Skip to content

Commit

Permalink
data/reports: add 5 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2024-3294.yaml
  - data/reports/GO-2024-3296.yaml
  - data/reports/GO-2024-3299.yaml
  - data/reports/GO-2024-3300.yaml
  - data/reports/GO-2024-3303.yaml

Fixes #3294
Fixes #3296
Fixes #3299
Fixes #3300
Fixes #3303

Change-Id: I0f474a123c1df553293cac4ab062b4cdb1011ec1
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/632976
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Dec 2, 2024
1 parent 0073ceb commit f2b300c
Show file tree
Hide file tree
Showing 10 changed files with 492 additions and 0 deletions.
47 changes: 47 additions & 0 deletions data/osv/GO-2024-3294.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3294",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-53264"
],
"summary": "Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb",
"details": "Open Redirect Vulnerability in Loading Page in bunkerweb in github.com/bunkerity/bunkerweb",
"affected": [
{
"package": {
"name": "github.com/bunkerity/bunkerweb",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "1.5.11"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53264"
},
{
"type": "WEB",
"url": "https://github.com/bunkerity/bunkerweb/security/advisories/GHSA-q9rr-h3hx-m87g"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3294",
"review_status": "UNREVIEWED"
}
}
69 changes: 69 additions & 0 deletions data/osv/GO-2024-3296.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,69 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3296",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-53858",
"GHSA-jwcm-9g39-pmcw"
],
"summary": "Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli",
"details": "Recursive repository cloning can leak authentication tokens to non-GitHub submodule hosts in github.com/cli/cli",
"affected": [
{
"package": {
"name": "github.com/cli/cli",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/cli/cli/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.63.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/cli/cli/security/advisories/GHSA-jwcm-9g39-pmcw"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53858"
},
{
"type": "WEB",
"url": "https://git-scm.com/docs/gitcredentials"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3296",
"review_status": "UNREVIEWED"
}
}
97 changes: 97 additions & 0 deletions data/osv/GO-2024-3299.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3299",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-52003",
"GHSA-h924-8g65-j9wg"
],
"summary": "Traefik's X-Forwarded-Prefix Header still allows for Open Redirect in github.com/traefik/traefik",
"details": "Traefik's X-Forwarded-Prefix Header still allows for Open Redirect in github.com/traefik/traefik",
"affected": [
{
"package": {
"name": "github.com/traefik/traefik",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/traefik/traefik/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.14"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/traefik/traefik/v3",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "3.2.1"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/traefik/traefik/security/advisories/GHSA-h924-8g65-j9wg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52003"
},
{
"type": "FIX",
"url": "https://github.com/traefik/traefik/pull/11253"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v2.11.14"
},
{
"type": "WEB",
"url": "https://github.com/traefik/traefik/releases/tag/v3.2.1"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3299",
"review_status": "UNREVIEWED"
}
}
73 changes: 73 additions & 0 deletions data/osv/GO-2024-3300.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3300",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-52801",
"GHSA-6943-qr24-82vx"
],
"summary": "sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo",
"details": "sftpgo vulnerable to brute force takeover of OpenID Connect session cookies in github.com/drakkan/sftpgo",
"affected": [
{
"package": {
"name": "github.com/drakkan/sftpgo",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/drakkan/sftpgo/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "2.3.0"
},
{
"fixed": "2.6.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/drakkan/sftpgo/security/advisories/GHSA-6943-qr24-82vx"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-52801"
},
{
"type": "FIX",
"url": "https://github.com/drakkan/sftpgo/commit/f30a9a2095bf90c0661b04fe038e3b7efc788bc6"
},
{
"type": "WEB",
"url": "https://github.com/rs/xid"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3300",
"review_status": "UNREVIEWED"
}
}
91 changes: 91 additions & 0 deletions data/osv/GO-2024-3303.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,91 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-3303",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2024-53862"
],
"summary": "Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows",
"details": "Argo Workflows Allows Access to Archived Workflows with Fake Token in `client` mode in github.com/argoproj/argo-workflows",
"affected": [
{
"package": {
"name": "github.com/argoproj/argo-workflows",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/argoproj/argo-workflows/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/argoproj/argo-workflows/v3",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "3.5.7"
},
{
"fixed": "3.5.13"
},
{
"introduced": "3.6.0-rc1"
},
{
"fixed": "3.6.2"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-53862"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/argo-workflows/pull/13021/files#diff-a5b255abaceddc9cc20bf6da6ae92c3a5d3605d94366af503ed754c079a1171aL668-R715"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-workflows/security/advisories/GHSA-h36c-m3rf-34h9"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3303",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit f2b300c

Please sign in to comment.