Skip to content
New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/docker/cli: GHSA-99pg-grm5-qq3v #2912

Closed
GoVulnBot opened this issue Jun 10, 2024 · 2 comments
Closed

x/vulndb: potential Go vuln in github.com/docker/cli: GHSA-99pg-grm5-qq3v #2912

GoVulnBot opened this issue Jun 10, 2024 · 2 comments
Assignees
@tatianab
Labels
high priority triaged

Comments

@GoVulnBot
Copy link

In GitHub Security Advisory GHSA-99pg-grm5-qq3v, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/docker/cli 20.10.9 < 20.10.9

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

id: GO-ID-PENDING
modules:
    - module: github.com/docker/cli
      versions:
        - fixed: 20.10.9+incompatible
      vulnerable_at: 20.10.8+incompatible
      packages:
        - package: github.com/docker/cli
summary: Docker CLI leaks private registry credentials to registry-1.docker.io in github.com/docker/cli
cves:
    - CVE-2021-41092
ghsas:
    - GHSA-99pg-grm5-qq3v
references:
    - advisory: https://github.com/advisories/GHSA-99pg-grm5-qq3v
    - advisory: https://github.com/docker/cli/security/advisories/GHSA-99pg-grm5-qq3v
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2021-41092
    - fix: https://github.com/docker/cli/commit/893e52cf4ba4b048d72e99748e0f86b2767c6c6b
    - web: https://cert-portal.siemens.com/productcert/pdf/ssa-222547.pdf
    - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/B5Q6G6I4W5COQE25QMC7FJY3I3PAYFBB/
    - web: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZNFADTCHHYWVM6W4NJ6CB4FNFM2VMBIB/
source:
    id: GHSA-99pg-grm5-qq3v
    created: 2024-06-10T20:01:57.293936079Z
review_status: UNREVIEWED
@tatianab tatianab self-assigned this Jul 1, 2024
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/595960 mentions this issue: data/reports: review 3 reports, add 2 reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/599177 mentions this issue: data/reports: update 3 reports

gopherbot pushed a commit that referenced this issue Jul 19, 2024
@tatianab
data/reports: update 4 reports
37c5cbe 
Remove/fix non-existent packages.

  - data/reports/GO-2021-0064.yaml
  - data/reports/GO-2021-0065.yaml
  - data/reports/GO-2024-0701.yaml
  - data/reports/GO-2024-2912.yaml

Updates #64
Updates #65
Updates #701
Updates #2912

Change-Id: Id36b6a47f75c4afb79318d0c3b9ff3b62c5be601
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/599177
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@tatianab tatianab

Labels
high priority triaged
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@tatianab @gopherbot @GoVulnBot