data/reports: update GO-2024-2746

  - data/reports/GO-2024-2746.yaml

Updates #2746

Change-Id: Ib156e8b36cf9c768a58ead781bdabccfc4c0b2fb
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/595975
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Zvonimir Pavlinovic <zpavlinovic@google.com>

data/osv/GO-2024-2746.json

@@ -40,7 +40,16 @@
           ]
         }
       ],
-      "ecosystem_specific": {}
+      "ecosystem_specific": {
+        "imports": [
+          {
+            "path": "k8s.io/kubernetes/plugin/pkg/admission/serviceaccount",
+            "symbols": [
+              "Plugin.limitSecretReferences"
+            ]
+          }
+        ]
+      }
     }
   ],
   "references": [
@@ -49,44 +58,20 @@
       "url": "https://github.com/advisories/GHSA-pxhw-596r-rwq5"
     },
     {
-      "type": "ADVISORY",
-      "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3177"
-    },
-    {
-      "type": "WEB",
-      "url": "http://www.openwall.com/lists/oss-security/2024/04/16/4"
-    },
-    {
-      "type": "WEB",
+      "type": "FIX",
       "url": "https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a"
     },
-    {
-      "type": "WEB",
-      "url": "https://github.com/kubernetes/kubernetes/commit/a619ca3fd3ee3c222d9df784622020de398076d2"
-    },
-    {
-      "type": "WEB",
-      "url": "https://github.com/kubernetes/kubernetes/commit/f9fb6cf52a769a599a45e700375115c2ecc86e9b"
-    },
     {
       "type": "WEB",
       "url": "https://github.com/kubernetes/kubernetes/issues/124336"
     },
     {
       "type": "WEB",
       "url": "https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ"
-    },
-    {
-      "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT"
-    },
-    {
-      "type": "WEB",
-      "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC"
     }
   ],
   "database_specific": {
     "url": "https://pkg.go.dev/vuln/GO-2024-2746",
-    "review_status": "UNREVIEWED"
+    "review_status": "REVIEWED"
   }
 }

data/reports/GO-2024-2746.yaml

@@ -8,6 +8,10 @@ modules:
         - introduced: 1.29.0
         - fixed: 1.29.4
       vulnerable_at: 1.29.3
+      packages:
+        - package: k8s.io/kubernetes/plugin/pkg/admission/serviceaccount
+          symbols:
+            - Plugin.limitSecretReferences
 summary: |-
     Kubernetes allows bypassing mountable secrets policy imposed by the
     ServiceAccount admission plugin in k8s.io/kubernetes
@@ -17,16 +21,10 @@ ghsas:
     - GHSA-pxhw-596r-rwq5
 references:
     - advisory: https://github.com/advisories/GHSA-pxhw-596r-rwq5
-    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-3177
-    - web: http://www.openwall.com/lists/oss-security/2024/04/16/4
-    - web: https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a
-    - web: https://github.com/kubernetes/kubernetes/commit/a619ca3fd3ee3c222d9df784622020de398076d2
-    - web: https://github.com/kubernetes/kubernetes/commit/f9fb6cf52a769a599a45e700375115c2ecc86e9b
+    - fix: https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a
     - web: https://github.com/kubernetes/kubernetes/issues/124336
     - web: https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ
-    - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT
-    - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC
 source:
     id: GHSA-pxhw-596r-rwq5
     created: 2024-05-17T16:12:44.610818-04:00
-review_status: UNREVIEWED
+review_status: REVIEWED