Skip to content

Commit 7162f20

Browse files
tatianabtatianab
committed
data/reports: add 28 unreviewed reports
 - data/reports/GO-2024-2998.yaml - data/reports/GO-2024-2999.yaml - data/reports/GO-2024-3002.yaml - data/reports/GO-2024-3006.yaml - data/reports/GO-2024-3007.yaml - data/reports/GO-2024-3008.yaml - data/reports/GO-2024-3009.yaml - data/reports/GO-2024-3010.yaml - data/reports/GO-2024-3011.yaml - data/reports/GO-2024-3013.yaml - data/reports/GO-2024-3014.yaml - data/reports/GO-2024-3015.yaml - data/reports/GO-2024-3019.yaml - data/reports/GO-2024-3023.yaml - data/reports/GO-2024-3026.yaml - data/reports/GO-2024-3027.yaml - data/reports/GO-2024-3028.yaml - data/reports/GO-2024-3029.yaml - data/reports/GO-2024-3032.yaml - data/reports/GO-2024-3033.yaml - data/reports/GO-2024-3034.yaml - data/reports/GO-2024-3035.yaml - data/reports/GO-2024-3036.yaml - data/reports/GO-2024-3037.yaml - data/reports/GO-2024-3038.yaml - data/reports/GO-2024-3039.yaml - data/reports/GO-2024-3040.yaml - data/reports/GO-2024-3042.yaml Fixes #2998 Fixes #2999 Fixes #3002 Fixes #3006 Fixes #3007 Fixes #3008 Fixes #3009 Fixes #3010 Fixes #3011 Fixes #3013 Fixes #3014 Fixes #3015 Fixes #3019 Fixes #3023 Fixes #3026 Fixes #3027 Fixes #3028 Fixes #3029 Fixes #3032 Fixes #3033 Fixes #3034 Fixes #3035 Fixes #3036 Fixes #3037 Fixes #3038 Fixes #3039 Fixes #3040 Fixes #3042 Change-Id: Ie78928b0b85b48f42f3f10e29ba0a8d81591c4f3 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/603235 Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
1 parent 65d84be commit 7162f20

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

56 files changed

+2882
-0
lines changed

data/osv/GO-2024-2998.json

+81
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,81 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2998",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-41122",
8+
"GHSA-3wf2-2pq4-4rvc"
9+
],
10+
"summary": "Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker",
11+
"details": "Woodpecker's custom environment variables allow to alter execution flow of plugins in go.woodpecker-ci.org/woodpecker",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "go.woodpecker-ci.org/woodpecker",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "go.woodpecker-ci.org/woodpecker/v2",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "0"
41+
},
42+
{
43+
"fixed": "2.7.0"
44+
}
45+
]
46+
}
47+
],
48+
"ecosystem_specific": {}
49+
}
50+
],
51+
"references": [
52+
{
53+
"type": "ADVISORY",
54+
"url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-3wf2-2pq4-4rvc"
55+
},
56+
{
57+
"type": "ADVISORY",
58+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41122"
59+
},
60+
{
61+
"type": "WEB",
62+
"url": "https://github.com/woodpecker-ci/woodpecker/commit/8aa3e5ec82c92eca3279e4be68625111eeedf1c4"
63+
},
64+
{
65+
"type": "WEB",
66+
"url": "https://github.com/woodpecker-ci/woodpecker/issues/3929"
67+
},
68+
{
69+
"type": "WEB",
70+
"url": "https://github.com/woodpecker-ci/woodpecker/pull/3909"
71+
},
72+
{
73+
"type": "WEB",
74+
"url": "https://github.com/woodpecker-ci/woodpecker/pull/3934"
75+
}
76+
],
77+
"database_specific": {
78+
"url": "https://pkg.go.dev/vuln/GO-2024-2998",
79+
"review_status": "UNREVIEWED"
80+
}
81+
}

data/osv/GO-2024-2999.json

+77
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,77 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-2999",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-41121",
8+
"GHSA-xw35-rrcp-g7xm"
9+
],
10+
"summary": "Woodpecker's custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker",
11+
"details": "Woodpecker's custom workspace allow to overwrite plugin entrypoint executable in go.woodpecker-ci.org/woodpecker",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "go.woodpecker-ci.org/woodpecker",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "go.woodpecker-ci.org/woodpecker/v2",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "0"
41+
},
42+
{
43+
"fixed": "2.7.0"
44+
}
45+
]
46+
}
47+
],
48+
"ecosystem_specific": {}
49+
}
50+
],
51+
"references": [
52+
{
53+
"type": "ADVISORY",
54+
"url": "https://github.com/woodpecker-ci/woodpecker/security/advisories/GHSA-xw35-rrcp-g7xm"
55+
},
56+
{
57+
"type": "ADVISORY",
58+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41121"
59+
},
60+
{
61+
"type": "WEB",
62+
"url": "https://github.com/woodpecker-ci/woodpecker/commit/764329ed1dbc47c4a517ccc749e3feb34059fac8"
63+
},
64+
{
65+
"type": "WEB",
66+
"url": "https://github.com/woodpecker-ci/woodpecker/issues/3924"
67+
},
68+
{
69+
"type": "WEB",
70+
"url": "https://github.com/woodpecker-ci/woodpecker/pull/3933"
71+
}
72+
],
73+
"database_specific": {
74+
"url": "https://pkg.go.dev/vuln/GO-2024-2999",
75+
"review_status": "UNREVIEWED"
76+
}
77+
}

data/osv/GO-2024-3002.json

+89
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3002",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-40634",
8+
"GHSA-jmvp-698c-4x3w"
9+
],
10+
"summary": "Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd",
11+
"details": "Argo CD Unauthenticated Denial of Service (DoS) Vulnerability via /api/webhook Endpoint in github.com/argoproj/argo-cd",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/argoproj/argo-cd",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "1.0.0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "github.com/argoproj/argo-cd/v2",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "0"
41+
},
42+
{
43+
"fixed": "2.9.20"
44+
},
45+
{
46+
"introduced": "2.10.0"
47+
},
48+
{
49+
"fixed": "2.10.15"
50+
},
51+
{
52+
"introduced": "2.11.0"
53+
},
54+
{
55+
"fixed": "2.11.6"
56+
}
57+
]
58+
}
59+
],
60+
"ecosystem_specific": {}
61+
}
62+
],
63+
"references": [
64+
{
65+
"type": "ADVISORY",
66+
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-jmvp-698c-4x3w"
67+
},
68+
{
69+
"type": "ADVISORY",
70+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-40634"
71+
},
72+
{
73+
"type": "FIX",
74+
"url": "https://github.com/argoproj/argo-cd/commit/46c0c0b64deaab1ece70cb701030b76668ad0cdc"
75+
},
76+
{
77+
"type": "FIX",
78+
"url": "https://github.com/argoproj/argo-cd/commit/540e3a57b90eb3655db54793332fac86bcc38b36"
79+
},
80+
{
81+
"type": "FIX",
82+
"url": "https://github.com/argoproj/argo-cd/commit/d881ee78949e23160a0b280bb159e4d3d625a4df"
83+
}
84+
],
85+
"database_specific": {
86+
"url": "https://pkg.go.dev/vuln/GO-2024-3002",
87+
"review_status": "UNREVIEWED"
88+
}
89+
}

data/osv/GO-2024-3006.json

+93
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,93 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2024-3006",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2024-41666",
8+
"GHSA-v8wx-v5jq-qhhw"
9+
],
10+
"summary": "The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd",
11+
"details": "The Argo CD web terminal session does not handle the revocation of user permissions properly in github.com/argoproj/argo-cd",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/argoproj/argo-cd",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "github.com/argoproj/argo-cd/v2",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "2.6.0"
41+
},
42+
{
43+
"fixed": "2.9.21"
44+
},
45+
{
46+
"introduced": "2.10.0"
47+
},
48+
{
49+
"fixed": "2.10.16"
50+
},
51+
{
52+
"introduced": "2.11.0"
53+
},
54+
{
55+
"fixed": "2.11.7"
56+
}
57+
]
58+
}
59+
],
60+
"ecosystem_specific": {}
61+
}
62+
],
63+
"references": [
64+
{
65+
"type": "ADVISORY",
66+
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-v8wx-v5jq-qhhw"
67+
},
68+
{
69+
"type": "ADVISORY",
70+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2024-41666"
71+
},
72+
{
73+
"type": "FIX",
74+
"url": "https://github.com/argoproj/argo-cd/commit/05edb2a9ca48f0f10608c1b49fbb0cf7164f6476"
75+
},
76+
{
77+
"type": "FIX",
78+
"url": "https://github.com/argoproj/argo-cd/commit/e96f32d233504101ddac028a5bf8117433d333d6"
79+
},
80+
{
81+
"type": "FIX",
82+
"url": "https://github.com/argoproj/argo-cd/commit/ef535230d8bd8ad7b18aab1ea1063e9751d348c4"
83+
},
84+
{
85+
"type": "WEB",
86+
"url": "https://drive.google.com/file/d/1Fynj5Sho8Lf8CETqsNXZyPKlTDdmgJuN/view?usp=sharing"
87+
}
88+
],
89+
"database_specific": {
90+
"url": "https://pkg.go.dev/vuln/GO-2024-3006",
91+
"review_status": "UNREVIEWED"
92+
}
93+
}

0 commit comments

Comments
 (0)