x/vulndb: potential Go vuln in github.com/kolide/fleet: CVE-2019-1020009 #2226

tatianab · 2023-11-08T22:03:02Z

CVE-2019-1020009 references github.com/kolide/fleet, which may be a Go module.

Description:
Fleet before 2.1.2 allows exposure of SMTP credentials.

References:

NIST: https://nvd.nist.gov/vuln/detail/CVE-2019-1020009
advisory: GHSA-6g7f-8qm4-f7h8
Imported by: https://pkg.go.dev/github.com/kolide/fleet?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/kolide/fleet
      vulnerable_at: 0.0.0-20201215150320-570de374fc5e
      packages:
        - package: Fleet
cves:
    - CVE-2019-1020009
references:
    - advisory: https://github.com/kolide/fleet/security/advisories/GHSA-6g7f-8qm4-f7h8

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-08T22:28:54Z

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports

tatianab added the excluded: LEGACY_FALSE_POSITIVE (DO NOT USE) Vulnerability marked as false positive before we introduced the triage process label Nov 8, 2023

gopherbot closed this as completed in 497caf9 Nov 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/kolide/fleet: CVE-2019-1020009 #2226

x/vulndb: potential Go vuln in github.com/kolide/fleet: CVE-2019-1020009 #2226

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023

x/vulndb: potential Go vuln in github.com/kolide/fleet: CVE-2019-1020009 #2226

x/vulndb: potential Go vuln in github.com/kolide/fleet: CVE-2019-1020009 #2226

Comments

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023