Skip to content

Commit 08b42c7

Browse files
tatianabgopherbot
tatianab
authored and
gopherbot
committed
data/reports: regenerate 50 reports
 - data/reports/GO-2024-2428.yaml - data/reports/GO-2024-2442.yaml - data/reports/GO-2024-2444.yaml - data/reports/GO-2024-2445.yaml - data/reports/GO-2024-2446.yaml - data/reports/GO-2024-2447.yaml - data/reports/GO-2024-2448.yaml - data/reports/GO-2024-2449.yaml - data/reports/GO-2024-2450.yaml - data/reports/GO-2024-2478.yaml - data/reports/GO-2024-2485.yaml - data/reports/GO-2024-2486.yaml - data/reports/GO-2024-2488.yaml - data/reports/GO-2024-2499.yaml - data/reports/GO-2024-2501.yaml - data/reports/GO-2024-2505.yaml - data/reports/GO-2024-2508.yaml - data/reports/GO-2024-2509.yaml - data/reports/GO-2024-2511.yaml - data/reports/GO-2024-2513.yaml - data/reports/GO-2024-2514.yaml - data/reports/GO-2024-2515.yaml - data/reports/GO-2024-2517.yaml - data/reports/GO-2024-2519.yaml - data/reports/GO-2024-2520.yaml - data/reports/GO-2024-2523.yaml - data/reports/GO-2024-2540.yaml - data/reports/GO-2024-2541.yaml - data/reports/GO-2024-2566.yaml - data/reports/GO-2024-2568.yaml - data/reports/GO-2024-2569.yaml - data/reports/GO-2024-2576.yaml - data/reports/GO-2024-2578.yaml - data/reports/GO-2024-2579.yaml - data/reports/GO-2024-2580.yaml - data/reports/GO-2024-2582.yaml - data/reports/GO-2024-2588.yaml - data/reports/GO-2024-2589.yaml - data/reports/GO-2024-2590.yaml - data/reports/GO-2024-2591.yaml - data/reports/GO-2024-2592.yaml - data/reports/GO-2024-2593.yaml - data/reports/GO-2024-2594.yaml - data/reports/GO-2024-2595.yaml - data/reports/GO-2024-2597.yaml - data/reports/GO-2024-2629.yaml - data/reports/GO-2024-2635.yaml - data/reports/GO-2024-2636.yaml - data/reports/GO-2024-2637.yaml - data/reports/GO-2024-2641.yaml Updates #2428 Updates #2442 Updates #2444 Updates #2445 Updates #2446 Updates #2447 Updates #2448 Updates #2449 Updates #2450 Updates #2478 Updates #2485 Updates #2486 Updates #2488 Updates #2499 Updates #2501 Updates #2505 Updates #2508 Updates #2509 Updates #2511 Updates #2513 Updates #2514 Updates #2515 Updates #2517 Updates #2519 Updates #2520 Updates #2523 Updates #2540 Updates #2541 Updates #2566 Updates #2568 Updates #2569 Updates #2576 Updates #2578 Updates #2579 Updates #2580 Updates #2582 Updates #2588 Updates #2589 Updates #2590 Updates #2591 Updates #2592 Updates #2593 Updates #2594 Updates #2595 Updates #2597 Updates #2629 Updates #2635 Updates #2636 Updates #2637 Updates #2641 Change-Id: If02ad5ae2b621addda56b45d8c84b0476a12737b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606358 Reviewed-by: Damien Neil <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 9c256df commit 08b42c7

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

57 files changed

+101
-187
lines changed

data/osv/GO-2024-2442.json

+3-2
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,12 @@
33
"id": "GO-2024-2442",
44
"modified": "0001-01-01T00:00:00Z",
55
"published": "0001-01-01T00:00:00Z",
6+
"withdrawn": "2024-01-23T12:50:23Z",
67
"aliases": [
78
"GHSA-76cc-p55w-63g3"
89
],
9-
"summary": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport",
10-
"details": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
10+
"summary": "Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport",
11+
"details": "Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
1112
"affected": [
1213
{
1314
"package": {

data/osv/GO-2024-2445.json

+3-2
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,12 @@
33
"id": "GO-2024-2445",
44
"modified": "0001-01-01T00:00:00Z",
55
"published": "0001-01-01T00:00:00Z",
6+
"withdrawn": "2024-01-23T12:50:08Z",
67
"aliases": [
78
"GHSA-c9v7-wmwj-vf6x"
89
],
9-
"summary": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport",
10-
"details": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
10+
"summary": "Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport",
11+
"details": "Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
1112
"affected": [
1213
{
1314
"package": {

data/osv/GO-2024-2447.json

+3-2
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,12 @@
33
"id": "GO-2024-2447",
44
"modified": "0001-01-01T00:00:00Z",
55
"published": "0001-01-01T00:00:00Z",
6+
"withdrawn": "2024-01-23T12:50:39Z",
67
"aliases": [
78
"GHSA-hw4x-mcx5-9q36"
89
],
9-
"summary": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport",
10-
"details": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
10+
"summary": "Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport",
11+
"details": "Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
1112
"affected": [
1213
{
1314
"package": {

data/osv/GO-2024-2449.json

+3-2
Original file line numberDiff line numberDiff line change
@@ -3,11 +3,12 @@
33
"id": "GO-2024-2449",
44
"modified": "0001-01-01T00:00:00Z",
55
"published": "0001-01-01T00:00:00Z",
6+
"withdrawn": "2024-01-23T12:49:53Z",
67
"aliases": [
78
"GHSA-vfxf-76hv-v4w4"
89
],
9-
"summary": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport",
10-
"details": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
10+
"summary": "Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport",
11+
"details": "Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
1112
"affected": [
1213
{
1314
"package": {

data/osv/GO-2024-2568.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
"type": "SEMVER",
2121
"events": [
2222
{
23-
"introduced": "0"
23+
"introduced": "1.14.0"
2424
},
2525
{
2626
"fixed": "1.14.7"

data/osv/GO-2024-2569.json

+1-1
Original file line numberDiff line numberDiff line change
@@ -20,7 +20,7 @@
2020
"type": "SEMVER",
2121
"events": [
2222
{
23-
"introduced": "0"
23+
"introduced": "1.14.0"
2424
},
2525
{
2626
"fixed": "1.14.7"

data/osv/GO-2024-2635.json

+2-16
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@
88
"GHSA-r4fm-g65h-cr54"
99
],
1010
"summary": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server",
11-
"details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.1.9.",
11+
"details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server",
1212
"affected": [
1313
{
1414
"package": {
@@ -79,21 +79,7 @@
7979
]
8080
}
8181
],
82-
"ecosystem_specific": {
83-
"custom_ranges": [
84-
{
85-
"type": "ECOSYSTEM",
86-
"events": [
87-
{
88-
"introduced": "0"
89-
},
90-
{
91-
"fixed": "8.1.9"
92-
}
93-
]
94-
}
95-
]
96-
}
82+
"ecosystem_specific": {}
9783
}
9884
],
9985
"references": [

data/reports/GO-2024-2428.yaml

+1-3
Original file line numberDiff line numberDiff line change
@@ -11,8 +11,6 @@ cves:
1111
- CVE-2023-5044
1212
ghsas:
1313
- GHSA-fp9f-44c2-cw27
14-
unknown_aliases:
15-
- BIT-nginx-ingress-controller-2023-5044
1614
references:
1715
- advisory: https://github.com/advisories/GHSA-fp9f-44c2-cw27
1816
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-5044
@@ -22,6 +20,6 @@ references:
2220
- web: https://security.netapp.com/advisory/ntap-20240307-0012
2321
source:
2422
id: GHSA-fp9f-44c2-cw27
25-
created: 2024-06-14T11:34:12.417676-04:00
23+
created: 2024-08-16T15:55:16.958982-04:00
2624
review_status: UNREVIEWED
2725
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2442.yaml

+3-2
Original file line numberDiff line numberDiff line change
@@ -7,13 +7,14 @@ modules:
77
- introduced: 14.0.0
88
- fixed: 14.2.4
99
vulnerable_at: 3.2.17+incompatible
10-
summary: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport
10+
summary: 'Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport'
11+
withdrawn: "2024-01-23T12:50:23Z"
1112
ghsas:
1213
- GHSA-76cc-p55w-63g3
1314
references:
1415
- advisory: https://github.com/gravitational/teleport/security/advisories/GHSA-76cc-p55w-63g3
1516
source:
1617
id: GHSA-76cc-p55w-63g3
17-
created: 2024-06-14T11:35:01.72578-04:00
18+
created: 2024-08-16T15:56:08.836802-04:00
1819
review_status: UNREVIEWED
1920
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2444.yaml

+3-6
Original file line numberDiff line numberDiff line change
@@ -1,30 +1,27 @@
11
id: GO-2024-2444
22
modules:
33
- module: github.com/mattermost/mattermost-server
4-
vulnerable_at: 9.9.0+incompatible
4+
vulnerable_at: 9.11.0+incompatible
55
- module: github.com/mattermost/mattermost-server/v5
66
vulnerable_at: 5.39.3
77
- module: github.com/mattermost/mattermost-server/v6
88
vulnerable_at: 6.7.2
99
- module: github.com/mattermost/mattermost/server/v8
1010
non_go_versions:
1111
- fixed: 8.1.7
12-
vulnerable_at: 8.0.0-20240626184126-817e18414e41
12+
vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
1313
summary: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
1414
cves:
1515
- CVE-2023-50333
1616
ghsas:
1717
- GHSA-9w97-9rqx-8v4j
18-
unknown_aliases:
19-
- BIT-mattermost-2023-50333
20-
- CGA-28fj-7rmv-xw55
2118
references:
2219
- advisory: https://github.com/advisories/GHSA-9w97-9rqx-8v4j
2320
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-50333
2421
- web: https://github.com/mattermost/mattermost/commit/61dd452fb2fcd3ac6f7b2e050f7f0a93a92d95fc
2522
- web: https://mattermost.com/security-updates
2623
source:
2724
id: GHSA-9w97-9rqx-8v4j
28-
created: 2024-06-26T16:12:41.49358-04:00
25+
created: 2024-08-16T15:57:37.961165-04:00
2926
review_status: UNREVIEWED
3027
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2445.yaml

+5-2
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,10 @@ modules:
88
- introduced: 14.0.0
99
- fixed: 14.2.4
1010
vulnerable_at: 3.2.17+incompatible
11-
summary: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport
11+
summary: |-
12+
Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP
13+
access in github.com/gravitational/teleport
14+
withdrawn: "2024-01-23T12:50:08Z"
1215
ghsas:
1316
- GHSA-c9v7-wmwj-vf6x
1417
references:
@@ -17,6 +20,6 @@ references:
1720
- fix: https://github.com/gravitational/teleport/pull/36136
1821
source:
1922
id: GHSA-c9v7-wmwj-vf6x
20-
created: 2024-06-14T11:35:27.699279-04:00
23+
created: 2024-08-16T15:58:42.619857-04:00
2124
review_status: UNREVIEWED
2225
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2446.yaml

+3-6
Original file line numberDiff line numberDiff line change
@@ -1,29 +1,26 @@
11
id: GO-2024-2446
22
modules:
33
- module: github.com/mattermost/mattermost-server
4-
vulnerable_at: 9.9.0+incompatible
4+
vulnerable_at: 9.11.0+incompatible
55
- module: github.com/mattermost/mattermost-server/v5
66
vulnerable_at: 5.39.3
77
- module: github.com/mattermost/mattermost-server/v6
88
vulnerable_at: 6.7.2
99
- module: github.com/mattermost/mattermost/server/v8
1010
non_go_versions:
1111
- fixed: 8.1.7
12-
vulnerable_at: 8.0.0-20240626184126-817e18414e41
12+
vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
1313
summary: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
1414
cves:
1515
- CVE-2023-7113
1616
ghsas:
1717
- GHSA-h3gq-j7p9-x3p4
18-
unknown_aliases:
19-
- BIT-mattermost-2023-7113
20-
- CGA-pcxv-43r4-92mm
2118
references:
2219
- advisory: https://github.com/advisories/GHSA-h3gq-j7p9-x3p4
2320
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-7113
2421
- web: https://mattermost.com/security-updates
2522
source:
2623
id: GHSA-h3gq-j7p9-x3p4
27-
created: 2024-06-26T16:12:13.229043-04:00
24+
created: 2024-08-16T15:59:00.341654-04:00
2825
review_status: UNREVIEWED
2926
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2447.yaml

+4-3
Original file line numberDiff line numberDiff line change
@@ -9,8 +9,9 @@ modules:
99
- fixed: 14.2.4
1010
vulnerable_at: 3.2.17+incompatible
1111
summary: |-
12-
Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low
13-
privileged users in github.com/gravitational/teleport
12+
Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts
13+
is possible from low privileged users in github.com/gravitational/teleport
14+
withdrawn: "2024-01-23T12:50:39Z"
1415
ghsas:
1516
- GHSA-hw4x-mcx5-9q36
1617
references:
@@ -19,6 +20,6 @@ references:
1920
- fix: https://github.com/gravitational/teleport/pull/36127
2021
source:
2122
id: GHSA-hw4x-mcx5-9q36
22-
created: 2024-06-14T11:35:35.160981-04:00
23+
created: 2024-08-16T15:59:03.836685-04:00
2324
review_status: UNREVIEWED
2425
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2448.yaml

+2-5
Original file line numberDiff line numberDiff line change
@@ -11,24 +11,21 @@ modules:
1111
- module: github.com/mattermost/mattermost/server/v8
1212
non_go_versions:
1313
- fixed: 8.1.7
14-
vulnerable_at: 8.0.0-20240626184126-817e18414e41
14+
vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
1515
summary: |-
1616
Mattermost notified all users in the channel when using WebSockets to respond
1717
individually in github.com/mattermost/mattermost-server
1818
cves:
1919
- CVE-2023-48732
2020
ghsas:
2121
- GHSA-q7rx-w656-fwmv
22-
unknown_aliases:
23-
- BIT-mattermost-2023-48732
24-
- CGA-jhcr-g7wj-9vq2
2522
references:
2623
- advisory: https://github.com/advisories/GHSA-q7rx-w656-fwmv
2724
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-48732
2825
- web: https://github.com/mattermost/mattermost/commit/851515be222160bee0a495c0d411056b19ed4111
2926
- web: https://mattermost.com/security-updates
3027
source:
3128
id: GHSA-q7rx-w656-fwmv
32-
created: 2024-06-26T16:10:54.767283-04:00
29+
created: 2024-08-16T15:59:06.451782-04:00
3330
review_status: UNREVIEWED
3431
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2449.yaml

+5-2
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,10 @@ modules:
88
- introduced: 14.0.0
99
- fixed: 14.2.4
1010
vulnerable_at: 3.2.17+incompatible
11-
summary: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport
11+
summary: |-
12+
Withdrawn Advisory: User-provided environment values allow execution on macOS
13+
agents in github.com/gravitational/teleport
14+
withdrawn: "2024-01-23T12:49:53Z"
1215
ghsas:
1316
- GHSA-vfxf-76hv-v4w4
1417
references:
@@ -17,6 +20,6 @@ references:
1720
- fix: https://github.com/gravitational/teleport/pull/36132
1821
source:
1922
id: GHSA-vfxf-76hv-v4w4
20-
created: 2024-06-14T11:35:44.744025-04:00
23+
created: 2024-08-16T15:59:25.038667-04:00
2124
review_status: UNREVIEWED
2225
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2450.yaml

+3-6
Original file line numberDiff line numberDiff line change
@@ -3,29 +3,26 @@ modules:
33
- module: github.com/mattermost/mattermost-server
44
non_go_versions:
55
- fixed: 7.8.10
6-
vulnerable_at: 9.9.0+incompatible
6+
vulnerable_at: 9.11.0+incompatible
77
- module: github.com/mattermost/mattermost-server/v5
88
vulnerable_at: 5.39.3
99
- module: github.com/mattermost/mattermost-server/v6
1010
vulnerable_at: 6.7.2
1111
- module: github.com/mattermost/mattermost/server/v8
1212
non_go_versions:
1313
- fixed: 8.1.1
14-
vulnerable_at: 8.0.0-20240626184126-817e18414e41
14+
vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
1515
summary: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
1616
cves:
1717
- CVE-2023-47858
1818
ghsas:
1919
- GHSA-w88v-pjr8-cmv2
20-
unknown_aliases:
21-
- BIT-mattermost-2023-47858
22-
- CGA-4m9j-264v-7mr3
2320
references:
2421
- advisory: https://github.com/advisories/GHSA-w88v-pjr8-cmv2
2522
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-47858
2623
- web: https://mattermost.com/security-updates
2724
source:
2825
id: GHSA-w88v-pjr8-cmv2
29-
created: 2024-06-26T16:13:37.899374-04:00
26+
created: 2024-08-16T15:59:27.824124-04:00
3027
review_status: UNREVIEWED
3128
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2478.yaml

+1-1
Original file line numberDiff line numberDiff line change
@@ -19,6 +19,6 @@ references:
1919
- web: https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24
2020
source:
2121
id: GHSA-g4x3-mfpj-f335
22-
created: 2024-06-26T16:14:26.250749-04:00
22+
created: 2024-08-16T16:37:28.044846-04:00
2323
review_status: UNREVIEWED
2424
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2485.yaml

+1-3
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,6 @@ cves:
1010
- CVE-2020-10661
1111
ghsas:
1212
- GHSA-j6vv-vv26-rh7c
13-
unknown_aliases:
14-
- BIT-vault-2020-10661
1513
references:
1614
- advisory: https://github.com/advisories/GHSA-j6vv-vv26-rh7c
1715
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10661
@@ -20,6 +18,6 @@ references:
2018
- web: https://www.hashicorp.com/blog/category/vault
2119
source:
2220
id: GHSA-j6vv-vv26-rh7c
23-
created: 2024-06-14T11:37:17.728135-04:00
21+
created: 2024-08-16T16:01:08.485499-04:00
2422
review_status: UNREVIEWED
2523
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2486.yaml

+1-3
Original file line numberDiff line numberDiff line change
@@ -10,8 +10,6 @@ cves:
1010
- CVE-2020-10660
1111
ghsas:
1212
- GHSA-m979-w9wj-qfj9
13-
unknown_aliases:
14-
- BIT-vault-2020-10660
1513
references:
1614
- advisory: https://github.com/advisories/GHSA-m979-w9wj-qfj9
1715
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10660
@@ -21,6 +19,6 @@ references:
2119
- web: https://www.hashicorp.com/blog/category/vault
2220
source:
2321
id: GHSA-m979-w9wj-qfj9
24-
created: 2024-06-14T11:37:27.238275-04:00
22+
created: 2024-08-16T16:01:23.539137-04:00
2523
review_status: UNREVIEWED
2624
unexcluded: EFFECTIVELY_PRIVATE

data/reports/GO-2024-2488.yaml

+1-3
Original file line numberDiff line numberDiff line change
@@ -16,8 +16,6 @@ cves:
1616
- CVE-2020-16251
1717
ghsas:
1818
- GHSA-4mp7-2m29-gqxf
19-
unknown_aliases:
20-
- BIT-vault-2020-16251
2119
references:
2220
- advisory: https://github.com/advisories/GHSA-4mp7-2m29-gqxf
2321
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-16251
@@ -26,6 +24,6 @@ references:
2624
- web: https://www.hashicorp.com/blog/category/vault
2725
source:
2826
id: GHSA-4mp7-2m29-gqxf
29-
created: 2024-06-14T11:37:32.985013-04:00
27+
created: 2024-08-16T16:01:28.479046-04:00
3028
review_status: UNREVIEWED
3129
unexcluded: EFFECTIVELY_PRIVATE

0 commit comments

Comments
 (0)