Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

x/vulndb: potential Go vuln in github.com/KubeOperator/KubeOperator: CVE-2023-22480 #1496

Closed
GoVulnBot opened this issue Jan 14, 2023 · 3 comments
Closed

x/vulndb: potential Go vuln in github.com/KubeOperator/KubeOperator: CVE-2023-22480 #1496

GoVulnBot opened this issue Jan 14, 2023 · 3 comments
Assignees
@julieqiu
Labels
duplicate

Comments

@GoVulnBot
Copy link

CVE-2023-22480 references github.com/KubeOperator/KubeOperator, which may be a Go module.

Description:
KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.

References:

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/KubeOperator/KubeOperator
    packages:
      - package: KubeOperator
description: |
    KubeOperator is an open source Kubernetes distribution focused on helping enterprises plan, deploy and operate production-level K8s clusters. In KubeOperator versions 3.16.3 and below, API interfaces with unauthorized entities and can leak sensitive information. This vulnerability could be used to take over the cluster under certain conditions. This issue has been patched in version 3.16.4.
cves:
  - CVE-2023-22480
references:
  - web: https://github.com/KubeOperator/KubeOperator/security/advisories/GHSA-jxgp-jgh3-8jc8
  - fix: https://github.com/KubeOperator/KubeOperator/commit/7ef42bf1c16900d13e6376f8be5ecdbfdfb44aaf
  - web: https://github.com/KubeOperator/KubeOperator/releases/tag/v3.16.4
@julieqiu julieqiu added the excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable. label Jan 24, 2023
@julieqiu julieqiu self-assigned this Jan 30, 2023
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/464316 mentions this issue: data/excluded: batch add excluded reports

@julieqiu
Copy link
Member

Duplicate of #1466

@julieqiu julieqiu marked this as a duplicate of #1466 Jan 31, 2023
@julieqiu julieqiu added duplicate and removed excluded: NOT_IMPORTABLE This vulnerability only exists in a binary and is not importable. labels Jan 31, 2023
gopherbot pushed a commit that referenced this issue Jan 31, 2023
@julieqiu @gopherbot
data/excluded: batch add excluded reports
395ce96 
Add reports:
- GO-2023-1509
- GO-2023-1506
- GO-2023-1504
- GO-2023-1502
- GO-2023-1492
- GO-2023-1491
- GO-2023-1388
- GO-2023-1377
- GO-2023-1500
- GO-2023-1499
- GO-2023-1498
- GO-2023-1496
- GO-2023-1468
- GO-2023-1466
- GO-2023-1463
- GO-2023-1283

Fixes #1509
Fixes #1506
Fixes #1504
Fixes #1502
Fixes #1492
Fixes #1491
Fixes #1388
Fixes #1377
Fixes #1500
Fixes #1499
Fixes #1498
Fixes #1496
Fixes #1468
Fixes #1466
Fixes #1463
Fixes #1283

Change-Id: Ibe656933231f6f86ad496bd2d1a6c1c506c504cc
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/464316
Reviewed-by: Tatiana Bradley <tatianabradley@google.com>
Run-TryBot: Tatiana Bradley <tatianabradley@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>
Reviewed-by: Julie Qiu <julieqiu@google.com>
Run-TryBot: Julie Qiu <julieqiu@google.com>
Auto-Submit: Julie Qiu <julieqiu@google.com>
@gopherbot
Copy link
Contributor

Change https://go.dev/cl/592759 mentions this issue: data/reports: unexclude 75 reports

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@julieqiu julieqiu

Labels
duplicate
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@julieqiu @gopherbot @GoVulnBot