x/vulndb: potential Go vuln in github.com/brokercap/Bifrost: GHSA-mxrx-fg8p-5p5j #1067

GoVulnBot · 2022-10-18T20:01:18Z

In GitHub Security Advisory GHSA-mxrx-fg8p-5p5j, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/brokercap/Bifrost	1.8.7-release	< 1.8.7-release

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - fixed: 1.8.7-release
    packages:
      - package: github.com/brokercap/Bifrost
description: |-
    ### Impact
    The admin and monitor user groups need to be authenticated by username and password. If we delete the X-Requested-With: XMLHttpRequest field in the request header,the authentication will be bypassed.

    ### Patches
    https://github.com/brockercap/Bifrost/pull/201

    ### Workarounds
    Upgrade to the latest version
cves:
  - CVE-2022-39267
ghsas:
  - GHSA-mxrx-fg8p-5p5j

The text was updated successfully, but these errors were encountered:

gopherbot · 2022-10-19T22:02:25Z

Change https://go.dev/cl/443645 mentions this issue: data/excluded: add GO-2022-1067.yaml for CVE-2022-39267

gopherbot · 2024-06-14T19:59:01Z

Change https://go.dev/cl/592774 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:38:02Z

Change https://go.dev/cl/607230 mentions this issue: data/reports: unexclude 20 reports (28)

- data/reports/GO-2022-0985.yaml - data/reports/GO-2022-0986.yaml - data/reports/GO-2022-0987.yaml - data/reports/GO-2022-0989.yaml - data/reports/GO-2022-0995.yaml - data/reports/GO-2022-1000.yaml - data/reports/GO-2022-1006.yaml - data/reports/GO-2022-1014.yaml - data/reports/GO-2022-1015.yaml - data/reports/GO-2022-1019.yaml - data/reports/GO-2022-1021.yaml - data/reports/GO-2022-1023.yaml - data/reports/GO-2022-1029.yaml - data/reports/GO-2022-1032.yaml - data/reports/GO-2022-1033.yaml - data/reports/GO-2022-1060.yaml - data/reports/GO-2022-1062.yaml - data/reports/GO-2022-1065.yaml - data/reports/GO-2022-1066.yaml - data/reports/GO-2022-1067.yaml Updates #985 Updates #986 Updates #987 Updates #989 Updates #995 Updates #1000 Updates #1006 Updates #1014 Updates #1015 Updates #1019 Updates #1021 Updates #1023 Updates #1029 Updates #1032 Updates #1033 Updates #1060 Updates #1062 Updates #1065 Updates #1066 Updates #1067 Change-Id: I27b6f79e1898a13040a758a71348464c5e7c72a9 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607230 Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Reviewed-by: Damien Neil <dneil@google.com> Commit-Queue: Tatiana Bradley <tatianabradley@google.com>

tatianab added the NeedsTriage label Oct 19, 2022

tatianab mentioned this issue Oct 19, 2022

x/vulndb: potential Go vuln in github.com/brokercap/Bifrost: CVE-2022-39267 #1070

Closed

tatianab added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NeedsTriage labels Oct 19, 2022

gopherbot closed this as completed in 60704a8 Oct 21, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/brokercap/Bifrost: GHSA-mxrx-fg8p-5p5j #1067

x/vulndb: potential Go vuln in github.com/brokercap/Bifrost: GHSA-mxrx-fg8p-5p5j #1067

GoVulnBot commented Oct 18, 2022

gopherbot commented Oct 19, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/brokercap/Bifrost: GHSA-mxrx-fg8p-5p5j #1067

x/vulndb: potential Go vuln in github.com/brokercap/Bifrost: GHSA-mxrx-fg8p-5p5j #1067

Comments

GoVulnBot commented Oct 18, 2022

gopherbot commented Oct 19, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024