x/vulndb: potential Go vuln in github.com/vmware-tanzu/velero: CVE-2020-3996 #2303

tatianab · 2023-11-08T22:09:03Z

CVE-2020-3996 references github.com/vmware-tanzu/velero, which may be a Go module.

Description:
Velero (prior to 1.4.3 and 1.5.2) in some instances doesn’t properly manage volume identifiers which may result in information leakage to unauthorized users.

References:

NIST: https://nvd.nist.gov/vuln/detail/CVE-2020-3996
advisory: GHSA-72xg-3mcq-52v4
Imported by: https://pkg.go.dev/github.com/vmware-tanzu/velero?tab=importedby

Cross references:
No existing reports found with this module or alias.

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/vmware-tanzu/velero
      vulnerable_at: 1.12.1
      packages:
        - package: Velero
cves:
    - CVE-2020-3996
references:
    - advisory: https://github.com/vmware-tanzu/velero/security/advisories/GHSA-72xg-3mcq-52v4

The text was updated successfully, but these errors were encountered:

gopherbot · 2023-11-08T22:27:46Z

Change https://go.dev/cl/540721 mentions this issue: data/excluded: batch add 135 excluded reports

tatianab added the excluded: LEGACY_FALSE_POSITIVE (DO NOT USE) Vulnerability marked as false positive before we introduced the triage process label Nov 8, 2023

gopherbot closed this as completed in 497caf9 Nov 8, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/vmware-tanzu/velero: CVE-2020-3996 #2303

x/vulndb: potential Go vuln in github.com/vmware-tanzu/velero: CVE-2020-3996 #2303

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023

x/vulndb: potential Go vuln in github.com/vmware-tanzu/velero: CVE-2020-3996 #2303

x/vulndb: potential Go vuln in github.com/vmware-tanzu/velero: CVE-2020-3996 #2303

Comments

tatianab commented Nov 8, 2023

gopherbot commented Nov 8, 2023