Skip to content

Commit f230a55

Browse files
tatianabgopherbot
tatianab
authored and
gopherbot
committed
data/reports: add 9 unreviewed reports
 - data/reports/GO-2025-3431.yaml - data/reports/GO-2025-3433.yaml - data/reports/GO-2025-3434.yaml - data/reports/GO-2025-3435.yaml - data/reports/GO-2025-3436.yaml - data/reports/GO-2025-3437.yaml - data/reports/GO-2025-3438.yaml - data/reports/GO-2025-3444.yaml - data/reports/GO-2025-3445.yaml Fixes #3431 Fixes #3433 Fixes #3434 Fixes #3435 Fixes #3436 Fixes #3437 Fixes #3438 Fixes #3444 Fixes #3445 Change-Id: Ic278fc9feb5568aab450f0ee6c8a155e9998abed Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/646595 Reviewed-by: Neal Patel <[email protected]> Auto-Submit: Tatiana Bradley <[email protected]> Reviewed-by: Damien Neil <[email protected]> LUCI-TryBot-Result: Go LUCI <[email protected]>
1 parent 953c816 commit f230a55

18 files changed

+729
-0
lines changed

data/osv/GO-2025-3431.json

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3431",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-24884",
8+
"GHSA-hcr5-wv4p-h2g2"
9+
],
10+
"summary": "kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest",
11+
"details": "kube-audit-rest's example logging configuration could disclose secret values in the audit log in github.com/RichardoC/kube-audit-rest",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/RichardoC/kube-audit-rest",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
},
25+
{
26+
"fixed": "0.0.0-20250129191722-db1aa5b86725"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/RichardoC/kube-audit-rest/security/advisories/GHSA-hcr5-wv4p-h2g2"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24884"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/RichardoC/kube-audit-rest/commit/db1aa5b867256b0a7bf206544c6981ab068b73dc"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2025-3431",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

data/osv/GO-2025-3433.json

+89
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,89 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3433",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-23216",
8+
"GHSA-47g2-qmh2-749v"
9+
],
10+
"summary": "Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd",
11+
"details": "Argo CD does not scrub secret values from patch errors in github.com/argoproj/argo-cd",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/argoproj/argo-cd",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "0"
24+
}
25+
]
26+
}
27+
],
28+
"ecosystem_specific": {}
29+
},
30+
{
31+
"package": {
32+
"name": "github.com/argoproj/argo-cd/v2",
33+
"ecosystem": "Go"
34+
},
35+
"ranges": [
36+
{
37+
"type": "SEMVER",
38+
"events": [
39+
{
40+
"introduced": "0"
41+
},
42+
{
43+
"fixed": "2.11.13"
44+
},
45+
{
46+
"introduced": "2.12.0"
47+
},
48+
{
49+
"fixed": "2.12.10"
50+
},
51+
{
52+
"introduced": "2.13.0"
53+
},
54+
{
55+
"fixed": "2.13.4"
56+
}
57+
]
58+
}
59+
],
60+
"ecosystem_specific": {}
61+
}
62+
],
63+
"references": [
64+
{
65+
"type": "ADVISORY",
66+
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v"
67+
},
68+
{
69+
"type": "ADVISORY",
70+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-23216"
71+
},
72+
{
73+
"type": "FIX",
74+
"url": "https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107"
75+
},
76+
{
77+
"type": "WEB",
78+
"url": "https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca"
79+
},
80+
{
81+
"type": "WEB",
82+
"url": "https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j"
83+
}
84+
],
85+
"database_specific": {
86+
"url": "https://pkg.go.dev/vuln/GO-2025-3433",
87+
"review_status": "UNREVIEWED"
88+
}
89+
}

data/osv/GO-2025-3434.json

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3434",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-24376",
8+
"GHSA-fc89-jghx-8pvg"
9+
],
10+
"summary": "KubeWarden's AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources in github.com/kubewarden/kubewarden-controller",
11+
"details": "KubeWarden's AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources in github.com/kubewarden/kubewarden-controller",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/kubewarden/kubewarden-controller",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "1.7.0"
24+
},
25+
{
26+
"fixed": "1.21.0"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/kubewarden/kubewarden-controller/security/advisories/GHSA-fc89-jghx-8pvg"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24376"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/kubewarden/kubewarden-controller/commit/8124039b5f0c955d0ee8c8ca12d4415282f02d2c"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2025-3434",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

data/osv/GO-2025-3435.json

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3435",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-24784",
8+
"GHSA-756x-m4mj-q96c"
9+
],
10+
"summary": "Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller",
11+
"details": "Kubewarden-Controller information leak via AdmissionPolicyGroup Resource in github.com/kubewarden/kubewarden-controller",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/kubewarden/kubewarden-controller",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "1.17.0"
24+
},
25+
{
26+
"fixed": "1.21.0"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/kubewarden/kubewarden-controller/security/advisories/GHSA-756x-m4mj-q96c"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24784"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/kubewarden/kubewarden-controller/commit/51a88dfbb4c090ce0f76a22d98106518e0824d0b"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2025-3435",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

data/osv/GO-2025-3436.json

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3436",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"CVE-2025-24883",
8+
"GHSA-q26p-9cq4-7fc2"
9+
],
10+
"summary": "Go Ethereum vulnerable to DoS via malicious p2p message in github.com/ethereum/go-ethereum",
11+
"details": "Go Ethereum vulnerable to DoS via malicious p2p message in github.com/ethereum/go-ethereum",
12+
"affected": [
13+
{
14+
"package": {
15+
"name": "github.com/ethereum/go-ethereum",
16+
"ecosystem": "Go"
17+
},
18+
"ranges": [
19+
{
20+
"type": "SEMVER",
21+
"events": [
22+
{
23+
"introduced": "1.14.0"
24+
},
25+
{
26+
"fixed": "1.14.13"
27+
}
28+
]
29+
}
30+
],
31+
"ecosystem_specific": {}
32+
}
33+
],
34+
"references": [
35+
{
36+
"type": "ADVISORY",
37+
"url": "https://github.com/ethereum/go-ethereum/security/advisories/GHSA-q26p-9cq4-7fc2"
38+
},
39+
{
40+
"type": "ADVISORY",
41+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-24883"
42+
},
43+
{
44+
"type": "FIX",
45+
"url": "https://github.com/ethereum/go-ethereum/commit/fa9a2ff8687ec9efe57b4b9833d5590d20f8a83f"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2025-3436",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

data/osv/GO-2025-3437.json

+52
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
{
2+
"schema_version": "1.3.1",
3+
"id": "GO-2025-3437",
4+
"modified": "0001-01-01T00:00:00Z",
5+
"published": "0001-01-01T00:00:00Z",
6+
"aliases": [
7+
"GHSA-274v-mgcv-cm8j"
8+
],
9+
"summary": "Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine",
10+
"details": "Argo CD GitOps Engine does not scrub secret values from patch errors in github.com/argoproj/gitops-engine",
11+
"affected": [
12+
{
13+
"package": {
14+
"name": "github.com/argoproj/gitops-engine",
15+
"ecosystem": "Go"
16+
},
17+
"ranges": [
18+
{
19+
"type": "SEMVER",
20+
"events": [
21+
{
22+
"introduced": "0"
23+
}
24+
]
25+
}
26+
],
27+
"ecosystem_specific": {}
28+
}
29+
],
30+
"references": [
31+
{
32+
"type": "ADVISORY",
33+
"url": "https://github.com/argoproj/gitops-engine/security/advisories/GHSA-274v-mgcv-cm8j"
34+
},
35+
{
36+
"type": "FIX",
37+
"url": "https://github.com/argoproj/gitops-engine/commit/7e21b91e9d0f64104c8a661f3f390c5e6d73ddca"
38+
},
39+
{
40+
"type": "WEB",
41+
"url": "https://github.com/argoproj/argo-cd/commit/6f5537bdf15ddbaa0f27a1a678632ff0743e4107"
42+
},
43+
{
44+
"type": "WEB",
45+
"url": "https://github.com/argoproj/argo-cd/security/advisories/GHSA-47g2-qmh2-749v"
46+
}
47+
],
48+
"database_specific": {
49+
"url": "https://pkg.go.dev/vuln/GO-2025-3437",
50+
"review_status": "UNREVIEWED"
51+
}
52+
}

0 commit comments

Comments
 (0)