gg-cj55-q5g2 -unknown_aliases: - - BIT-vault-2020-25816 references: - advisory: https://github.com/advisories/GHSA-57gg-cj55-q5g2 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-25816 @@ -21,6 +19,6 @@ references: - web: https://www.hashicorp.com/blog/category/vault source: id: GHSA-57gg-cj55-q5g2 - created: 2024-06-14T11:39:20.73164-04:00 + created: 2024-08-16T16:02:40.645841-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2515.yaml b/data/reports/GO-2024-2515.yaml index eb3a7f34..88b76909 100644 --- a/data/reports/GO-2024-2515.yaml +++ b/data/reports/GO-2024-2515.yaml @@ -9,8 +9,6 @@ cves: - CVE-2020-13430 ghsas: - GHSA-7m2x-qhrq-rp8h -unknown_aliases: - - BIT-grafana-2020-13430 references: - advisory: https://github.com/advisories/GHSA-7m2x-qhrq-rp8h - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-13430 @@ -19,6 +17,6 @@ references: - web: https://security.netapp.com/advisory/ntap-20200528-0003 source: id: GHSA-7m2x-qhrq-rp8h - created: 2024-06-14T11:39:28.904078-04:00 + created: 2024-08-16T16:02:49.238604-04:00 review_status: UNREVIEWED unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2024-2517.yaml b/data/reports/GO-2024-2517.yaml index 7ae1fe5f..1c068a4b 100644 --- a/data/reports/GO-2024-2517.yaml +++ b/data/reports/GO-2024-2517.yaml @@ -9,8 +9,6 @@ cves: - CVE-2020-12245 ghsas: - GHSA-ccmg-w4xm-p28v -unknown_aliases: - - BIT-grafana-2020-12245 references: - advisory: https://github.com/advisories/GHSA-ccmg-w4xm-p28v - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-12245 @@ -25,6 +23,6 @@ references: - web: https://security.netapp.com/advisory/ntap-20200511-0001 source: id: GHSA-ccmg-w4xm-p28v - created: 2024-06-14T11:39:42.736913-04:00 + created: 2024-08-16T16:02:59.198678-04:00 review_status: UNREVIEWED unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2024-2519.yaml b/data/reports/GO-2024-2519.yaml index 7d2903c4..5d8cbb70 100644 --- a/data/reports/GO-2024-2519.yaml +++ b/data/reports/GO-2024-2519.yaml @@ -10,8 +10,6 @@ cves: - CVE-2020-12459 ghsas: - GHSA-m25m-5778-fm22 -unknown_aliases: - - BIT-grafana-2020-12459 references: - advisory: https://github.com/advisories/GHSA-m25m-5778-fm22 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-12459 @@ -26,5 +24,5 @@ references: - web: https://src.fedoraproject.org/rpms/grafana/c/fab93d67363eb0a9678d9faf160cc88237f26277 source: id: GHSA-m25m-5778-fm22 - created: 2024-07-02T11:58:25.857462-04:00 + created: 2024-08-16T16:03:07.846714-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2520.yaml b/data/reports/GO-2024-2520.yaml index 70955cff..a0ad9522 100644 --- a/data/reports/GO-2024-2520.yaml +++ b/data/reports/GO-2024-2520.yaml @@ -9,8 +9,6 @@ cves: - CVE-2020-24303 ghsas: - GHSA-mvpr-q6rh-8vrp -unknown_aliases: - - BIT-grafana-2020-24303 references: - advisory: https://github.com/advisories/GHSA-mvpr-q6rh-8vrp - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-24303 @@ -19,6 +17,6 @@ references: - web: https://security.netapp.com/advisory/ntap-20201123-0002 source: id: GHSA-mvpr-q6rh-8vrp - created: 2024-06-14T11:39:55.698815-04:00 + created: 2024-08-16T16:03:18.045194-04:00 review_status: UNREVIEWED unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2024-2523.yaml b/data/reports/GO-2024-2523.yaml index 11720247..38d3ac9d 100644 --- a/data/reports/GO-2024-2523.yaml +++ b/data/reports/GO-2024-2523.yaml @@ -9,8 +9,6 @@ cves: - CVE-2020-11110 ghsas: - GHSA-xr3x-62qw-vc4w -unknown_aliases: - - BIT-grafana-2020-11110 references: - advisory: https://github.com/advisories/GHSA-xr3x-62qw-vc4w - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-11110 @@ -20,6 +18,6 @@ references: - web: https://security.netapp.com/advisory/ntap-20200810-0002 source: id: GHSA-xr3x-62qw-vc4w - created: 2024-06-14T11:40:12.676807-04:00 + created: 2024-08-16T16:03:22.619212-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2540.yaml b/data/reports/GO-2024-2540.yaml index f7c5e7f6..8cc3f13c 100644 --- a/data/reports/GO-2024-2540.yaml +++ b/data/reports/GO-2024-2540.yaml @@ -9,8 +9,6 @@ cves: - CVE-2024-24774 ghsas: - GHSA-qr8f-cjw7-838m -unknown_aliases: - - BIT-mattermost-2024-24774 references: - advisory: https://github.com/advisories/GHSA-qr8f-cjw7-838m - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-24774 @@ -18,6 +16,6 @@ references: - web: https://mattermost.com/security-updates source: id: GHSA-qr8f-cjw7-838m - created: 2024-06-14T11:41:03.591421-04:00 + created: 2024-08-16T16:03:47.698471-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2541.yaml b/data/reports/GO-2024-2541.yaml index 26b1c4a1..cd4e1fb9 100644 --- a/data/reports/GO-2024-2541.yaml +++ b/data/reports/GO-2024-2541.yaml @@ -14,15 +14,12 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.8 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost vulnerable to denial of service via large number of emoji reactions in github.com/mattermost/mattermost-server cves: - CVE-2024-1402 ghsas: - GHSA-32h7-7j94-8fc2 -unknown_aliases: - - BIT-mattermost-2024-1402 - - CGA-xjf7-9r4q-527v references: - advisory: https://github.com/advisories/GHSA-32h7-7j94-8fc2 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1402 @@ -32,6 +29,6 @@ references: - web: https://mattermost.com/security-updates source: id: GHSA-32h7-7j94-8fc2 - created: 2024-06-26T16:13:23.271388-04:00 + created: 2024-08-16T16:03:54.480501-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2566.yaml b/data/reports/GO-2024-2566.yaml index f83a62bb..a3f2403c 100644 --- a/data/reports/GO-2024-2566.yaml +++ b/data/reports/GO-2024-2566.yaml @@ -12,20 +12,17 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.8 - vulnerable_at: 8.0.0-20240626145722-59998b0b8473 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost fails to check the required permissions in github.com/mattermost/mattermost-server cves: - CVE-2024-24776 ghsas: - GHSA-r833-w756-h5p2 -unknown_aliases: - - BIT-mattermost-2024-24776 - - CGA-x56p-7vj3-wq3q references: - advisory: https://github.com/advisories/GHSA-r833-w756-h5p2 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-24776 - web: https://mattermost.com/security-updates source: id: GHSA-r833-w756-h5p2 - created: 2024-06-26T13:56:26.587346-04:00 + created: 2024-08-16T16:04:48.587166-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2568.yaml b/data/reports/GO-2024-2568.yaml index 622b82aa..cc4431e9 100644 --- a/data/reports/GO-2024-2568.yaml +++ b/data/reports/GO-2024-2568.yaml @@ -2,6 +2,7 @@ id: GO-2024-2568 modules: - module: github.com/cilium/cilium versions: + - introduced: 1.14.0 - fixed: 1.14.7 vulnerable_at: 1.14.6 summary: Unencrypted ingress/health traffic when using Wireguard transparent encryption in github.com/cilium/cilium @@ -9,11 +10,6 @@ cves: - CVE-2024-25630 ghsas: - GHSA-7496-fgv9-xw82 -unknown_aliases: - - BIT-cilium-2024-25630 - - BIT-cilium-operator-2024-25630 - - BIT-hubble-2024-25630 - - BIT-hubble-relay-2024-25630 references: - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-7496-fgv9-xw82 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-25630 @@ -21,5 +17,5 @@ references: - web: https://github.com/cilium/cilium/releases/tag/v1.14.7 source: id: GHSA-7496-fgv9-xw82 - created: 2024-06-05T13:39:06.463153-04:00 + created: 2024-08-16T16:04:52.773901-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2569.yaml b/data/reports/GO-2024-2569.yaml index 419d9897..620cfb8e 100644 --- a/data/reports/GO-2024-2569.yaml +++ b/data/reports/GO-2024-2569.yaml @@ -2,6 +2,7 @@ id: GO-2024-2569 modules: - module: github.com/cilium/cilium versions: + - introduced: 1.14.0 - fixed: 1.14.7 vulnerable_at: 1.14.6 summary: Unencrypted traffic between pods when using Wireguard and an external kvstore in github.com/cilium/cilium @@ -9,11 +10,6 @@ cves: - CVE-2024-25631 ghsas: - GHSA-x989-52fc-4vr4 -unknown_aliases: - - BIT-cilium-2024-25631 - - BIT-cilium-operator-2024-25631 - - BIT-hubble-2024-25631 - - BIT-hubble-relay-2024-25631 references: - advisory: https://github.com/cilium/cilium/security/advisories/GHSA-x989-52fc-4vr4 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-25631 @@ -22,5 +18,5 @@ references: - web: https://github.com/cilium/cilium/releases/tag/v1.14.7 source: id: GHSA-x989-52fc-4vr4 - created: 2024-06-05T13:39:10.852421-04:00 + created: 2024-08-16T16:24:24.054247-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2576.yaml b/data/reports/GO-2024-2576.yaml index 2dacee13..2f5ef83d 100644 --- a/data/reports/GO-2024-2576.yaml +++ b/data/reports/GO-2024-2576.yaml @@ -3,7 +3,7 @@ modules: - module: github.com/devfile/registry-support/registry-library non_go_versions: - fixed: 0.0.0-20240206 - vulnerable_at: 0.0.0-20240530183941-9de6fb93aed6 + vulnerable_at: 0.0.0-20240816160225-30dce468d0c0 summary: 'registry-support: decompress can delete files outside scope via relative paths in github.com/devfile/registry-support/registry-library' cves: - CVE-2024-1485 @@ -18,5 +18,5 @@ references: - web: https://github.com/devfile/registry-support/pull/197 source: id: GHSA-84xv-jfrm-h4gm - created: 2024-06-04T15:37:44.246541-04:00 + created: 2024-08-16T16:24:27.654705-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2578.yaml b/data/reports/GO-2024-2578.yaml index 4d85ced4..331e8250 100644 --- a/data/reports/GO-2024-2578.yaml +++ b/data/reports/GO-2024-2578.yaml @@ -16,5 +16,5 @@ references: - web: https://lists.apache.org/thread/y5902t09vfgy7892z3vzr1zq900sgyqg source: id: GHSA-8pf2-qj4v-fj64 - created: 2024-05-17T16:15:07.683729-04:00 + created: 2024-08-16T16:24:34.859014-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2579.yaml b/data/reports/GO-2024-2579.yaml index 1f4c0924..a1c0c752 100644 --- a/data/reports/GO-2024-2579.yaml +++ b/data/reports/GO-2024-2579.yaml @@ -16,5 +16,5 @@ references: - web: https://lists.apache.org/thread/f58l6dr4r74hl6o71gn47kmn44vw12cv source: id: GHSA-rmqp-mvv2-54c6 - created: 2024-05-17T16:15:05.172081-04:00 + created: 2024-08-16T16:24:39.111324-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2580.yaml b/data/reports/GO-2024-2580.yaml index 5ae08b2a..deae77d8 100644 --- a/data/reports/GO-2024-2580.yaml +++ b/data/reports/GO-2024-2580.yaml @@ -16,5 +16,5 @@ references: - web: https://lists.apache.org/thread/ko0ksnznt2484lxt0zts2ygr82ldkhcb source: id: GHSA-9q24-hwmc-797x - created: 2024-05-17T16:15:02.863423-04:00 + created: 2024-08-16T16:24:42.356073-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2582.yaml b/data/reports/GO-2024-2582.yaml index b3a808cb..b042c073 100644 --- a/data/reports/GO-2024-2582.yaml +++ b/data/reports/GO-2024-2582.yaml @@ -3,7 +3,7 @@ modules: - module: github.com/stacklok/minder non_go_versions: - fixed: 0.20240226.1425 - vulnerable_at: 0.0.51 + vulnerable_at: 0.0.58 summary: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder cves: - CVE-2024-27093 @@ -15,6 +15,6 @@ references: - fix: https://github.com/stacklok/minder/commit/53868a878e93f29c43437f96dbc990b548e48d1d source: id: GHSA-q6h8-4j2v-pjg4 - created: 2024-06-14T11:42:26.439797-04:00 + created: 2024-08-16T16:24:45.790955-04:00 review_status: UNREVIEWED unexcluded: NOT_IMPORTABLE diff --git a/data/reports/GO-2024-2588.yaml b/data/reports/GO-2024-2588.yaml index dd2ef757..a9258564 100644 --- a/data/reports/GO-2024-2588.yaml +++ b/data/reports/GO-2024-2588.yaml @@ -12,20 +12,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost race condition in github.com/mattermost/mattermost-server cves: - CVE-2024-1949 ghsas: - GHSA-3g35-v53r-gpxc -unknown_aliases: - - CGA-jmr7-jr2v-rjcq references: - advisory: https://github.com/advisories/GHSA-3g35-v53r-gpxc - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1949 - web: https://mattermost.com/security-updates source: id: GHSA-3g35-v53r-gpxc - created: 2024-06-26T16:10:37.990276-04:00 + created: 2024-08-16T16:24:49.987908-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2589.yaml b/data/reports/GO-2024-2589.yaml index 06099f55..1319c93e 100644 --- a/data/reports/GO-2024-2589.yaml +++ b/data/reports/GO-2024-2589.yaml @@ -14,20 +14,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost denial of service through long emoji value in github.com/mattermost/mattermost-server cves: - CVE-2024-24988 ghsas: - GHSA-6mx3-9qfh-77gj -unknown_aliases: - - CGA-hxgx-rg66-hvqr references: - advisory: https://github.com/advisories/GHSA-6mx3-9qfh-77gj - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-24988 - web: https://mattermost.com/security-updates source: id: GHSA-6mx3-9qfh-77gj - created: 2024-06-26T16:08:34.50613-04:00 + created: 2024-08-16T16:24:55.822888-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2590.yaml b/data/reports/GO-2024-2590.yaml index a3188968..5a20c8c0 100644 --- a/data/reports/GO-2024-2590.yaml +++ b/data/reports/GO-2024-2590.yaml @@ -16,20 +16,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost leaks details of AD/LDAP groups of a teams in github.com/mattermost/mattermost-server cves: - CVE-2024-23493 ghsas: - GHSA-7v3v-984v-h74r -unknown_aliases: - - CGA-gvhx-fgcw-f546 references: - advisory: https://github.com/advisories/GHSA-7v3v-984v-h74r - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-23493 - web: https://mattermost.com/security-updates source: id: GHSA-7v3v-984v-h74r - created: 2024-06-26T16:06:07.408556-04:00 + created: 2024-08-16T16:25:00.897529-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2591.yaml b/data/reports/GO-2024-2591.yaml index b93b4107..9f7b4c0c 100644 --- a/data/reports/GO-2024-2591.yaml +++ b/data/reports/GO-2024-2591.yaml @@ -14,20 +14,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost post fetching without auditing in compliance export in github.com/mattermost/mattermost-server cves: - CVE-2024-1887 ghsas: - GHSA-fx48-xv6q-6gp3 -unknown_aliases: - - CGA-9c85-rg9h-4w8m references: - advisory: https://github.com/advisories/GHSA-fx48-xv6q-6gp3 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1887 - web: https://mattermost.com/security-updates source: id: GHSA-fx48-xv6q-6gp3 - created: 2024-06-26T16:10:47.852031-04:00 + created: 2024-08-16T16:25:15.99913-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2592.yaml b/data/reports/GO-2024-2592.yaml index a2951339..73d6d8e6 100644 --- a/data/reports/GO-2024-2592.yaml +++ b/data/reports/GO-2024-2592.yaml @@ -14,20 +14,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost allows attackers access to posts in channels they are not a member of in github.com/mattermost/mattermost-server cves: - CVE-2024-1942 ghsas: - GHSA-hwjf-4667-gqwx -unknown_aliases: - - CGA-xvq7-x2jj-6hg4 references: - advisory: https://github.com/advisories/GHSA-hwjf-4667-gqwx - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1942 - web: https://mattermost.com/security-updates source: id: GHSA-hwjf-4667-gqwx - created: 2024-06-26T16:07:03.779047-04:00 + created: 2024-08-16T16:25:30.310155-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2593.yaml b/data/reports/GO-2024-2593.yaml index c8e2a99c..915e46bf 100644 --- a/data/reports/GO-2024-2593.yaml +++ b/data/reports/GO-2024-2593.yaml @@ -16,20 +16,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost fails to check the "invite_guest" permission in github.com/mattermost/mattermost-server cves: - CVE-2024-1888 ghsas: - GHSA-pfw6-5rx3-xh3c -unknown_aliases: - - CGA-f9x4-gc5p-g8jr references: - advisory: https://github.com/advisories/GHSA-pfw6-5rx3-xh3c - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1888 - web: https://mattermost.com/security-updates source: id: GHSA-pfw6-5rx3-xh3c - created: 2024-06-26T16:09:33.224974-04:00 + created: 2024-08-16T16:25:35.717326-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2594.yaml b/data/reports/GO-2024-2594.yaml index cab2b3ae..881d3b4b 100644 --- a/data/reports/GO-2024-2594.yaml +++ b/data/reports/GO-2024-2594.yaml @@ -16,20 +16,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost fails to limit the number of role names in github.com/mattermost/mattermost-server cves: - CVE-2024-1953 ghsas: - GHSA-vm9m-57jr-4pxh -unknown_aliases: - - CGA-25vp-ggq8-49x6 references: - advisory: https://github.com/advisories/GHSA-vm9m-57jr-4pxh - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1953 - web: https://mattermost.com/security-updates source: id: GHSA-vm9m-57jr-4pxh - created: 2024-06-26T16:08:54.70065-04:00 + created: 2024-08-16T16:25:39.839984-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2595.yaml b/data/reports/GO-2024-2595.yaml index 3d1ed7f7..722d5ce3 100644 --- a/data/reports/GO-2024-2595.yaml +++ b/data/reports/GO-2024-2595.yaml @@ -12,20 +12,18 @@ modules: - module: github.com/mattermost/mattermost/server/v8 non_go_versions: - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626184126-817e18414e41 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost fails to properly restrict the access of files attached to posts in github.com/mattermost/mattermost-server cves: - CVE-2024-23488 ghsas: - GHSA-xgxj-j98c-59rv -unknown_aliases: - - CGA-cp3f-8rch-xvmv references: - advisory: https://github.com/advisories/GHSA-xgxj-j98c-59rv - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-23488 - web: https://mattermost.com/security-updates source: id: GHSA-xgxj-j98c-59rv - created: 2024-06-26T16:13:06.887134-04:00 + created: 2024-08-16T16:25:43.467779-04:00 review_status: UNREVIEWED unexcluded: EFFECTIVELY_PRIVATE diff --git a/data/reports/GO-2024-2597.yaml b/data/reports/GO-2024-2597.yaml index 59922af1..89eb5508 100644 --- a/data/reports/GO-2024-2597.yaml +++ b/data/reports/GO-2024-2597.yaml @@ -15,5 +15,5 @@ references: - fix: https://github.com/authzed/spicedb/commit/ef443c442b96909694390324a99849b0407007fe source: id: GHSA-h3m7-rqc4-7h9p - created: 2024-05-17T16:14:59.533653-04:00 + created: 2024-08-16T16:25:48.70604-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2629.yaml b/data/reports/GO-2024-2629.yaml index 66134f67..d9156305 100644 --- a/data/reports/GO-2024-2629.yaml +++ b/data/reports/GO-2024-2629.yaml @@ -20,13 +20,11 @@ cves: - CVE-2024-1442 ghsas: - GHSA-5mxf-42f5-j782 -unknown_aliases: - - BIT-grafana-2024-1442 references: - advisory: https://github.com/advisories/GHSA-5mxf-42f5-j782 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1442 - web: https://grafana.com/security/security-advisories/cve-2024-1442 source: id: GHSA-5mxf-42f5-j782 - created: 2024-06-04T15:37:37.122896-04:00 + created: 2024-08-16T16:19:42.61183-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2635.yaml b/data/reports/GO-2024-2635.yaml index 65eeffe7..3c056fb0 100644 --- a/data/reports/GO-2024-2635.yaml +++ b/data/reports/GO-2024-2635.yaml @@ -10,21 +10,17 @@ modules: - module: github.com/mattermost/mattermost-server/v6 vulnerable_at: 6.7.2 - module: github.com/mattermost/mattermost/server/v8 - non_go_versions: - - fixed: 8.1.9 - vulnerable_at: 8.0.0-20240626145722-59998b0b8473 + vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35 summary: Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server cves: - CVE-2024-1952 ghsas: - GHSA-r4fm-g65h-cr54 -unknown_aliases: - - CGA-xmgp-mf9v-pph8 references: - advisory: https://github.com/advisories/GHSA-r4fm-g65h-cr54 - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-1952 - web: https://mattermost.com/security-updates source: id: GHSA-r4fm-g65h-cr54 - created: 2024-06-26T13:58:04.253107-04:00 + created: 2024-08-16T16:19:51.835877-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2636.yaml b/data/reports/GO-2024-2636.yaml index 449d5337..b33e6e26 100644 --- a/data/reports/GO-2024-2636.yaml +++ b/data/reports/GO-2024-2636.yaml @@ -19,5 +19,5 @@ references: - web: https://vuldb.com/?id.256304 source: id: GHSA-x2vg-5wrf-vj6v - created: 2024-05-17T16:14:46.922117-04:00 + created: 2024-08-16T16:19:57.816351-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2637.yaml b/data/reports/GO-2024-2637.yaml index 02761d06..70d1f555 100644 --- a/data/reports/GO-2024-2637.yaml +++ b/data/reports/GO-2024-2637.yaml @@ -18,5 +18,5 @@ references: - fix: https://github.com/zitadel/zitadel/commit/e82cb51eb819c6cdba8123c9c34c5739b46b29eb source: id: GHSA-mq4x-r2w3-j7mr - created: 2024-06-04T15:37:28.977324-04:00 + created: 2024-08-16T16:20:05.674478-04:00 review_status: UNREVIEWED diff --git a/data/reports/GO-2024-2641.yaml b/data/reports/GO-2024-2641.yaml index 80bc80f3..e1ceca0b 100644 --- a/data/reports/GO-2024-2641.yaml +++ b/data/reports/GO-2024-2641.yaml @@ -15,5 +15,5 @@ references: - fix: https://github.com/go-vela/worker/commit/e1572743b008e4fbce31ebb1dcd23bf6a1a30297 source: id: GHSA-pwx5-6wxg-px5h - created: 2024-05-17T16:14:41.981889-04:00 + created: 2024-08-16T16:20:10.463987-04:00 review_status: UNREVIEWED