data/reports: unexclude 20 reports (28)

  - data/reports/GO-2022-0985.yaml
  - data/reports/GO-2022-0986.yaml
  - data/reports/GO-2022-0987.yaml
  - data/reports/GO-2022-0989.yaml
  - data/reports/GO-2022-0995.yaml
  - data/reports/GO-2022-1000.yaml
  - data/reports/GO-2022-1006.yaml
  - data/reports/GO-2022-1014.yaml
  - data/reports/GO-2022-1015.yaml
  - data/reports/GO-2022-1019.yaml
  - data/reports/GO-2022-1021.yaml
  - data/reports/GO-2022-1023.yaml
  - data/reports/GO-2022-1029.yaml
  - data/reports/GO-2022-1032.yaml
  - data/reports/GO-2022-1033.yaml
  - data/reports/GO-2022-1060.yaml
  - data/reports/GO-2022-1062.yaml
  - data/reports/GO-2022-1065.yaml
  - data/reports/GO-2022-1066.yaml
  - data/reports/GO-2022-1067.yaml

Updates #985
Updates #986
Updates #987
Updates #989
Updates #995
Updates #1000
Updates #1006
Updates #1014
Updates #1015
Updates #1019
Updates #1021
Updates #1023
Updates #1029
Updates #1032
Updates #1033
Updates #1060
Updates #1062
Updates #1065
Updates #1066
Updates #1067

Change-Id: I27b6f79e1898a13040a758a71348464c5e7c72a9
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607230
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Reviewed-by: Damien Neil <dneil@google.com>
Commit-Queue: Tatiana Bradley <tatianabradley@google.com>

data/osv/GO-2022-0985.json

@@ -0,0 +1,64 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2022-0985",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2022-36109",
+ "GHSA-rc4r-wh2q-q6c4"
+ ],
+ "summary": "Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker",
+ "details": "Docker supplementary group permissions not set up properly, allowing attackers to bypass primary group restrictions in github.com/docker/docker",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/docker/docker",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "20.10.18+incompatible"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/moby/moby/security/advisories/GHSA-rc4r-wh2q-q6c4"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36109"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/moby/moby/commit/de7af816e76a7fd3fbf06bffa6832959289fba32"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/moby/moby/releases/tag/v20.10.18"
+ },
+ {
+ "type": "WEB",
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/O7JL2QA3RB732MLJ3RMUXB3IB7AA22YU"
+ },
+ {
+ "type": "WEB",
+ "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/RQQ4E3JBXVR3VK5FIZVJ3QS2TAOOXXTQ"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0985",
+ "review_status": "UNREVIEWED"
+ }
+}

data/osv/GO-2022-0986.json

@@ -0,0 +1,52 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2022-0986",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2022-36110",
+ "GHSA-ggf6-638m-vqmg"
+ ],
+ "summary": "Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker",
+ "details": "Netmaker vulnerable to Insufficient Granularity of Access Control in github.com/gravitl/netmaker",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/gravitl/netmaker",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.15.1"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/gravitl/netmaker/security/advisories/GHSA-ggf6-638m-vqmg"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-36110"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/gravitl/netmaker/releases/tag/v0.15.1"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0986",
+ "review_status": "UNREVIEWED"
+ }
+}

data/osv/GO-2022-0987.json

@@ -0,0 +1,64 @@
+{
+ "schema_version": "1.3.1",
+ "id": "GO-2022-0987",
+ "modified": "0001-01-01T00:00:00Z",
+ "published": "0001-01-01T00:00:00Z",
+ "aliases": [
+ "CVE-2022-25295",
+ "GHSA-hvw3-p9px-gpc9"
+ ],
+ "summary": "Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish",
+ "details": "Gophish before 0.12.0 vulnerable to Open Redirect in github.com/gophish/gophish",
+ "affected": [
+ {
+ "package": {
+ "name": "github.com/gophish/gophish",
+ "ecosystem": "Go"
+ },
+ "ranges": [
+ {
+ "type": "SEMVER",
+ "events": [
+ {
+ "introduced": "0"
+ },
+ {
+ "fixed": "0.12.0"
+ }
+ ]
+ }
+ ],
+ "ecosystem_specific": {}
+ }
+ ],
+ "references": [
+ {
+ "type": "ADVISORY",
+ "url": "https://github.com/advisories/GHSA-hvw3-p9px-gpc9"
+ },
+ {
+ "type": "ADVISORY",
+ "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-25295"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/gophish/gophish/commit/2a452bda89ffdb85f929fa78290bce1f456881dc"
+ },
+ {
+ "type": "FIX",
+ "url": "https://github.com/gophish/gophish/pull/2262"
+ },
+ {
+ "type": "WEB",
+ "url": "https://github.com/gophish/gophish/releases/tag/v0.12.0"
+ },
+ {
+ "type": "WEB",
+ "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMGOPHISHGOPHISH-2404177"
+ }
+ ],
+ "database_specific": {
+ "url": "https://pkg.go.dev/vuln/GO-2022-0987",
+ "review_status": "UNREVIEWED"
+ }
+}