Skip to content

Commit

Permalink
data/reports: add 9 unreviewed reports
Browse files Browse the repository at this point in the history 
  - data/reports/GO-2025-3431.yaml
  - data/reports/GO-2025-3433.yaml
  - data/reports/GO-2025-3434.yaml
  - data/reports/GO-2025-3435.yaml
  - data/reports/GO-2025-3436.yaml
  - data/reports/GO-2025-3437.yaml
  - data/reports/GO-2025-3438.yaml
  - data/reports/GO-2025-3444.yaml
  - data/reports/GO-2025-3445.yaml

Fixes #3431
Fixes #3433
Fixes #3434
Fixes #3435
Fixes #3436
Fixes #3437
Fixes #3438
Fixes #3444
Fixes #3445

Change-Id: Ic278fc9feb5568aab450f0ee6c8a155e9998abed
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/646595
Reviewed-by: Neal Patel <[email protected]>
Auto-Submit: Tatiana Bradley <[email protected]>
Reviewed-by: Damien Neil <[email protected]>
LUCI-TryBot-Result: Go LUCI <[email protected]>
  • Loading branch information
@tatianab @gopherbot
tatianab authored and gopherbot committed Feb 4, 2025
1 parent 953c816 commit f230a55
Show file tree
Hide file tree
Showing 18 changed files with 729 additions and 0 deletions.
52 changes: 52 additions & 0 deletions data/osv/GO-2025-3431.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2025-3431",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2025-24884",
"GHSA-hcr5-wv4p-h2g2"
],
"summary": "kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest",
"details": "kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest",
"affected": [
{
"package": {
"name": "github.com/RichardoC/kube-audit-rest",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "0.0.0-20250129191722-db1aa5b86725"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24884"
},
{
"type": "FIX",
"url": "https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3431",
"review_status": "UNREVIEWED"
}
}
89 changes: 89 additions & 0 deletions data/osv/GO-2025-3433.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
{
"schema_version": "1.3.1",
"id": "GO-2025-3433",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2025-23216",
"GHSA-47g2-qmh2-749v"
],
"summary": "Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd",
"details": "Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd",
"affected": [
{
"package": {
"name": "github.com/argoproj/argo-cd",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
},
{
"package": {
"name": "github.com/argoproj/argo-cd/v2",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
},
{
"fixed": "2.11.13"
},
{
"introduced": "2.12.0"
},
{
"fixed": "2.12.10"
},
{
"introduced": "2.13.0"
},
{
"fixed": "2.13.4"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23216"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3433",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2025-3434.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2025-3434",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2025-24376",
"GHSA-fc89-jghx-8pvg"
],
"summary": "KubeWarden's AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources in github.com/kubewarden/kubewarden-controller",
"details": "KubeWarden's AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources in github.com/kubewarden/kubewarden-controller",
"affected": [
{
"package": {
"name": "github.com/kubewarden/kubewarden-controller",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.7.0"
},
{
"fixed": "1.21.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/kubewarden/kubewarden-controller/security/advisories/GHSA-fc89-jghx-8pvg"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24376"
},
{
"type": "FIX",
"url": "https://github.com/kubewarden/kubewarden-controller/commit/8124039b5f0c955d0ee8c8ca12d4415282f02d2c"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3434",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2025-3435.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2025-3435",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2025-24784",
"GHSA-756x-m4mj-q96c"
],
"summary": "Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller",
"details": "Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller",
"affected": [
{
"package": {
"name": "github.com/kubewarden/kubewarden-controller",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.17.0"
},
{
"fixed": "1.21.0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/kubewarden/kubewarden-controller/security/advisories/GHSA-756x-m4mj-q96c"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24784"
},
{
"type": "FIX",
"url": "https://github.com/kubewarden/kubewarden-controller/commit/51a88dfbb4c090ce0f76a22d98106518e0824d0b"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3435",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2025-3436.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2025-3436",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"CVE-2025-24883",
"GHSA-q26p-9cq4-7fc2"
],
"summary": "Go Ethereum vulnerable to DoS via malicious p2p message in github.com/ethereum/go-ethereum",
"details": "Go Ethereum vulnerable to DoS via malicious p2p message in github.com/ethereum/go-ethereum",
"affected": [
{
"package": {
"name": "github.com/ethereum/go-ethereum",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "1.14.0"
},
{
"fixed": "1.14.13"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2"
},
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24883"
},
{
"type": "FIX",
"url": "https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3436",
"review_status": "UNREVIEWED"
}
}
52 changes: 52 additions & 0 deletions data/osv/GO-2025-3437.json
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,52 @@
{
"schema_version": "1.3.1",
"id": "GO-2025-3437",
"modified": "0001-01-01T00:00:00Z",
"published": "0001-01-01T00:00:00Z",
"aliases": [
"GHSA-274v-mgcv-cm8j"
],
"summary": "Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine",
"details": "Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine",
"affected": [
{
"package": {
"name": "github.com/argoproj/gitops-engine",
"ecosystem": "Go"
},
"ranges": [
{
"type": "SEMVER",
"events": [
{
"introduced": "0"
}
]
}
],
"ecosystem_specific": {}
}
],
"references": [
{
"type": "ADVISORY",
"url": "https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j"
},
{
"type": "FIX",
"url": "https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107"
},
{
"type": "WEB",
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2025-3437",
"review_status": "UNREVIEWED"
}
}
Loading

0 comments on commit f230a55

Please sign in to comment.