data/reports: update GO-2025-3427

thatnealpatel · gopherbot · commit fb7b899ce7db · 2025-03-13T10:00:21.000-07:00
- data/reports/GO-2025-3427.yaml Updates #3427 Updates #3464 Change-Id: Ibfb17adc86b1ac85c5182d93a84abfbbe5b465bd Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/657635 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Neal Patel <nealpatel@google.com>
diff --git a/data/osv/GO-2025-3427.json b/data/osv/GO-2025-3427.json
@@ -7,29 +7,12 @@
     "CVE-2024-13484",
     "GHSA-58fx-7v9q-3g56"
   ],
-  "summary": "ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd",
-  "details": "ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd",
+  "summary": "Malicious PrometheusRule creation to all namespaces that deploy a ArgoCD CR instance in github.com/redhat-developer/gitops-operator",
+  "details": "Malicious PrometheusRule creation to all namespaces that deploy a ArgoCD CR instance in github.com/redhat-developer/gitops-operator",
   "affected": [
     {
       "package": {
-        "name": "github.com/argoproj/argo-cd",
-        "ecosystem": "Go"
-      },
-      "ranges": [
-        {
-          "type": "SEMVER",
-          "events": [
-            {
-              "introduced": "0"
-            }
-          ]
-        }
-      ],
-      "ecosystem_specific": {}
-    },
-    {
-      "package": {
-        "name": "github.com/argoproj/argo-cd/v2",
+        "name": "github.com/redhat-developer/gitops-operator",
         "ecosystem": "Go"
       },
       "ranges": [
diff --git a/data/reports/GO-2025-3427.yaml b/data/reports/GO-2025-3427.yaml
@@ -1,12 +1,8 @@
 id: GO-2025-3427
 modules:
-    - module: github.com/argoproj/argo-cd
-      vulnerable_at: 1.8.6
-    - module: github.com/argoproj/argo-cd/v2
-      unsupported_versions:
-        - last_affected: 2.10.3
-      vulnerable_at: 2.13.3
-summary: ArgoCD Namespace Isolation Break in github.com/argoproj/argo-cd
+    - module: github.com/redhat-developer/gitops-operator
+      vulnerable_at: 1.15.0
+summary: Malicious PrometheusRule creation to all namespaces that deploy a ArgoCD CR instance in github.com/redhat-developer/gitops-operator
 cves:
     - CVE-2024-13484
 ghsas:
