-
Notifications
You must be signed in to change notification settings - Fork 58
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 4 unreviewed reports
- data/reports/GO-2024-2993.yaml - data/reports/GO-2024-2994.yaml - data/reports/GO-2024-2996.yaml - data/reports/GO-2024-2997.yaml Fixes #2993 Fixes #2994 Fixes #2996 Fixes #2997 Change-Id: I4aec2240621abb4771d856a7fb29ee0a5fed7424 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/599636 Reviewed-by: Damien Neil <dneil@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
- Loading branch information
Showing
8 changed files
with
434 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,65 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2993", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-41111", | ||
"GHSA-hc5w-gxxr-w8x8" | ||
], | ||
"summary": "Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver", | ||
"details": "Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/bishopfox/sliver", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "1.5.40" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41111" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/BishopFox/sliver/commit/0deaee625d14c6f05f63c86e5c3b7ae623a1138f" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/BishopFox/sliver/issues/65" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/BishopFox/sliver/pull/1281" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://sliver.sh/docs?name=Multi-player+Mode" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2993", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,90 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2994", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-5321", | ||
"GHSA-82m2-cv7p-4m75" | ||
], | ||
"summary": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", | ||
"details": "Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "k8s.io/kubernetes", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "1.27.16" | ||
}, | ||
{ | ||
"introduced": "1.28.0" | ||
}, | ||
{ | ||
"fixed": "1.28.12" | ||
}, | ||
{ | ||
"introduced": "1.29.0" | ||
}, | ||
{ | ||
"fixed": "1.29.7" | ||
}, | ||
{ | ||
"introduced": "1.30.0" | ||
}, | ||
{ | ||
"fixed": "1.30.3" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://github.com/advisories/GHSA-82m2-cv7p-4m75" | ||
}, | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-5321" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/kubernetes/kubernetes/issues/126161" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2994", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,89 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2996", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-21527" | ||
], | ||
"summary": "CVE-2024-21527 in github.com/gotenberg/gotenberg", | ||
"details": "CVE-2024-21527 in github.com/gotenberg/gotenberg", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/gotenberg/gotenberg/v7", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
}, | ||
{ | ||
"package": { | ||
"name": "github.com/gotenberg/gotenberg/v8", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
}, | ||
{ | ||
"fixed": "8.1.0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21527" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/gotenberg/gotenberg/commit/ad152e62e5124b673099a9103eb6e7f933771794" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://gist.github.com/filipochnik/bc88a3d1cc17c07cec391ee98e1e6356" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://github.com/gotenberg/gotenberg/releases/tag/v8.1.0" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGGOTENBERG-7537081" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESCHROMIUM-7537082" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOTENBERGGOTENBERGV8PKGMODULESWEBHOOK-7537083" | ||
} | ||
], | ||
"credits": [ | ||
{ | ||
"name": "Filip Ochnik" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2996", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,81 @@ | ||
{ | ||
"schema_version": "1.3.1", | ||
"id": "GO-2024-2997", | ||
"modified": "0001-01-01T00:00:00Z", | ||
"published": "0001-01-01T00:00:00Z", | ||
"aliases": [ | ||
"CVE-2024-21583" | ||
], | ||
"summary": "CVE-2024-21583 in github.com/gitpod-io/gitpod", | ||
"details": "CVE-2024-21583 in github.com/gitpod-io/gitpod", | ||
"affected": [ | ||
{ | ||
"package": { | ||
"name": "github.com/gitpod-io/gitpod", | ||
"ecosystem": "Go" | ||
}, | ||
"ranges": [ | ||
{ | ||
"type": "SEMVER", | ||
"events": [ | ||
{ | ||
"introduced": "0" | ||
} | ||
] | ||
} | ||
], | ||
"ecosystem_specific": {} | ||
} | ||
], | ||
"references": [ | ||
{ | ||
"type": "ADVISORY", | ||
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-21583" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/gitpod-io/gitpod/commit/da1053e1013f27a56e6d3533aa251dbd241d0155" | ||
}, | ||
{ | ||
"type": "FIX", | ||
"url": "https://github.com/gitpod-io/gitpod/pull/19973" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://app.safebase.io/portal/71ccd717-aa2d-4a1e-942e-c768d37e9e0c/preview?product=[…]942e-c768d37e9e0c\u0026tcuUid=1d505bda-9a38-4ca5-8724-052e6337f34d" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSSERVERGOPKGLIB-7452074" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODCOMPONENTSWSPROXYPKGPROXY-7452075" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSAUTH-7452076" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSPUBLICAPISERVER-7452077" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGITPODIOGITPODINSTALLINSTALLERPKGCOMPONENTSSERVER-7452078" | ||
}, | ||
{ | ||
"type": "WEB", | ||
"url": "https://security.snyk.io/vuln/SNYK-JS-GITPODGITPODPROTOCOL-7452079" | ||
} | ||
], | ||
"credits": [ | ||
{ | ||
"name": "Elliot Ward (Snyk Security Research)" | ||
} | ||
], | ||
"database_specific": { | ||
"url": "https://pkg.go.dev/vuln/GO-2024-2997", | ||
"review_status": "UNREVIEWED" | ||
} | ||
} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,25 @@ | ||
id: GO-2024-2993 | ||
modules: | ||
- module: github.com/bishopfox/sliver | ||
versions: | ||
- introduced: 1.5.40 | ||
unsupported_versions: | ||
- last_affected: 1.6.0-dev | ||
vulnerable_at: 1.5.42 | ||
summary: Sliver Allows Authenticated Operator-to-Server Remote Code Execution in github.com/bishopfox/sliver | ||
cves: | ||
- CVE-2024-41111 | ||
ghsas: | ||
- GHSA-hc5w-gxxr-w8x8 | ||
references: | ||
- advisory: https://github.com/BishopFox/sliver/security/advisories/GHSA-hc5w-gxxr-w8x8 | ||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-41111 | ||
- web: https://github.com/BishopFox/sliver/commit/0deaee625d14c6f05f63c86e5c3b7ae623a1138f | ||
- web: https://github.com/BishopFox/sliver/commit/5016fb8d7cdff38c79e22e8293e58300f8d3bd57 | ||
- web: https://github.com/BishopFox/sliver/issues/65 | ||
- web: https://github.com/BishopFox/sliver/pull/1281 | ||
- web: https://sliver.sh/docs?name=Multi-player+Mode | ||
source: | ||
id: GHSA-hc5w-gxxr-w8x8 | ||
created: 2024-07-19T12:19:31.469236-04:00 | ||
review_status: UNREVIEWED |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,30 @@ | ||
id: GO-2024-2994 | ||
modules: | ||
- module: k8s.io/kubernetes | ||
versions: | ||
- fixed: 1.27.16 | ||
- introduced: 1.28.0 | ||
- fixed: 1.28.12 | ||
- introduced: 1.29.0 | ||
- fixed: 1.29.7 | ||
- introduced: 1.30.0 | ||
- fixed: 1.30.3 | ||
vulnerable_at: 1.30.2 | ||
summary: Kubernetes sets incorrect permissions on Windows containers logs in k8s.io/kubernetes | ||
cves: | ||
- CVE-2024-5321 | ||
ghsas: | ||
- GHSA-82m2-cv7p-4m75 | ||
references: | ||
- advisory: https://github.com/advisories/GHSA-82m2-cv7p-4m75 | ||
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-5321 | ||
- web: https://github.com/kubernetes/kubernetes/commit/23660a78ae462a6c8c75ac7ffd9af97550dda1aa | ||
- web: https://github.com/kubernetes/kubernetes/commit/84beb2915fa28ae477fe0676be8ba94ccd2b811a | ||
- web: https://github.com/kubernetes/kubernetes/commit/90589b8f63d28bcd3db89749950ebc48ed07c190 | ||
- web: https://github.com/kubernetes/kubernetes/commit/de2033033b1d202ecaaa79d41861a075df8b49c1 | ||
- web: https://github.com/kubernetes/kubernetes/issues/126161 | ||
- web: https://groups.google.com/g/kubernetes-security-announce/c/81c0BHkKNt0 | ||
source: | ||
id: GHSA-82m2-cv7p-4m75 | ||
created: 2024-07-19T12:19:24.247679-04:00 | ||
review_status: UNREVIEWED |
Oops, something went wrong.