x/vulndb: potential Go vuln in github.com/gravitl/netmaker: GHSA-6rrw-4fm9-rghv #561

julieqiu · 2022-08-01T18:10:11Z

In GitHub Security Advisory GHSA-6rrw-4fm9-rghv, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/gravitl/netmaker	0.9.4	>= 0.9.0, < 0.9.4

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/gravitl/netmaker
    versions:
      - introduced: 0.9.0
        fixed: 0.9.4
  - package: github.com/gravitl/netmaker
    versions:
      - fixed: 0.8.5
description: Netmaker prior to versions 0.8.5, 0.9.4, 0.10.0, and 0.10.1 uses a hard-coded
    cryptographic key.
published: 2022-02-19T00:01:36Z
last_modified: 2022-02-26T01:51:36Z
cves:
  - CVE-2022-0664
ghsas:
  - GHSA-6rrw-4fm9-rghv
links:
    context:
      - https://github.com/advisories/GHSA-6rrw-4fm9-rghv

The text was updated successfully, but these errors were encountered:

tatianab · 2022-08-09T19:35:33Z

Technically importable but unlikely to be imported (intended to be used as a binary)

gopherbot · 2024-06-14T19:51:15Z

Change https://go.dev/cl/592769 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:35:40Z

Change https://go.dev/cl/607220 mentions this issue: data/reports: unexclude 20 reports (18)

- data/reports/GO-2022-0507.yaml - data/reports/GO-2022-0508.yaml - data/reports/GO-2022-0509.yaml - data/reports/GO-2022-0510.yaml - data/reports/GO-2022-0511.yaml - data/reports/GO-2022-0512.yaml - data/reports/GO-2022-0516.yaml - data/reports/GO-2022-0517.yaml - data/reports/GO-2022-0518.yaml - data/reports/GO-2022-0540.yaml - data/reports/GO-2022-0547.yaml - data/reports/GO-2022-0550.yaml - data/reports/GO-2022-0554.yaml - data/reports/GO-2022-0556.yaml - data/reports/GO-2022-0559.yaml - data/reports/GO-2022-0560.yaml - data/reports/GO-2022-0561.yaml - data/reports/GO-2022-0562.yaml - data/reports/GO-2022-0566.yaml - data/reports/GO-2022-0570.yaml Updates #507 Updates #508 Updates #509 Updates #510 Updates #511 Updates #512 Updates #516 Updates #517 Updates #518 Updates #540 Updates #547 Updates #550 Updates #554 Updates #556 Updates #559 Updates #560 Updates #561 Updates #562 Updates #566 Updates #570 Change-Id: I3197ea86e01d2ed4ae9e7f17dbd7a3e495c903e4 Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607220 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

julieqiu assigned tatianab Aug 3, 2022

tatianab assigned tatianab and unassigned tatianab Aug 4, 2022

tatianab closed this as completed Aug 9, 2022

julieqiu added the NotGoVuln label Aug 10, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 10, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/gravitl/netmaker: GHSA-6rrw-4fm9-rghv #561

x/vulndb: potential Go vuln in github.com/gravitl/netmaker: GHSA-6rrw-4fm9-rghv #561

julieqiu commented Aug 1, 2022

tatianab commented Aug 9, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/gravitl/netmaker: GHSA-6rrw-4fm9-rghv #561

x/vulndb: potential Go vuln in github.com/gravitl/netmaker: GHSA-6rrw-4fm9-rghv #561

Comments

julieqiu commented Aug 1, 2022

tatianab commented Aug 9, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024