Skip to content

x/vulndb: potential Go vuln in sigs.k8s.io/aws-iam-authenticator: GHSA-pp3f-98qg-5g75 #547

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
julieqiu opened this issue Aug 1, 2022 · 2 comments
Closed

x/vulndb: potential Go vuln in sigs.k8s.io/aws-iam-authenticator: GHSA-pp3f-98qg-5g75 #547

julieqiu opened this issue Aug 1, 2022 · 2 comments
Assignees
@neild
Labels
excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module.

Comments

@julieqiu
Copy link
Member

julieqiu commented Aug 1, 2022

In GitHub Security Advisory GHSA-pp3f-98qg-5g75, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
sigs.k8s.io/aws-iam-authenticator 0.5.9 < 0.5.9

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: sigs.k8s.io/aws-iam-authenticator
    versions:
      - fixed: 0.5.9
description: A security issue was discovered in aws-iam-authenticator where an allow-listed
    IAM identity may be able to modify their username and escalate privileges.
published: 2022-07-13T00:00:41Z
last_modified: 2022-07-21T15:22:32Z
cves:
  - CVE-2022-2385
ghsas:
  - GHSA-pp3f-98qg-5g75
links:
    context:
      - https://github.com/advisories/GHSA-pp3f-98qg-5g75
@julieqiu julieqiu assigned neild and unassigned zpavlinovic Aug 15, 2022
@neild neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NeedsTriage labels Aug 22, 2022
@neild neild closed this as completed Aug 22, 2022
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/592768 mentions this issue: data/reports: unexclude 50 reports

@gopherbot
Copy link
Contributor

Change https://go.dev/cl/607220 mentions this issue: data/reports: unexclude 20 reports (18)

gopherbot pushed a commit that referenced this issue Aug 21, 2024
@tatianab @gopherbot
data/reports: unexclude 20 reports (18)
2c69a3a 
  - data/reports/GO-2022-0507.yaml
  - data/reports/GO-2022-0508.yaml
  - data/reports/GO-2022-0509.yaml
  - data/reports/GO-2022-0510.yaml
  - data/reports/GO-2022-0511.yaml
  - data/reports/GO-2022-0512.yaml
  - data/reports/GO-2022-0516.yaml
  - data/reports/GO-2022-0517.yaml
  - data/reports/GO-2022-0518.yaml
  - data/reports/GO-2022-0540.yaml
  - data/reports/GO-2022-0547.yaml
  - data/reports/GO-2022-0550.yaml
  - data/reports/GO-2022-0554.yaml
  - data/reports/GO-2022-0556.yaml
  - data/reports/GO-2022-0559.yaml
  - data/reports/GO-2022-0560.yaml
  - data/reports/GO-2022-0561.yaml
  - data/reports/GO-2022-0562.yaml
  - data/reports/GO-2022-0566.yaml
  - data/reports/GO-2022-0570.yaml

Updates #507
Updates #508
Updates #509
Updates #510
Updates #511
Updates #512
Updates #516
Updates #517
Updates #518
Updates #540
Updates #547
Updates #550
Updates #554
Updates #556
Updates #559
Updates #560
Updates #561
Updates #562
Updates #566
Updates #570

Change-Id: I3197ea86e01d2ed4ae9e7f17dbd7a3e495c903e4
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607220
Reviewed-by: Damien Neil <dneil@google.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@neild neild

Labels
excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module.
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@neild @zpavlinovic @julieqiu @gopherbot