Skip to content

Commit

Permalink
data/reports: add 9 unreviewed reports
Browse files Browse the repository at this point in the history 
Adds some unreviewed reports that needed small manual edits
to pass lint checks.

  - data/reports/GO-2024-2731.yaml
  - data/reports/GO-2024-2753.yaml
  - data/reports/GO-2024-2768.yaml
  - data/reports/GO-2024-2778.yaml
  - data/reports/GO-2024-2780.yaml
  - data/reports/GO-2024-2784.yaml
  - data/reports/GO-2024-2801.yaml
  - data/reports/GO-2024-2815.yaml
  - data/reports/GO-2024-2858.yaml

Fixes #2731
Fixes #2753
Fixes #2768
Fixes #2778
Fixes #2780
Fixes #2784
Fixes #2801
Fixes #2815
Fixes #2858

Change-Id: Iac9abf51e35220e8133a43606b2709e949c9ada3
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/591202
Commit-Queue: Tatiana Bradley <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
  • Loading branch information
@tatianab
tatianab committed Jun 10, 2024
1 parent f74ecab commit 4dfc374
Show file tree
Hide file tree
Showing 18 changed files with 844 additions and 0 deletions.
40 changes: 40 additions & 0 deletions data/osv/GO-2024-2731.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,40 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2731",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-m99c-q26r-m7m7"
],
"summary": "Evmos vulnerable to unauthorized account creation with vesting module in github.com/evmos/evmos/v13",
"details": "Evmos vulnerable to unauthorized account creation with vesting module in github.com/evmos/evmos/v13",
"affected": [
{
"package": {
"name": "github.com/evmos/evmos/v13",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/evmos/evmos/security/advisories/GHSA-m99c-q26r-m7m7"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2731",
"review_status": "UNREVIEWED"
}
}
88 changes: 88 additions & 0 deletions data/osv/GO-2024-2753.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,88 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2753",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2020-8557",
"GHSA-55qj-gj3x-jq9r"
],
"summary": "Denial of service in Kubernetes in k8s.io/kubernetes",
"details": "Denial of service in Kubernetes in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.1.0"
},
{
"fixed": "1.16.13"
},
{
"introduced": "1.17.0"
},
{
"fixed": "1.17.9"
},
{
"introduced": "1.18.0"
},
{
"fixed": "1.18.6"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-55qj-gj3x-jq9r"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-8557"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/530f199b6e07cdaab32361e39709ac45f3fdc446"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/68750fefd3df76b7b008ef7b18e8acd18d5c2f2e"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/commit/7fd849cffa2f93061fbcb0a6ae4efd0539b1e981"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/93032"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/92921"
},
{
"type": "WEB",
"url": "https://groups.google.com/g/kubernetes-security-announce/c/cB_JUsYEKyY/m/vVSO61AhBwAJ"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20200821-0002"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2753",
"review_status": "UNREVIEWED"
}
}
53 changes: 53 additions & 0 deletions data/osv/GO-2024-2768.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,53 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2768",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-25318",
"GHSA-f9xf-jq4j-vqw4"
],
"summary": "Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher",
"details": "Rancher does not properly specify ApiGroup when creating Kubernetes RBAC resources in github.com/rancher/rancher",
"affected": [
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "2.0.0+incompatible"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-f9xf-jq4j-vqw4"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-25318"
},
{
"type": "REPORT",
"url": "https://github.com/rancher/rancher/issues/33590"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1184913"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2768",
"review_status": "UNREVIEWED"
}
}
49 changes: 49 additions & 0 deletions data/osv/GO-2024-2778.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2778",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2021-31999",
"GHSA-pvxj-25m6-7vqr"
],
"summary": "Rancher Privilege escalation vulnerability via malicious \"Connection\" header in github.com/rancher/rancher",
"details": "Rancher Privilege escalation vulnerability via malicious \"Connection\" header in github.com/rancher/rancher",
"affected": [
{
"package": {
"name": "github.com/rancher/rancher",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "2.0.0+incompatible"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-pvxj-25m6-7vqr"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2021-31999"
},
{
"type": "WEB",
"url": "https://bugzilla.suse.com/show_bug.cgi?id=1187084"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2778",
"review_status": "UNREVIEWED"
}
}
74 changes: 74 additions & 0 deletions data/osv/GO-2024-2780.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,74 @@
{
"schema_version": "1.3.1",
"id": "GO-2024-2780",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2019-11245",
"GHSA-r76g-g87f-vw8f"
],
"summary": "Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes",
"details": "Kubelet Incorrect Privilege Assignment in k8s.io/kubernetes",
"affected": [
{
"package": {
"name": "k8s.io/kubernetes",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.13.0"
},
{
"fixed": "1.13.7"
},
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.3"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/advisories/GHSA-r76g-g87f-vw8f"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2019-11245"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1715726"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/issues/78308"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/76665"
},
{
"type": "WEB",
"url": "https://github.com/kubernetes/kubernetes/pull/76665/commits/26e3c8674e66f0d10170d34f5445f0aed207387f"
},
{
"type": "WEB",
"url": "https://security.netapp.com/advisory/ntap-20190919-0003"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-2780",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit 4dfc374

Please sign in to comment.