vulndb/data/osv/GO-2024-3223.json

{
  "schema_version": "1.3.1",
  "id": "GO-2024-3223",
  "modified": "0001-01-01T00:00:00Z",
  "published": "0001-01-01T00:00:00Z",
  "aliases": [
    "CVE-2022-45157",
    "GHSA-xj7w-r753-vj8v"
  ],
  "summary": "Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher",
  "details": "Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.8.9, from v2.9.0 before v2.9.3.",
  "affected": [
    {
      "package": {
        "name": "github.com/rancher/rancher",
        "ecosystem": "Go"
      },
      "ranges": [
        {
          "type": "SEMVER",
          "events": [
            {
              "introduced": "0"
            }
          ]
        }
      ],
      "ecosystem_specific": {
        "custom_ranges": [
          {
            "type": "ECOSYSTEM",
            "events": [
              {
                "introduced": "2.7.0"
              },
              {
                "fixed": "2.8.9"
              },
              {
                "introduced": "2.9.0"
              },
              {
                "fixed": "2.9.3"
              }
            ]
          }
        ]
      }
    }
  ],
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8v"
    }
  ],
  "database_specific": {
    "url": "https://pkg.go.dev/vuln/GO-2024-3223",
    "review_status": "UNREVIEWED"
  }
}
data/reports: add 16 unreviewed reports - data/reports/GO-2024-3207.yaml - data/reports/GO-2024-3208.yaml - data/reports/GO-2024-3210.yaml - data/reports/GO-2024-3211.yaml - data/reports/GO-2024-3212.yaml - data/reports/GO-2024-3213.yaml - data/reports/GO-2024-3214.yaml - data/reports/GO-2024-3215.yaml - data/reports/GO-2024-3216.yaml - data/reports/GO-2024-3217.yaml - data/reports/GO-2024-3219.yaml - data/reports/GO-2024-3220.yaml - data/reports/GO-2024-3221.yaml - data/reports/GO-2024-3222.yaml - data/reports/GO-2024-3223.yaml - data/reports/GO-2024-3224.yaml Fixes golang/vulndb#3207 Fixes golang/vulndb#3208 Fixes golang/vulndb#3210 Fixes golang/vulndb#3211 Fixes golang/vulndb#3212 Fixes golang/vulndb#3213 Fixes golang/vulndb#3214 Fixes golang/vulndb#3215 Fixes golang/vulndb#3216 Fixes golang/vulndb#3217 Fixes golang/vulndb#3219 Fixes golang/vulndb#3220 Fixes golang/vulndb#3221 Fixes golang/vulndb#3222 Fixes golang/vulndb#3223 Fixes golang/vulndb#3224 Change-Id: I194a8c99c011c5855a50ecd5069b628a1d36746a Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/622835 LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> Reviewed-by: Zvonimir Pavlinovic <zpavlinovic@google.com> 2024-10-28 18:09:24 +03:00			`{`
			`"schema_version": "1.3.1",`
			`"id": "GO-2024-3223",`
			`"modified": "0001-01-01T00:00:00Z",`
			`"published": "0001-01-01T00:00:00Z",`
			`"aliases": [`
			`"CVE-2022-45157",`
			`"GHSA-xj7w-r753-vj8v"`
			`],`
			`"summary": "Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher",`
			`"details": "Exposure of vSphere's CPI and CSI credentials in Rancher in github.com/rancher/rancher.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/rancher/rancher from v2.7.0 before v2.8.9, from v2.9.0 before v2.9.3.",`
			`"affected": [`
			`{`
			`"package": {`
			`"name": "github.com/rancher/rancher",`
			`"ecosystem": "Go"`
			`},`
			`"ranges": [`
			`{`
			`"type": "SEMVER",`
			`"events": [`
			`{`
			`"introduced": "0"`
			`}`
			`]`
			`}`
			`],`
			`"ecosystem_specific": {`
			`"custom_ranges": [`
			`{`
			`"type": "ECOSYSTEM",`
			`"events": [`
			`{`
			`"introduced": "2.7.0"`
			`},`
			`{`
			`"fixed": "2.8.9"`
			`},`
			`{`
			`"introduced": "2.9.0"`
			`},`
			`{`
			`"fixed": "2.9.3"`
			`}`
			`]`
			`}`
			`]`
			`}`
			`}`
			`],`
			`"references": [`
			`{`
			`"type": "ADVISORY",`
			`"url": "https://github.com/rancher/rancher/security/advisories/GHSA-xj7w-r753-vj8v"`
			`}`
			`],`
			`"database_specific": {`
			`"url": "https://pkg.go.dev/vuln/GO-2024-3223",`
			`"review_status": "UNREVIEWED"`
			`}`
			`}`