x/vulndb: potential Go vuln in github.com/clastix/kamaji: CVE-2024-42480

[GoVulnBot]

Advisory CVE-2024-42480 references a vulnerability in the following Go modules:

Module
github.com/clastix/kamaji

Description:
Kamaji is the Hosted Control Plane Manager for Kubernetes. In versions 1.0.0 and earlier, Kamaji uses an "open at the top" range definition in RBAC for etcd roles leading to some TCPs API servers being able to read, write, and delete the data of other control planes. This vulnerability is fixed in edge-24.8.2.

References:

• ADVISORY: https://nvd.nist.gov/vuln/detail/CVE-2024-42480
• FIX: clastix/kamaji@1731e8c
• WEB: https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24
• WEB: GHSA-6r4j-4rjc-8vw5

No existing reports found with this module or alias.
See doc/quickstart.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/clastix/kamaji
      vulnerable_at: 1.0.0
summary: CVE-2024-42480 in github.com/clastix/kamaji
cves:
    - CVE-2024-42480
references:
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-42480
    - fix: https://github.com/clastix/kamaji/commit/1731e8c2ed5148b125ecfbdf091ee177bd44f3db
    - web: https://github.com/clastix/kamaji/blob/8cdc6191242f80d120c46b166e2102d27568225a/internal/datastore/etcd.go#L19-L24
    - web: https://github.com/clastix/kamaji/security/advisories/GHSA-6r4j-4rjc-8vw5
source:
    id: CVE-2024-42480
    created: 2024-08-12T17:01:23.222376029Z
review_status: UNREVIEWED

[gopherbot]

Change https://go.dev/cl/605315 mentions this issue: data/reports: add 7 unreviewed reports