x/vulndb: potential Go vuln in github.com/cilium/cilium-cli: GHSA-6f27-3p6c-p5jc

[GoVulnBot]

In GitHub Security Advisory GHSA-6f27-3p6c-p5jc, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/cilium/cilium-cli	0.13.2	< 0.13.2

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/cilium/cilium-cli
    versions:
      - fixed: 0.13.2
    packages:
      - package: github.com/cilium/cilium-cli
summary: '`cilium-cli` disables etcd authorization for clustermesh clusters'
description: "### Impact\n\n`cilium-cli`, when used to configure cluster mesh functionality,
    can remove the enforcement of user permissions on the `etcd` store used to mirror
    local cluster information to remote clusters. \n\nDue to an incorrect mount point
    specification, the settings specified by the `initContainer` that configures `etcd`
    users and their permissions are overwritten when using `cilium-cli` to configure
    a cluster mesh. An attacker who has already gained access to a valid key and certificate
    for an `etcd` cluster compromised in this manner could then modify state in that
    `etcd` cluster.\n\n### Patches\n\nThis issue is patched in `cilium-cli` 0.13.2\n\nAll
    previous versions of `cilium-cli` are affected. Users who have set up cluster
    meshes using the Cilium Helm chart are not affected.\n\n### Workarounds\n\nUse
    Cilium's [Helm charts](https://artifacthub.io/packages/helm/cilium/cilium) to
    create your cluster instead.\n\n### Acknowledgements\n\nThe Cilium community has
    worked together with members of Isovalent to prepare these mitigations. Special
    thanks to Marco Iorio for investigating and fixing the issue.\n\n### For more
    information\nIf you have any questions or comments about this advisory, please
    reach out on [Slack](https://docs.cilium.io/en/latest/community/community/#slack).\n\nAs
    usual, if you think you found a related vulnerability, we strongly encourage you
    to report security vulnerabilities to our private security mailing list: [security@cilium.io](mailto:security@cilium.io)
    - first, before disclosing them in any public forums. This is a private mailing
    list where only members of the Cilium internal security team are subscribed to,
    and is treated as top priority."
cves:
  - CVE-2023-28114
ghsas:
  - GHSA-6f27-3p6c-p5jc
references:
  - advisory: https://github.com/cilium/cilium-cli/security/advisories/GHSA-6f27-3p6c-p5jc
  - fix: https://github.com/cilium/cilium-cli/commit/fb1427025764e1eebc4a7710d902c4f22cae2610
  - web: https://github.com/cilium/cilium-cli/releases/tag/v0.13.2
  - advisory: https://github.com/advisories/GHSA-6f27-3p6c-p5jc

[julieqiu]

The packages are exported but this is a tool.

[gopherbot]

Change https://go.dev/cl/478875 mentions this issue: data/excluded: batch add excluded reports

[gopherbot]

Change https://go.dev/cl/479297 mentions this issue: data/excluded: batch add GO-2023-1674, GO-2023-1671, GO-2023-1670, GO-2023-1669, GO-2023-1668, GO-2023-1667, GO-2023-1662, GO-2023-1661, GO-2023-1660, GO-2023-1659, GO-2023-1658, GO-2023-1657, GO-2023-1656, GO-2023-1655, GO-2023-1654, GO-2023-1653, GO-2023-1673, GO-2023-1666, GO-2023-1665

[gopherbot]

Change https://go.dev/cl/592760 mentions this issue: data/reports: unexclude 75 reports

[gopherbot]

Change https://go.dev/cl/606784 mentions this issue: data/reports: unexclude 20 reports (4)