x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2h9c-34v6-3qmr #1985

GoVulnBot · 2023-08-01T00:01:27Z

In GitHub Security Advisory GHSA-2h9c-34v6-3qmr, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
k8s.io/kubernetes	1.2.0-alpha.6	< 1.2.0-alpha.6

Cross references:

Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-qh36-44jv-c8xj #617 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/apiserver: GHSA-pmqp-h87c-mr78 #703 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/util/mount: GHSA-wqwf-x5cj-rg56 #886 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2020-8561, GHSA-74j8-88mm-7496 #904 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25735, GHSA-g42g-737j-qx6j #907 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25737, GHSA-mfv7-gq43-w965 #908 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25740, GHSA-vw47-mr44-3jf9 #909 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2021-25741, GHSA-f5f7-6478-qm6p #910 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: CVE-2020-8554, GHSA-j9wf-vvm6-4r9w #940 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes/pkg/kubectl: CVE-2021-25743, GHSA-f9jg-8p32-2f55 #983 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2jx2-76rc-2v7v #1492 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-xc8m-28vv-4pjc #1864 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-qc2g-gmh6-95p4 #1891 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-cgcv-5272-97pr #1892 NOT_IMPORTABLE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-f4w6-3rh6-6q4q #1943 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-q4rr-64r9-fwgf #1946 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2jq6-ffph-p4h8 #1959 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-mm7g-f2gg-cw8g #1977 EFFECTIVELY_PRIVATE
Module k8s.io/kubernetes appears in issue dummy issue #64
Module k8s.io/kubernetes appears in issue dummy issue #65
Module k8s.io/kubernetes appears in issue dummy issue #66
Module k8s.io/kubernetes appears in issue x/vulndb: potential Go vuln in github.com/kubernetes/kubernetes: GHSA-jp32-vmm6-3vf5 #701

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: k8s.io/kubernetes
      versions:
        - fixed: 1.2.0-alpha.6
      vulnerable_at: 1.2.0-alpha.5
      packages:
        - package: k8s.io/kubernetes
summary: Kubernetes in OpenShift3 Access Control Misconfiguration
description: |-
    Kubernetes in OpenShift3 allows remote authenticated users to use the private
    images of other users should they know the name of said image.
cves:
    - CVE-2015-7561
ghsas:
    - GHSA-2h9c-34v6-3qmr
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2015-7561
    - fix: https://github.com/kubernetes/kubernetes/pull/18909
    - web: https://bugzilla.redhat.com/show_bug.cgi?id=1291963
    - advisory: https://github.com/advisories/GHSA-2h9c-34v6-3qmr

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-08-04T16:45:52Z

Change https://go.dev/cl/516055 mentions this issue: data/excluded: batch add 10 excluded reports

gopherbot · 2024-06-14T17:50:03Z

Change https://go.dev/cl/592762 mentions this issue: data/reports: unexclude 75 reports

gopherbot · 2024-08-20T16:52:39Z

Change https://go.dev/cl/606789 mentions this issue: data/reports: unexclude 20 reports (9)

- data/reports/GO-2023-1955.yaml - data/reports/GO-2023-1956.yaml - data/reports/GO-2023-1957.yaml - data/reports/GO-2023-1959.yaml - data/reports/GO-2023-1961.yaml - data/reports/GO-2023-1962.yaml - data/reports/GO-2023-1965.yaml - data/reports/GO-2023-1971.yaml - data/reports/GO-2023-1972.yaml - data/reports/GO-2023-1973.yaml - data/reports/GO-2023-1977.yaml - data/reports/GO-2023-1979.yaml - data/reports/GO-2023-1980.yaml - data/reports/GO-2023-1982.yaml - data/reports/GO-2023-1985.yaml - data/reports/GO-2023-1986.yaml - data/reports/GO-2023-1991.yaml - data/reports/GO-2023-1993.yaml - data/reports/GO-2023-1995.yaml - data/reports/GO-2023-1996.yaml Updates #1955 Updates #1956 Updates #1957 Updates #1959 Updates #1961 Updates #1962 Updates #1965 Updates #1971 Updates #1972 Updates #1973 Updates #1977 Updates #1979 Updates #1980 Updates #1982 Updates #1985 Updates #1986 Updates #1991 Updates #1993 Updates #1995 Updates #1996 Change-Id: I681627cba89cee6d3bc2def3924c65a3b5da4453 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606789 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

tatianab self-assigned this Aug 1, 2023

tatianab added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Aug 4, 2023

gopherbot closed this as completed in 65508f5 Aug 4, 2023

GoVulnBot mentioned this issue Nov 1, 2023

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-q78c-gwqw-jcmc #2170

Closed

This was referenced Nov 10, 2023

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-7fxm-f474-hf8w #2330

Closed

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-hq6q-c2x6-hmch #2341

Closed

GoVulnBot mentioned this issue Apr 23, 2024

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-pxhw-596r-rwq5 #2746

Closed

GoVulnBot mentioned this issue Jul 18, 2024

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-82m2-cv7p-4m75 #2994

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2h9c-34v6-3qmr #1985

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2h9c-34v6-3qmr #1985

GoVulnBot commented Aug 1, 2023

gopherbot commented Aug 4, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2h9c-34v6-3qmr #1985

x/vulndb: potential Go vuln in k8s.io/kubernetes: GHSA-2h9c-34v6-3qmr #1985

Comments

GoVulnBot commented Aug 1, 2023

gopherbot commented Aug 4, 2023

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024