From bc5832ce6045b5b7853179995ace9523edf23525 Mon Sep 17 00:00:00 2001 From: Tatiana Bradley Date: Fri, 13 Sep 2024 15:14:38 -0400 Subject: [PATCH] data/reports: add GO-2024-3126 - data/reports/GO-2024-3126.yaml Fixes golang/vulndb#3126 Change-Id: I2abdafaef6b0ab77a8794f8b5321dec286c8e8f9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/613255 Reviewed-by: Zvonimir Pavlinovic LUCI-TryBot-Result: Go LUCI Auto-Submit: Tatiana Bradley --- data/osv/GO-2024-3126.json | 64 ++++++++++++++++++++++++++++++++++ data/reports/GO-2024-3126.yaml | 22 ++++++++++++ 2 files changed, 86 insertions(+) create mode 100644 data/osv/GO-2024-3126.json create mode 100644 data/reports/GO-2024-3126.yaml diff --git a/data/osv/GO-2024-3126.json b/data/osv/GO-2024-3126.json new file mode 100644 index 00000000..8ced84eb --- /dev/null +++ b/data/osv/GO-2024-3126.json @@ -0,0 +1,64 @@ +{ + "schema_version": "1.3.1", + "id": "GO-2024-3126", + "modified": "0001-01-01T00:00:00Z", + "published": "0001-01-01T00:00:00Z", + "aliases": [ + "CVE-2024-45041", + "GHSA-qwgc-rr35-h4x9" + ], + "summary": "External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets", + "details": "External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets", + "affected": [ + { + "package": { + "name": "github.com/external-secrets/external-secrets", + "ecosystem": "Go" + }, + "ranges": [ + { + "type": "SEMVER", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "0.10.2" + } + ] + } + ], + "ecosystem_specific": {} + } + ], + "references": [ + { + "type": "ADVISORY", + "url": "https://github.com/external-secrets/external-secrets/security/advisories/GHSA-qwgc-rr35-h4x9" + }, + { + "type": "ADVISORY", + "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-45041" + }, + { + "type": "FIX", + "url": "https://github.com/external-secrets/external-secrets/commit/0368b9806f660fa6bc52cbbf3c6ccdb27c58bb35" + }, + { + "type": "FIX", + "url": "https://github.com/external-secrets/external-secrets/commit/428a452fd2ad45935312f2c2c0d40bc37ce6e67c" + }, + { + "type": "WEB", + "url": "https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L27" + }, + { + "type": "WEB", + "url": "https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L49" + } + ], + "database_specific": { + "url": "https://pkg.go.dev/vuln/GO-2024-3126", + "review_status": "UNREVIEWED" + } +} \ No newline at end of file diff --git a/data/reports/GO-2024-3126.yaml b/data/reports/GO-2024-3126.yaml new file mode 100644 index 00000000..74192f32 --- /dev/null +++ b/data/reports/GO-2024-3126.yaml @@ -0,0 +1,22 @@ +id: GO-2024-3126 +modules: + - module: github.com/external-secrets/external-secrets + versions: + - fixed: 0.10.2 + vulnerable_at: 0.10.1 +summary: External Secrets Operator vulnerable to privilege escalation in github.com/external-secrets/external-secrets +cves: + - CVE-2024-45041 +ghsas: + - GHSA-qwgc-rr35-h4x9 +references: + - advisory: https://github.com/external-secrets/external-secrets/security/advisories/GHSA-qwgc-rr35-h4x9 + - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45041 + - fix: https://github.com/external-secrets/external-secrets/commit/0368b9806f660fa6bc52cbbf3c6ccdb27c58bb35 + - fix: https://github.com/external-secrets/external-secrets/commit/428a452fd2ad45935312f2c2c0d40bc37ce6e67c + - web: https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L27 + - web: https://github.com/external-secrets/external-secrets/blob/main/deploy/charts/external-secrets/templates/cert-controller-rbac.yaml#L49 +source: + id: GHSA-qwgc-rr35-h4x9 + created: 2024-09-13T15:11:43.360475-04:00 +review_status: UNREVIEWED