x/vulndb: potential Go vuln in github.com/stacklok/minder: GHSA-v627-69v2-xx37

[GoVulnBot]

In GitHub Security Advisory GHSA-v627-69v2-xx37, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/stacklok/minder	0.0.33	< 0.0.33

Cross references:

• Module github.com/stacklok/minder appears in issue x/vulndb: potential Go vuln in github.com/stacklok/minder: CVE-2024-27093 #2582 NOT_IMPORTABLE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/stacklok/minder
      versions:
        - fixed: 0.0.33
      vulnerable_at: 0.0.32
      packages:
        - package: github.com/stacklok/minder
summary: |-
    `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow
    access of arbitrary repositories in Minder by any authenticated user
cves:
    - CVE-2024-27916
ghsas:
    - GHSA-v627-69v2-xx37
references:
    - advisory: https://github.com/stacklok/minder/security/advisories/GHSA-v627-69v2-xx37
    - fix: https://github.com/stacklok/minder/commit/45750b4e9fb2de33365758366e06c19e999bd2eb
    - advisory: https://github.com/advisories/GHSA-v627-69v2-xx37

[gopherbot]

Change https://go.dev/cl/570717 mentions this issue: data/reports: add GO-2024-2608.yaml