-
Notifications
You must be signed in to change notification settings - Fork 61
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
data/reports: add 28 unreviewed reports
- data/reports/GO-2024-2998.yaml - data/reports/GO-2024-2999.yaml - data/reports/GO-2024-3002.yaml - data/reports/GO-2024-3006.yaml - data/reports/GO-2024-3007.yaml - data/reports/GO-2024-3008.yaml - data/reports/GO-2024-3009.yaml - data/reports/GO-2024-3010.yaml - data/reports/GO-2024-3011.yaml - data/reports/GO-2024-3013.yaml - data/reports/GO-2024-3014.yaml - data/reports/GO-2024-3015.yaml - data/reports/GO-2024-3019.yaml - data/reports/GO-2024-3023.yaml - data/reports/GO-2024-3026.yaml - data/reports/GO-2024-3027.yaml - data/reports/GO-2024-3028.yaml - data/reports/GO-2024-3029.yaml - data/reports/GO-2024-3032.yaml - data/reports/GO-2024-3033.yaml - data/reports/GO-2024-3034.yaml - data/reports/GO-2024-3035.yaml - data/reports/GO-2024-3036.yaml - data/reports/GO-2024-3037.yaml - data/reports/GO-2024-3038.yaml - data/reports/GO-2024-3039.yaml - data/reports/GO-2024-3040.yaml - data/reports/GO-2024-3042.yaml Fixes #2998 Fixes #2999 Fixes #3002 Fixes #3006 Fixes #3007 Fixes #3008 Fixes #3009 Fixes #3010 Fixes #3011 Fixes #3013 Fixes #3014 Fixes #3015 Fixes #3019 Fixes #3023 Fixes #3026 Fixes #3027 Fixes #3028 Fixes #3029 Fixes #3032 Fixes #3033 Fixes #3034 Fixes #3035 Fixes #3036 Fixes #3037 Fixes #3038 Fixes #3039 Fixes #3040 Fixes #3042 Change-Id: Ie78928b0b85b48f42f3f10e29ba0a8d81591c4f3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/603235 Reviewed-by: Zvonimir Pavlinovic <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
- Loading branch information
Showing
56 changed files
with
2,882 additions
and
0 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,81 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2998", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-41122", | ||
| "GHSA-3wf2-2pq4-4rvc" | ||
| ], | ||
| "summary": "Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker", | ||
| "details": "Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "go.woodpecker-ci.org/woodpecker", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "go.woodpecker-ci.org/woodpecker/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.7.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-3wf2-2pq4-4rvc" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41122" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/commit/8aa3e5ec82c92eca3279e4be68625111eeedf1c4" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/issues/3929" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/pull/3909" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/pull/3934" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2998", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,77 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-2999", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-41121", | ||
| "GHSA-xw35-rrcp-g7xm" | ||
| ], | ||
| "summary": "Woodpecker's custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker", | ||
| "details": "Woodpecker's custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "go.woodpecker-ci.org/woodpecker", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "go.woodpecker-ci.org/woodpecker/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.7.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-xw35-rrcp-g7xm" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41121" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/commit/764329ed1dbc47c4a517ccc749e3feb34059fac8" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/issues/3924" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://github.com/woodpecker-ci/woodpecker/pull/3933" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-2999", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,89 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3002", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-40634", | ||
| "GHSA-jmvp-698c-4x3w" | ||
| ], | ||
| "summary": "Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd", | ||
| "details": "Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/argoproj/argo-cd", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "1.0.0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/argoproj/argo-cd/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "2.9.20" | ||
| }, | ||
| { | ||
| "introduced": "2.10.0" | ||
| }, | ||
| { | ||
| "fixed": "2.10.15" | ||
| }, | ||
| { | ||
| "introduced": "2.11.0" | ||
| }, | ||
| { | ||
| "fixed": "2.11.6" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40634" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/argoproj/argo-cd/commit/46c0c0b64deaab1ece70cb701030b76668ad0cdc" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/argoproj/argo-cd/commit/540e3a57b90eb3655db54793332fac86bcc38b36" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/argoproj/argo-cd/commit/d881ee78949e23160a0b280bb159e4d3d625a4df" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3002", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| { | ||
| "schema_version": "1.3.1", | ||
| "id": "GO-2024-3006", | ||
| "modified": "0001-01-01T00:00:00Z", | ||
| "published": "0001-01-01T00:00:00Z", | ||
| "aliases": [ | ||
| "CVE-2024-41666", | ||
| "GHSA-v8wx-v5jq-qhhw" | ||
| ], | ||
| "summary": "The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd", | ||
| "details": "The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd", | ||
| "affected": [ | ||
| { | ||
| "package": { | ||
| "name": "github.com/argoproj/argo-cd", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| }, | ||
| { | ||
| "package": { | ||
| "name": "github.com/argoproj/argo-cd/v2", | ||
| "ecosystem": "Go" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "SEMVER", | ||
| "events": [ | ||
| { | ||
| "introduced": "2.6.0" | ||
| }, | ||
| { | ||
| "fixed": "2.9.21" | ||
| }, | ||
| { | ||
| "introduced": "2.10.0" | ||
| }, | ||
| { | ||
| "fixed": "2.10.16" | ||
| }, | ||
| { | ||
| "introduced": "2.11.0" | ||
| }, | ||
| { | ||
| "fixed": "2.11.7" | ||
| } | ||
| ] | ||
| } | ||
| ], | ||
| "ecosystem_specific": {} | ||
| } | ||
| ], | ||
| "references": [ | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw" | ||
| }, | ||
| { | ||
| "type": "ADVISORY", | ||
| "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41666" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6" | ||
| }, | ||
| { | ||
| "type": "FIX", | ||
| "url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4" | ||
| }, | ||
| { | ||
| "type": "WEB", | ||
| "url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing" | ||
| } | ||
| ], | ||
| "database_specific": { | ||
| "url": "https://pkg.go.dev/vuln/GO-2024-3006", | ||
| "review_status": "UNREVIEWED" | ||
| } | ||
| } |
Oops, something went wrong.