data/reports: unexclude 20 reports (9)

  - data/reports/GO-2023-1955.yaml
  - data/reports/GO-2023-1956.yaml
  - data/reports/GO-2023-1957.yaml
  - data/reports/GO-2023-1959.yaml
  - data/reports/GO-2023-1961.yaml
  - data/reports/GO-2023-1962.yaml
  - data/reports/GO-2023-1965.yaml
  - data/reports/GO-2023-1971.yaml
  - data/reports/GO-2023-1972.yaml
  - data/reports/GO-2023-1973.yaml
  - data/reports/GO-2023-1977.yaml
  - data/reports/GO-2023-1979.yaml
  - data/reports/GO-2023-1980.yaml
  - data/reports/GO-2023-1982.yaml
  - data/reports/GO-2023-1985.yaml
  - data/reports/GO-2023-1986.yaml
  - data/reports/GO-2023-1991.yaml
  - data/reports/GO-2023-1993.yaml
  - data/reports/GO-2023-1995.yaml
  - data/reports/GO-2023-1996.yaml

Updates #1955
Updates #1956
Updates #1957
Updates #1959
Updates #1961
Updates #1962
Updates #1965
Updates #1971
Updates #1972
Updates #1973
Updates #1977
Updates #1979
Updates #1980
Updates #1982
Updates #1985
Updates #1986
Updates #1991
Updates #1993
Updates #1995
Updates #1996

Change-Id: I681627cba89cee6d3bc2def3924c65a3b5da4453
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606789
Reviewed-by: Damien Neil <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>

Author: tatianab

data/excluded/GO-2023-1955.yaml

@@ -0,0 +1,66 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1955",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-37918",
+    "GHSA-59m6-82qm-vqgj"
+  ],
+  "summary": "Dapr API token authentication bypass in HTTP endpoints in github.com/dapr/dapr",
+  "details": "Dapr API token authentication bypass in HTTP endpoints in github.com/dapr/dapr",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/dapr/dapr",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.10.9"
+            },
+            {
+              "introduced": "1.11.0"
+            },
+            {
+              "fixed": "1.11.2"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/dapr/dapr/security/advisories/GHSA-59m6-82qm-vqgj"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37918"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/dapr/dapr/commit/83ca1abb11ffe34211db55dcd36d96b94252827a"
+    },
+    {
+      "type": "FIX",
+      "url": "https://github.com/dapr/dapr/commit/99d6799c97b79397443c8c96737c9b893126a1ae"
+    },
+    {
+      "type": "WEB",
+      "url": "https://docs.dapr.io/operations/security/api-token"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1955",
+    "review_status": "UNREVIEWED"
+  }
+}

data/excluded/GO-2023-1956.yaml

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1956",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-37917",
+    "GHSA-757p-vx43-fp9r"
+  ],
+  "summary": "KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi",
+  "details": "KubePi Privilege Escalation vulnerability in github.com/KubeOperator/kubepi",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/KubeOperator/kubepi",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.6.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-757p-vx43-fp9r"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37917"
+    },
+    {
+      "type": "WEB",
+      "url": "https://drive.google.com/file/d/1e8XJbIFIDXaFiL-dqn0a0b6u7o3CwqSG/preview"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1956",
+    "review_status": "UNREVIEWED"
+  }
+}

data/excluded/GO-2023-1957.yaml

@@ -0,0 +1,56 @@
+{
+  "schema_version": "1.3.1",
+  "id": "GO-2023-1957",
+  "modified": "0001-01-01T00:00:00Z",
+  "published": "0001-01-01T00:00:00Z",
+  "aliases": [
+    "CVE-2023-37916",
+    "GHSA-87f6-8gr7-pc6h"
+  ],
+  "summary": "KubePi may leak password hash of any user in github.com/KubeOperator/kubepi",
+  "details": "KubePi may leak password hash of any user in github.com/KubeOperator/kubepi",
+  "affected": [
+    {
+      "package": {
+        "name": "github.com/KubeOperator/kubepi",
+        "ecosystem": "Go"
+      },
+      "ranges": [
+        {
+          "type": "SEMVER",
+          "events": [
+            {
+              "introduced": "0"
+            },
+            {
+              "fixed": "1.6.5"
+            }
+          ]
+        }
+      ],
+      "ecosystem_specific": {}
+    }
+  ],
+  "references": [
+    {
+      "type": "ADVISORY",
+      "url": "https://github.com/1Panel-dev/KubePi/security/advisories/GHSA-87f6-8gr7-pc6h"
+    },
+    {
+      "type": "ADVISORY",
+      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-37916"
+    },
+    {
+      "type": "WEB",
+      "url": "https://drive.google.com/file/d/1ksdawJ1vShRJyT3wAgpqVmz-Ls6hMA7M/preview"
+    },
+    {
+      "type": "WEB",
+      "url": "https://github.com/1Panel-dev/KubePi/releases/tag/v1.6.5"
+    }
+  ],
+  "database_specific": {
+    "url": "https://pkg.go.dev/vuln/GO-2023-1957",
+    "review_status": "UNREVIEWED"
+  }
+}