diff --git a/data/osv/GO-2024-2746.json b/data/osv/GO-2024-2746.json index f321b065..2f421248 100644 --- a/data/osv/GO-2024-2746.json +++ b/data/osv/GO-2024-2746.json @@ -40,7 +40,16 @@ ] } ], - "ecosystem_specific": {} + "ecosystem_specific": { + "imports": [ + { + "path": "k8s.io/kubernetes/plugin/pkg/admission/serviceaccount", + "symbols": [ + "Plugin.limitSecretReferences" + ] + } + ] + } } ], "references": [ @@ -49,25 +58,9 @@ "url": "https://github.com/advisories/GHSA-pxhw-596r-rwq5" }, { - "type": "ADVISORY", - "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-3177" - }, - { - "type": "WEB", - "url": "http://www.openwall.com/lists/oss-security/2024/04/16/4" - }, - { - "type": "WEB", + "type": "FIX", "url": "https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a" }, - { - "type": "WEB", - "url": "https://github.com/kubernetes/kubernetes/commit/a619ca3fd3ee3c222d9df784622020de398076d2" - }, - { - "type": "WEB", - "url": "https://github.com/kubernetes/kubernetes/commit/f9fb6cf52a769a599a45e700375115c2ecc86e9b" - }, { "type": "WEB", "url": "https://github.com/kubernetes/kubernetes/issues/124336" @@ -75,18 +68,10 @@ { "type": "WEB", "url": "https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT" - }, - { - "type": "WEB", - "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC" } ], "database_specific": { "url": "https://pkg.go.dev/vuln/GO-2024-2746", - "review_status": "UNREVIEWED" + "review_status": "REVIEWED" } } \ No newline at end of file diff --git a/data/reports/GO-2024-2746.yaml b/data/reports/GO-2024-2746.yaml index 1b05d5af..6ce1efc1 100644 --- a/data/reports/GO-2024-2746.yaml +++ b/data/reports/GO-2024-2746.yaml @@ -8,6 +8,10 @@ modules: - introduced: 1.29.0 - fixed: 1.29.4 vulnerable_at: 1.29.3 + packages: + - package: k8s.io/kubernetes/plugin/pkg/admission/serviceaccount + symbols: + - Plugin.limitSecretReferences summary: |- Kubernetes allows bypassing mountable secrets policy imposed by the ServiceAccount admission plugin in k8s.io/kubernetes @@ -17,16 +21,10 @@ ghsas: - GHSA-pxhw-596r-rwq5 references: - advisory: https://github.com/advisories/GHSA-pxhw-596r-rwq5 - - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-3177 - - web: http://www.openwall.com/lists/oss-security/2024/04/16/4 - - web: https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a - - web: https://github.com/kubernetes/kubernetes/commit/a619ca3fd3ee3c222d9df784622020de398076d2 - - web: https://github.com/kubernetes/kubernetes/commit/f9fb6cf52a769a599a45e700375115c2ecc86e9b + - fix: https://github.com/kubernetes/kubernetes/commit/7c861b1ecad97e1ab9332c970c9294a72065111a - web: https://github.com/kubernetes/kubernetes/issues/124336 - web: https://groups.google.com/g/kubernetes-security-announce/c/JxjHf7fkVd8/m/oVCzypyOAQAJ - - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QRYFHIQ6XRKRYBI2F5UESH67BJBQXUPT - - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WL54MTLGMTBZZO5PYGEGEBERTMADC4WC source: id: GHSA-pxhw-596r-rwq5 created: 2024-05-17T16:12:44.610818-04:00 -review_status: UNREVIEWED +review_status: REVIEWED