Skip to content

Commit 69991d5

Browse files
tatianabtatianab
committed
data/reports: add 26 unreviewed reports
 - data/reports/GO-2024-2804.yaml - data/reports/GO-2024-2811.yaml - data/reports/GO-2024-2816.yaml - data/reports/GO-2024-2817.yaml - data/reports/GO-2024-2843.yaml - data/reports/GO-2024-2844.yaml - data/reports/GO-2024-2847.yaml - data/reports/GO-2024-2848.yaml - data/reports/GO-2024-2849.yaml - data/reports/GO-2024-2850.yaml - data/reports/GO-2024-2851.yaml - data/reports/GO-2024-2852.yaml - data/reports/GO-2024-2854.yaml - data/reports/GO-2024-2855.yaml - data/reports/GO-2024-2856.yaml - data/reports/GO-2024-2857.yaml - data/reports/GO-2024-2865.yaml - data/reports/GO-2024-2866.yaml - data/reports/GO-2024-2867.yaml - data/reports/GO-2024-2871.yaml - data/reports/GO-2024-2872.yaml - data/reports/GO-2024-2877.yaml - data/reports/GO-2024-2880.yaml - data/reports/GO-2024-2882.yaml - data/reports/GO-2024-2885.yaml - data/reports/GO-2024-2886.yaml Fixes #2804 Fixes #2811 Fixes #2816 Fixes #2817 Fixes #2843 Fixes #2844 Fixes #2847 Fixes #2848 Fixes #2849 Fixes #2850 Fixes #2851 Fixes #2852 Fixes #2854 Fixes #2855 Fixes #2856 Fixes #2857 Fixes #2865 Fixes #2866 Fixes #2867 Fixes #2871 Fixes #2872 Fixes #2877 Fixes #2880 Fixes #2882 Fixes #2885 Fixes #2886 Change-Id: Ia746865818b99c2d6bd37b287461693a53b892d8 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/590277 LUCI-TryBot-Result: Go LUCI <[email protected]> Reviewed-by: Damien Neil <[email protected]>
1 parent 922b5d4 commit 69991d5

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

52 files changed

+2202
-0
lines changed

data/osv/GO-2024-2804.json

+73
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,73 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2804",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-32967",
8+
"GHSA-q5qj-x2h5-3945"
9+
],
10+
"summary": "Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel",
11+
"details": "Zitadel exposing internal database user name and host information in github.com/zitadel/zitadel",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/zitadel/zitadel",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/zitadel/zitadel/security/advisories/GHSA-q5qj-x2h5-3945"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-32967"
39+
},
40+
{
41+
"type": "FIX",
42+
"url": "https://github.com/zitadel/zitadel/commit/b918603b576d156a08b90917c14c2d019c82ffc6"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.45.7"
47+
},
48+
{
49+
"type": "WEB",
50+
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.46.7"
51+
},
52+
{
53+
"type": "WEB",
54+
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.47.10"
55+
},
56+
{
57+
"type": "WEB",
58+
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.48.5"
59+
},
60+
{
61+
"type": "WEB",
62+
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.49.5"
63+
},
64+
{
65+
"type": "WEB",
66+
"url": "https://github.com/zitadel/zitadel/releases/tag/v2.50.3"
67+
}
68+
],
69+
"database_specific": {
70+
"url": "https://pkg.go.dev/vuln/GO-2024-2804",
71+
"review_status": "UNREVIEWED"
72+
}
73+
}

data/osv/GO-2024-2811.json

+57
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,57 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2811",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-33398",
8+
"GHSA-6fg2-hvj9-832f"
9+
],
10+
"summary": "piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator/v2",
11+
"details": "piraeus-operator allows attacker to impersonate service account in github.com/piraeusdatastore/piraeus-operator/v2",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/piraeusdatastore/piraeus-operator/v2",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-6fg2-hvj9-832f"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33398"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://gist.github.com/HouqiyuA/d0c11fae5ba4789946ae33175d0f9edb"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://github.com/HouqiyuA/k8s-rbac-poc"
47+
},
48+
{
49+
"type": "WEB",
50+
"url": "https://piraeus.io"
51+
}
52+
],
53+
"database_specific": {
54+
"url": "https://pkg.go.dev/vuln/GO-2024-2811",
55+
"review_status": "UNREVIEWED"
56+
}
57+
}

data/osv/GO-2024-2816.json

+49
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2816",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-33394",
8+
"GHSA-4q63-mr2m-57hf"
9+
],
10+
"summary": "kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt",
11+
"details": "kubevirt allows a local attacker to execute arbitrary code via a crafted command in kubevirt.io/kubevirt",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "kubevirt.io/kubevirt",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-4q63-mr2m-57hf"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33394"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://gist.github.com/HouqiyuA/1b75e23ece7ad98490aec1c887bdf49b"
43+
}
44+
],
45+
"database_specific": {
46+
"url": "https://pkg.go.dev/vuln/GO-2024-2816",
47+
"review_status": "UNREVIEWED"
48+
}
49+
}

data/osv/GO-2024-2817.json

+49
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2817",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-33396",
8+
"GHSA-wccg-v638-j9q2"
9+
],
10+
"summary": "karmada vulnerable to arbitrary code execution via a crafted command in github.com/karmada-io/karmada",
11+
"details": "karmada vulnerable to arbitrary code execution via a crafted command in github.com/karmada-io/karmada",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/karmada-io/karmada",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/advisories/GHSA-wccg-v638-j9q2"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-33396"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://gist.github.com/HouqiyuA/2b56a893c06553013982836abb77ba50"
43+
}
44+
],
45+
"database_specific": {
46+
"url": "https://pkg.go.dev/vuln/GO-2024-2817",
47+
"review_status": "UNREVIEWED"
48+
}
49+
}

data/osv/GO-2024-2843.json

+49
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2843",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2022-39306",
8+
"GHSA-2x6g-h2hg-rq84"
9+
],
10+
"summary": "Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana",
11+
"details": "Grafana Email addresses and usernames can not be trusted in github.com/grafana/grafana",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/grafana/grafana",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-2x6g-h2hg-rq84"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39306"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://security.netapp.com/advisory/ntap-20221215-0004"
43+
}
44+
],
45+
"database_specific": {
46+
"url": "https://pkg.go.dev/vuln/GO-2024-2843",
47+
"review_status": "UNREVIEWED"
48+
}
49+
}

data/osv/GO-2024-2844.json

+49
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,49 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2844",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2022-39307",
8+
"GHSA-3p62-42x7-gxg5"
9+
],
10+
"summary": "Grafana User enumeration via forget password in github.com/grafana/grafana",
11+
"details": "Grafana User enumeration via forget password in github.com/grafana/grafana",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/grafana/grafana",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-3p62-42x7-gxg5"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-39307"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://security.netapp.com/advisory/ntap-20221215-0004"
43+
}
44+
],
45+
"database_specific": {
46+
"url": "https://pkg.go.dev/vuln/GO-2024-2844",
47+
"review_status": "UNREVIEWED"
48+
}
49+
}

data/osv/GO-2024-2847.json

+53
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,53 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2847",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2022-35957",
8+
"GHSA-ff5c-938w-8c9q"
9+
],
10+
"summary": "Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana",
11+
"details": "Grafana Escalation from admin to server admin when auth proxy is used in github.com/grafana/grafana",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/grafana/grafana",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
}
30+
],
31+
"references": [
32+
{
33+
"type": "ADVISORY",
34+
"url": "https://github.com/grafana/grafana/security/advisories/GHSA-ff5c-938w-8c9q"
35+
},
36+
{
37+
"type": "ADVISORY",
38+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-35957"
39+
},
40+
{
41+
"type": "WEB",
42+
"url": "https://lists.fedoraproject.org/archives/list/[email protected]/message/WYU5C2RITLHVZSTCWNGQWA6KSPYNXM2H"
43+
},
44+
{
45+
"type": "WEB",
46+
"url": "https://security.netapp.com/advisory/ntap-20221215-0001"
47+
}
48+
],
49+
"database_specific": {
50+
"url": "https://pkg.go.dev/vuln/GO-2024-2847",
51+
"review_status": "UNREVIEWED"
52+
}
53+
}

0 commit comments

Comments
 (0)