x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-12608 #2209

tatianab · 2023-11-08T22:01:55Z

CVE-2018-12608 references github.com/moby/moby, which may be a Go module.

Description:
An issue was discovered in Docker Moby before 17.06.0. The Docker engine validated a client TLS certificate using both the configured client CA root certificate and all system roots on non-Windows systems. This allowed a client with any domain validated certificate signed by a system-trusted root CA (as opposed to one signed by the configured CA root certificate) to authenticate.

References:

Cross references:

Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2022-24769 #390 EFFECTIVELY_PRIVATE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-8fvr-5rqf-3wwh #638 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-v4h8-794j-g8mm #708 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-vj3f-3286-r4pf #751 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2022-36109 #985 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-vp35-85q5-9f25 #1107 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2023-28840 #1699 EFFECTIVELY_PRIVATE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2023-28841 #1700 EFFECTIVELY_PRIVATE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2023-28842 #1701 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/moby/moby
      vulnerable_at: 24.0.7+incompatible
      packages:
        - package: n/a
cves:
    - CVE-2018-12608
references:
    - fix: https://github.com/moby/moby/pull/33182

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-08T22:29:09Z

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports

tatianab added the excluded: LEGACY_FALSE_POSITIVE (DO NOT USE) Vulnerability marked as false positive before we introduced the triage process label Nov 8, 2023

gopherbot closed this as completed in 497caf9 Nov 8, 2023

GoVulnBot mentioned this issue Apr 18, 2024

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2024-32473 #2737

Closed

GoVulnBot mentioned this issue Jul 24, 2024

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2024-41110 #3005

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-12608 #2209

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-12608 #2209

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-12608 #2209

x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-12608 #2209

Comments

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023