Skip to content

Commit

Permalink
data/reports: update GO-2022-0578
Browse files Browse the repository at this point in the history
  - data/reports/GO-2022-0578.yaml

Updates #578
Fixes #3115

Change-Id: Iad3d980038a8750ffc6b3c63001b0010f1b7cc9c
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/610798
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
TryBot-Bypass: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
  • Loading branch information
tatianab authored and gopherbot committed Sep 5, 2024
1 parent 22fa4ff commit 6c9e647
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 3 deletions.
3 changes: 3 additions & 0 deletions data/osv/GO-2022-0578.json
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,9 @@
"events": [
{
"introduced": "1.8.0"
},
{
"fixed": "1.8.5"
}
]
}
Expand Down
10 changes: 7 additions & 3 deletions data/reports/GO-2022-0578.yaml
Original file line number Diff line number Diff line change
Expand Up @@ -3,9 +3,8 @@ modules:
- module: github.com/hashicorp/vault
versions:
- introduced: 1.8.0
unsupported_versions:
- last_affected: 1.8.4
vulnerable_at: 1.17.3
- fixed: 1.8.5
vulnerable_at: 1.8.4
summary: Incorrect Privilege Assignment in HashiCorp Vault in github.com/hashicorp/vault
cves:
- CVE-2021-42135
Expand All @@ -16,6 +15,11 @@ references:
- advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-42135
- web: https://discuss.hashicorp.com/t/hcsec-2021-28-vaults-google-cloud-secrets-engine-policies-with-globs-may-provide-additional-privileges-in-vault-1-8-0-onwards
- web: https://github.com/hashicorp/vault/blob/main/CHANGELOG.md#180
notes:
- |
manually changed 'last_affected: 1.8.4' to 'fixed: 1.8.5'. The fix appears to be
only a documentation clarification; but this is an old enough vulnerability that
the new documentation should have had enough time to reach users.
source:
id: GHSA-362v-wg5p-64w2
created: 2024-08-20T14:05:02.493104-04:00
Expand Down

0 comments on commit 6c9e647

Please # to comment.