From e43ca70a0296e679683c772a653390b26e3b0769 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 14:43:51 +0000 Subject: [PATCH 001/115] Adding detection events for hubble-ui-backend (#3105) * Adding Advisory GHSA-68mj-9pjq-mc85 for hubble-ui-backend * Adding Advisory GHSA-j89h-qrvr-xc36 for hubble-ui-backend * Adding Advisory GHSA-v6q2-4qr3-5cw6 for hubble-ui-backend --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- hubble-ui.advisories.yaml | 51 +++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/hubble-ui.advisories.yaml b/hubble-ui.advisories.yaml index b2cc3268a..77a550dd9 100644 --- a/hubble-ui.advisories.yaml +++ b/hubble-ui.advisories.yaml @@ -77,3 +77,54 @@ advisories: type: fixed data: fixed-version: 0.13.0-r2 + + - id: CVE-2024-28248 + aliases: + - GHSA-68mj-9pjq-mc85 + events: + - timestamp: 2024-03-19T09:09:02Z + type: detection + data: + type: scan/v1 + data: + subpackageName: hubble-ui-backend + componentID: 5c42cb480883a6b5 + componentName: github.com/cilium/cilium + componentVersion: v1.15.0 + componentType: go-module + componentLocation: /usr/bin/backend + scanner: grype + + - id: CVE-2024-28249 + aliases: + - GHSA-j89h-qrvr-xc36 + events: + - timestamp: 2024-03-19T09:09:05Z + type: detection + data: + type: scan/v1 + data: + subpackageName: hubble-ui-backend + componentID: 5c42cb480883a6b5 + componentName: github.com/cilium/cilium + componentVersion: v1.15.0 + componentType: go-module + componentLocation: /usr/bin/backend + scanner: grype + + - id: CVE-2024-28250 + aliases: + - GHSA-v6q2-4qr3-5cw6 + events: + - timestamp: 2024-03-19T09:09:06Z + type: detection + data: + type: scan/v1 + data: + subpackageName: hubble-ui-backend + componentID: 5c42cb480883a6b5 + componentName: github.com/cilium/cilium + componentVersion: v1.15.0 + componentType: go-module + componentLocation: /usr/bin/backend + scanner: grype From d84e1de9038723d124555360b6e6b40f86fd456a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 14:43:53 +0000 Subject: [PATCH 002/115] Adding Advisory GHSA-qmgx-j96g-4428 for opensearch-2-security (#3106) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- opensearch-2.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/opensearch-2.advisories.yaml b/opensearch-2.advisories.yaml index 8829a20bb..76104aad3 100644 --- a/opensearch-2.advisories.yaml +++ b/opensearch-2.advisories.yaml @@ -90,3 +90,20 @@ advisories: type: fixed data: fixed-version: 2.12.0-r1 + + - id: CVE-2024-28752 + aliases: + - GHSA-qmgx-j96g-4428 + events: + - timestamp: 2024-03-19T09:08:06Z + type: detection + data: + type: scan/v1 + data: + subpackageName: opensearch-2-security + componentID: 52a961a22760ca4d + componentName: cxf-core + componentVersion: 4.0.3 + componentType: java-archive + componentLocation: /usr/share/opensearch/plugins/opensearch-security/cxf-core-4.0.3.jar + scanner: grype From eb31479d9dc0c78f571e3e6ed8da01735ed911a8 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 14:43:55 +0000 Subject: [PATCH 003/115] Adding Fixed Advisory GHSA-x32m-mvfj-52xv for argo-cd-2.10 (#3107) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- argo-cd-2.10.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/argo-cd-2.10.advisories.yaml b/argo-cd-2.10.advisories.yaml index a253fe748..78818a56f 100644 --- a/argo-cd-2.10.advisories.yaml +++ b/argo-cd-2.10.advisories.yaml @@ -4,6 +4,15 @@ package: name: argo-cd-2.10 advisories: + - id: CVE-2024-21652 + aliases: + - GHSA-x32m-mvfj-52xv + events: + - timestamp: 2024-03-19T10:19:27Z + type: fixed + data: + fixed-version: 2.10.4-r0 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 03abed076a6cccfaf5b730015abcfb68e51ab6a9 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 14:43:56 +0000 Subject: [PATCH 004/115] Adding Fixed Advisory GHSA-8r3f-844c-mc37 for docker-compose (#3108) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- docker-compose.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-compose.advisories.yaml b/docker-compose.advisories.yaml index 7302d5f59..371ae6294 100644 --- a/docker-compose.advisories.yaml +++ b/docker-compose.advisories.yaml @@ -41,3 +41,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/docker-compose scanner: grype + - timestamp: 2024-03-19T12:28:56Z + type: fixed + data: + fixed-version: 2.25.0-r1 From c56a602d259835fec468bea6a7fddc265d377f36 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 16:43:29 +0000 Subject: [PATCH 005/115] Adding fixed events for spicedb (#3110) * Adding Fixed Advisory GHSA-7jwh-3vrq-q3m8 for spicedb * Adding Fixed Advisory GHSA-mrww-27vc-gghv for spicedb --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- spicedb.advisories.yaml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) diff --git a/spicedb.advisories.yaml b/spicedb.advisories.yaml index a9bd07df8..293130997 100644 --- a/spicedb.advisories.yaml +++ b/spicedb.advisories.yaml @@ -32,3 +32,19 @@ advisories: type: fixed data: fixed-version: 1.29.5-r0 + + - id: CVE-2024-27304 + aliases: + - GHSA-mrww-27vc-gghv + events: + - timestamp: 2024-03-19T15:46:32Z + type: fixed + data: + fixed-version: 1.30.0-r0 + + - id: GHSA-7jwh-3vrq-q3m8 + events: + - timestamp: 2024-03-19T15:46:30Z + type: fixed + data: + fixed-version: 1.30.0-r0 From 97341970e6be40c0c26e47d61d8df924c4100c69 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 16:43:31 +0000 Subject: [PATCH 006/115] Adding detection events for confluent-common-docker (#3111) * Adding Advisory GHSA-6qvw-249j-h44c for confluent-common-docker * Adding Advisory GHSA-r978-9m6m-6gm6 for confluent-common-docker --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- confluent-common-docker.advisories.yaml | 39 +++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 confluent-common-docker.advisories.yaml diff --git a/confluent-common-docker.advisories.yaml b/confluent-common-docker.advisories.yaml new file mode 100644 index 000000000..bc5485b0a --- /dev/null +++ b/confluent-common-docker.advisories.yaml @@ -0,0 +1,39 @@ +schema-version: 2.0.2 + +package: + name: confluent-common-docker + +advisories: + - id: CVE-2023-51775 + aliases: + - GHSA-6qvw-249j-h44c + events: + - timestamp: 2024-03-19T16:20:01Z + type: detection + data: + type: scan/v1 + data: + subpackageName: confluent-common-docker + componentID: bc7e78f5849d3b9b + componentName: jose4j + componentVersion: 0.9.3 + componentType: java-archive + componentLocation: /usr/share/java/cp-base-new/docker-utils-jar-with-dependencies.jar + scanner: grype + + - id: CVE-2024-23944 + aliases: + - GHSA-r978-9m6m-6gm6 + events: + - timestamp: 2024-03-19T16:20:02Z + type: detection + data: + type: scan/v1 + data: + subpackageName: confluent-common-docker + componentID: 3b6ce91dccc68f33 + componentName: zookeeper + componentVersion: 3.8.3 + componentType: java-archive + componentLocation: /usr/share/java/cp-base-new/docker-utils-jar-with-dependencies.jar + scanner: grype From 9881a35e6b59169a06e2e5d72ecea2144b8104b3 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 18:43:27 +0000 Subject: [PATCH 007/115] Adding fixed events for jenkins (#3112) * Adding Fixed Advisory GHSA-f3jh-qvm4-mg39 for jenkins * Adding Fixed Advisory GHSA-hgjh-9rj2-g67j for jenkins --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- jenkins.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/jenkins.advisories.yaml b/jenkins.advisories.yaml index a84e5e835..148f81e41 100644 --- a/jenkins.advisories.yaml +++ b/jenkins.advisories.yaml @@ -142,6 +142,24 @@ advisories: data: fixed-version: 2.446-r0 + - id: CVE-2024-22257 + aliases: + - GHSA-f3jh-qvm4-mg39 + events: + - timestamp: 2024-03-19T18:01:55Z + type: fixed + data: + fixed-version: 2.450-r0 + + - id: CVE-2024-22259 + aliases: + - GHSA-hgjh-9rj2-g67j + events: + - timestamp: 2024-03-19T18:01:59Z + type: fixed + data: + fixed-version: 2.450-r0 + - id: CVE-2024-23897 aliases: - GHSA-6f9g-cxwr-q5jr From 52a1769ef441859376c597a1e16e10e521b02d0e Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 19 Mar 2024 23:43:16 +0000 Subject: [PATCH 008/115] Adding fixed events for kots (#3115) * Adding Fixed Advisory GHSA-mrww-27vc-gghv for kots * Adding Fixed Advisory GHSA-8r3f-844c-mc37 for kots * Adding Fixed Advisory GHSA-7jwh-3vrq-q3m8 for kots * Adding Fixed Advisory GHSA-m7wr-2xf7-cm9p for kots --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kots.advisories.yaml | 29 +++++++++++++++++++++++++++++ 1 file changed, 29 insertions(+) diff --git a/kots.advisories.yaml b/kots.advisories.yaml index dfa92290f..78dbcbd8f 100644 --- a/kots.advisories.yaml +++ b/kots.advisories.yaml @@ -159,6 +159,15 @@ advisories: data: fixed-version: 1.107.0-r1 + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-19T22:48:46Z + type: fixed + data: + fixed-version: 1.108.1-r0 + - id: CVE-2024-25620 aliases: - GHSA-v53g-5gjp-272r @@ -217,6 +226,19 @@ advisories: componentType: go-module componentLocation: /usr/bin/kotsadm scanner: grype + - timestamp: 2024-03-19T22:48:57Z + type: fixed + data: + fixed-version: 1.108.1-r0 + + - id: CVE-2024-27304 + aliases: + - GHSA-mrww-27vc-gghv + events: + - timestamp: 2024-03-19T22:48:38Z + type: fixed + data: + fixed-version: 1.108.1-r0 - id: CVE-2024-28180 aliases: @@ -254,6 +276,13 @@ advisories: type: vulnerable-code-version-not-used note: Vulnerability exists only on Windows. + - id: GHSA-7jwh-3vrq-q3m8 + events: + - timestamp: 2024-03-19T22:48:52Z + type: fixed + data: + fixed-version: 1.108.1-r0 + - id: GHSA-7ww5-4wqc-m92c events: - timestamp: 2023-12-20T11:25:16Z From 5f775748b0ff29b3044b3faacb133b5e9b43f1c4 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 01:01:59 +0000 Subject: [PATCH 009/115] Adding Fixed Advisory GHSA-8r3f-844c-mc37 for golangci-lint (#3116) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- golangci-lint.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/golangci-lint.advisories.yaml b/golangci-lint.advisories.yaml index dbe6a3d54..e6c0d89eb 100644 --- a/golangci-lint.advisories.yaml +++ b/golangci-lint.advisories.yaml @@ -85,3 +85,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/golangci-lint scanner: grype + - timestamp: 2024-03-20T00:45:09Z + type: fixed + data: + fixed-version: 1.57.0-r0 From 9dab4951dd97e191941c6b07df05eddf119663ac Mon Sep 17 00:00:00 2001 From: "dependabot[bot]" <49699333+dependabot[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 09:04:19 +0100 Subject: [PATCH 010/115] Bump the actions group with 1 update (#3113) Bumps the actions group with 1 update: [rtCamp/action-slack-notify](https://github.com/rtcamp/action-slack-notify). Updates `rtCamp/action-slack-notify` from 2.2.1 to 2.3.0 - [Release notes](https://github.com/rtcamp/action-slack-notify/releases) - [Commits](https://github.com/rtcamp/action-slack-notify/compare/b24d75fe0e728a4bf9fc42ee217caa686d141ee8...4e5fb42d249be6a45a298f3c9543b111b02f7907) --- updated-dependencies: - dependency-name: rtCamp/action-slack-notify dependency-type: direct:production update-type: version-update:semver-minor dependency-group: actions ... Signed-off-by: dependabot[bot] Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com> --- .github/workflows/bigquery-ingestion.yaml | 2 +- .github/workflows/build-and-publish-secdb.yaml | 2 +- .github/workflows/build-and-publish-yaml.yaml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/bigquery-ingestion.yaml b/.github/workflows/bigquery-ingestion.yaml index 4049e2581..66613b46d 100644 --- a/.github/workflows/bigquery-ingestion.yaml +++ b/.github/workflows/bigquery-ingestion.yaml @@ -36,7 +36,7 @@ jobs: gcloud run jobs execute --region us-central1 cve-advisory-cron - name: Post failure notice to Slack - uses: rtCamp/action-slack-notify@b24d75fe0e728a4bf9fc42ee217caa686d141ee8 # ratchet:rtCamp/action-slack-notify@v2.2.1 + uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # ratchet:rtCamp/action-slack-notify@v2.3.0 if: ${{ failure() }} env: SLACK_ICON: http://github.com/chainguard-dev.png?size=48 diff --git a/.github/workflows/build-and-publish-secdb.yaml b/.github/workflows/build-and-publish-secdb.yaml index ec461a3cc..4cdd5925b 100644 --- a/.github/workflows/build-and-publish-secdb.yaml +++ b/.github/workflows/build-and-publish-secdb.yaml @@ -29,7 +29,7 @@ jobs: gcs_apk_directory_name: os - name: Post failure notice to Slack - uses: rtCamp/action-slack-notify@b24d75fe0e728a4bf9fc42ee217caa686d141ee8 # ratchet:rtCamp/action-slack-notify@v2.2.1 + uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # ratchet:rtCamp/action-slack-notify@v2.3.0 if: ${{ failure() }} env: SLACK_ICON: http://github.com/chainguard-dev.png?size=48 diff --git a/.github/workflows/build-and-publish-yaml.yaml b/.github/workflows/build-and-publish-yaml.yaml index 4e1516ec9..694ec3ca6 100644 --- a/.github/workflows/build-and-publish-yaml.yaml +++ b/.github/workflows/build-and-publish-yaml.yaml @@ -29,7 +29,7 @@ jobs: gcs_apk_directory_name: os - name: Post failure notice to Slack - uses: rtCamp/action-slack-notify@b24d75fe0e728a4bf9fc42ee217caa686d141ee8 # ratchet:rtCamp/action-slack-notify@v2.2.1 + uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # ratchet:rtCamp/action-slack-notify@v2.3.0 if: ${{ failure() }} env: SLACK_ICON: http://github.com/chainguard-dev.png?size=48 From 20277fd574710d4e24a0d82445c88085be26cd8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20T=C3=BCrkal?= Date: Wed, 20 Mar 2024 14:14:24 +0300 Subject: [PATCH 011/115] update adv for confluent-common-docker (#3114) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Furkan Türkal --- confluent-common-docker.advisories.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/confluent-common-docker.advisories.yaml b/confluent-common-docker.advisories.yaml index bc5485b0a..e41ffc7e8 100644 --- a/confluent-common-docker.advisories.yaml +++ b/confluent-common-docker.advisories.yaml @@ -20,6 +20,10 @@ advisories: componentType: java-archive componentLocation: /usr/share/java/cp-base-new/docker-utils-jar-with-dependencies.jar scanner: grype + - timestamp: 2024-03-20T07:06:26Z + type: pending-upstream-fix + data: + note: Confluent should publish the latest version of common package to their maven repository. They do not have any jars/poms past 7.6.x but they have 7.7.x tags in their GitHub repository. - id: CVE-2024-23944 aliases: @@ -37,3 +41,7 @@ advisories: componentType: java-archive componentLocation: /usr/share/java/cp-base-new/docker-utils-jar-with-dependencies.jar scanner: grype + - timestamp: 2024-03-20T07:06:26Z + type: pending-upstream-fix + data: + note: Confluent should publish the latest version of common package to their maven repository. They do not have any jars/poms past 7.6.x but they have 7.7.x tags in their GitHub repository. From 1e9765981b80f12f852ce1ef6cae9f4ef299003b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 14:43:29 +0000 Subject: [PATCH 012/115] Adding Advisory GHSA-8r3f-844c-mc37 for coredns (#3117) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- coredns.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/coredns.advisories.yaml b/coredns.advisories.yaml index ec6b764b3..427fdae28 100644 --- a/coredns.advisories.yaml +++ b/coredns.advisories.yaml @@ -166,3 +166,20 @@ advisories: componentType: go-module componentLocation: /usr/bin/coredns scanner: grype + + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-20T09:04:10Z + type: detection + data: + type: scan/v1 + data: + subpackageName: coredns + componentID: fe1ad1ac5d63ddd3 + componentName: google.golang.org/protobuf + componentVersion: v1.31.0 + componentType: go-module + componentLocation: /usr/bin/coredns + scanner: grype From e310093529dbb60ce5f46e062e641b6d8c708adb Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 14:43:31 +0000 Subject: [PATCH 013/115] Adding detection events for cilium-1.14 (#3118) * Adding Advisory CVE-2024-28248 for cilium-1.14 * Adding Advisory CVE-2024-28249 for cilium-1.14 * Adding Advisory CVE-2024-28250 for cilium-1.14 --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cilium-1.14.advisories.yaml | 51 +++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) diff --git a/cilium-1.14.advisories.yaml b/cilium-1.14.advisories.yaml index 87b258325..a05e64ec6 100644 --- a/cilium-1.14.advisories.yaml +++ b/cilium-1.14.advisories.yaml @@ -29,3 +29,54 @@ advisories: type: fixed data: fixed-version: 1.14.7-r0 + + - id: CVE-2024-28248 + aliases: + - GHSA-68mj-9pjq-mc85 + events: + - timestamp: 2024-03-20T10:04:09Z + type: detection + data: + type: scan/v1 + data: + subpackageName: cilium-1.14 + componentID: 1810fb8fac7342e0 + componentName: cilium-1.14 + componentVersion: 1.14.7-r0 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype + + - id: CVE-2024-28249 + aliases: + - GHSA-j89h-qrvr-xc36 + events: + - timestamp: 2024-03-20T10:04:10Z + type: detection + data: + type: scan/v1 + data: + subpackageName: cilium-1.14 + componentID: 1810fb8fac7342e0 + componentName: cilium-1.14 + componentVersion: 1.14.7-r0 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype + + - id: CVE-2024-28250 + aliases: + - GHSA-v6q2-4qr3-5cw6 + events: + - timestamp: 2024-03-20T10:04:10Z + type: detection + data: + type: scan/v1 + data: + subpackageName: cilium-1.14 + componentID: 1810fb8fac7342e0 + componentName: cilium-1.14 + componentVersion: 1.14.7-r0 + componentType: apk + componentLocation: /.PKGINFO + scanner: grype From 79efdf00fbaa152bbd369425833f389bbfa04fd3 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 15:43:52 +0000 Subject: [PATCH 014/115] Adding Fixed Advisory CVE-2023-5680 for bind (#3120) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- bind.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/bind.advisories.yaml b/bind.advisories.yaml index fc7712535..57e7471be 100644 --- a/bind.advisories.yaml +++ b/bind.advisories.yaml @@ -488,6 +488,10 @@ advisories: componentType: apk componentLocation: /.PKGINFO scanner: grype + - timestamp: 2024-03-20T15:41:12Z + type: fixed + data: + fixed-version: 9.18.25-r0 - id: CVE-2023-6516 aliases: From 01849530d65308725b5746979eb98d7aa99868e9 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 19:43:26 +0000 Subject: [PATCH 015/115] Adding Fixed Advisory GHSA-8r3f-844c-mc37 for gh (#3121) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- gh.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/gh.advisories.yaml b/gh.advisories.yaml index e22574b85..1a63cecb4 100644 --- a/gh.advisories.yaml +++ b/gh.advisories.yaml @@ -65,3 +65,12 @@ advisories: type: fixed data: fixed-version: 2.45.0-r1 + + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-20T18:43:44Z + type: fixed + data: + fixed-version: 2.46.0-r0 From b7e95919162c66ffa70eeedb18d7a027d286a02f Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 22:43:17 +0000 Subject: [PATCH 016/115] Adding fixed events for vite (#3123) * Adding Fixed Advisory CVE-2024-24783 for vite * Adding Fixed Advisory CVE-2024-24784 for vite * Adding Fixed Advisory CVE-2023-45290 for vite * Adding Fixed Advisory CVE-2024-24785 for vite * Adding Fixed Advisory CVE-2023-45289 for vite --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- vite.advisories.yaml | 20 ++++++++++++++++++++ 1 file changed, 20 insertions(+) diff --git a/vite.advisories.yaml b/vite.advisories.yaml index cc1afa87a..f76abbe76 100644 --- a/vite.advisories.yaml +++ b/vite.advisories.yaml @@ -20,6 +20,10 @@ advisories: componentType: go-module componentLocation: /usr/lib/node_modules/vite/node_modules/@esbuild/linux-x64/bin/esbuild scanner: grype + - timestamp: 2024-03-20T22:06:56Z + type: fixed + data: + fixed-version: 5.2.2-r0 - id: CVE-2023-45290 aliases: @@ -37,6 +41,10 @@ advisories: componentType: go-module componentLocation: /usr/lib/node_modules/vite/node_modules/@esbuild/linux-x64/bin/esbuild scanner: grype + - timestamp: 2024-03-20T22:06:53Z + type: fixed + data: + fixed-version: 5.2.2-r0 - id: CVE-2024-23331 aliases: @@ -63,6 +71,10 @@ advisories: componentType: go-module componentLocation: /usr/lib/node_modules/vite/node_modules/@esbuild/linux-x64/bin/esbuild scanner: grype + - timestamp: 2024-03-20T22:06:47Z + type: fixed + data: + fixed-version: 5.2.2-r0 - id: CVE-2024-24784 aliases: @@ -80,6 +92,10 @@ advisories: componentType: go-module componentLocation: /usr/lib/node_modules/vite/node_modules/@esbuild/linux-x64/bin/esbuild scanner: grype + - timestamp: 2024-03-20T22:06:51Z + type: fixed + data: + fixed-version: 5.2.2-r0 - id: CVE-2024-24785 aliases: @@ -97,3 +113,7 @@ advisories: componentType: go-module componentLocation: /usr/lib/node_modules/vite/node_modules/@esbuild/linux-x64/bin/esbuild scanner: grype + - timestamp: 2024-03-20T22:06:55Z + type: fixed + data: + fixed-version: 5.2.2-r0 From 592e2be849c95c60cd3f7f0995741c1657bad65a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Wed, 20 Mar 2024 22:43:19 +0000 Subject: [PATCH 017/115] Adding Fixed Advisory GHSA-jw44-4f3j-q396 for k9s (#3124) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- k9s.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/k9s.advisories.yaml b/k9s.advisories.yaml index 2a5fbaa1c..be86de485 100644 --- a/k9s.advisories.yaml +++ b/k9s.advisories.yaml @@ -20,6 +20,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/k9s scanner: grype + - timestamp: 2024-03-20T22:07:03Z + type: fixed + data: + fixed-version: 0.32.4-r0 - id: CVE-2024-21626 aliases: From 54dc763c5a623f21c66e871e1fa1f5bc1918b907 Mon Sep 17 00:00:00 2001 From: Phil Date: Wed, 20 Mar 2024 16:50:14 -0700 Subject: [PATCH 018/115] go: File advisories for EOL packages (#3125) Signed-off-by: Philippe Deslauriers --- go-1.19.advisories.yaml | 20 ++++++++++++++++++++ go-1.20.advisories.yaml | 20 ++++++++++++++++++++ go-fips-1.20.advisories.yaml | 20 ++++++++++++++++++++ 3 files changed, 60 insertions(+) diff --git a/go-1.19.advisories.yaml b/go-1.19.advisories.yaml index 8bd61577e..f87b1da69 100644 --- a/go-1.19.advisories.yaml +++ b/go-1.19.advisories.yaml @@ -259,6 +259,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.19 is no longer supported upstream. - id: CVE-2023-45290 aliases: @@ -276,6 +280,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.19 is no longer supported upstream. - id: CVE-2024-24783 aliases: @@ -293,6 +301,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.19 is no longer supported upstream. - id: CVE-2024-24784 aliases: @@ -310,6 +322,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.19 is no longer supported upstream. - id: CVE-2024-24785 aliases: @@ -327,3 +343,7 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.19 is no longer supported upstream. diff --git a/go-1.20.advisories.yaml b/go-1.20.advisories.yaml index b254158d2..0cca9384c 100644 --- a/go-1.20.advisories.yaml +++ b/go-1.20.advisories.yaml @@ -163,6 +163,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2023-45290 aliases: @@ -180,6 +184,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2024-24783 aliases: @@ -197,6 +205,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2024-24784 aliases: @@ -214,6 +226,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2024-24785 aliases: @@ -231,3 +247,7 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. diff --git a/go-fips-1.20.advisories.yaml b/go-fips-1.20.advisories.yaml index 37d357a9a..7b2af1ba0 100644 --- a/go-fips-1.20.advisories.yaml +++ b/go-fips-1.20.advisories.yaml @@ -127,6 +127,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2023-45290 aliases: @@ -144,6 +148,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2024-24783 aliases: @@ -161,6 +169,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2024-24784 aliases: @@ -178,6 +190,10 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. - id: CVE-2024-24785 aliases: @@ -195,3 +211,7 @@ advisories: componentType: binary componentLocation: /usr/lib/go/bin/go scanner: grype + - timestamp: 2024-03-20T23:17:34Z + type: fix-not-planned + data: + note: Go 1.20 is no longer supported upstream. From 998d299bc734d4e88de14bf0df6b10b881e0bad4 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 01:14:15 +0100 Subject: [PATCH 019/115] Adding Fixed Advisory GHSA-8r3f-844c-mc37 for tkn (#3119) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- tkn.advisories.yaml | 45 ++++++++++++++++++++++++++++----------------- 1 file changed, 28 insertions(+), 17 deletions(-) diff --git a/tkn.advisories.yaml b/tkn.advisories.yaml index 557d370de..5cffa6d6b 100644 --- a/tkn.advisories.yaml +++ b/tkn.advisories.yaml @@ -90,47 +90,58 @@ advisories: data: fixed-version: 0.33.0-r3 - - id: GHSA-2c7c-3mj9-8fqh + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 events: - - timestamp: 2023-12-16T00:06:20Z + - timestamp: 2024-03-20T15:31:45Z type: fixed data: - fixed-version: 0.33.0-r2 + fixed-version: 0.36.0-r0 - - id: GHSA-9763-4f94-gfch + - id: CVE-2024-28180 + aliases: + - GHSA-c5q2-7r4c-mv6g events: - - timestamp: 2024-01-11T07:20:04Z + - timestamp: 2024-03-08T07:32:23Z type: detection data: type: scan/v1 data: subpackageName: tkn - componentID: 6d101837d2732305 - componentName: github.com/cloudflare/circl - componentVersion: v1.3.5 + componentID: ce15493f84f159f4 + componentName: github.com/go-jose/go-jose/v3 + componentVersion: v3.0.1 componentType: go-module componentLocation: /usr/bin/tkn scanner: grype - - timestamp: 2024-01-24T07:11:50Z + - timestamp: 2024-03-08T15:57:40Z type: fixed data: - fixed-version: 0.34.0-r0 + fixed-version: 0.35.1-r2 + + - id: GHSA-2c7c-3mj9-8fqh + events: + - timestamp: 2023-12-16T00:06:20Z + type: fixed + data: + fixed-version: 0.33.0-r2 - - id: GHSA-c5q2-7r4c-mv6g + - id: GHSA-9763-4f94-gfch events: - - timestamp: 2024-03-08T07:32:23Z + - timestamp: 2024-01-11T07:20:04Z type: detection data: type: scan/v1 data: subpackageName: tkn - componentID: ce15493f84f159f4 - componentName: github.com/go-jose/go-jose/v3 - componentVersion: v3.0.1 + componentID: 6d101837d2732305 + componentName: github.com/cloudflare/circl + componentVersion: v1.3.5 componentType: go-module componentLocation: /usr/bin/tkn scanner: grype - - timestamp: 2024-03-08T15:57:40Z + - timestamp: 2024-01-24T07:11:50Z type: fixed data: - fixed-version: 0.35.1-r2 + fixed-version: 0.34.0-r0 From c90a4006b065d31e36e65a10549519034e88cbbc Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 01:15:37 +0100 Subject: [PATCH 020/115] Adding Advisory GHSA-8r3f-844c-mc37 for tekton-chains (#3122) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- tekton-chains.advisories.yaml | 43 +++++++++++++++++++++++++---------- 1 file changed, 31 insertions(+), 12 deletions(-) diff --git a/tekton-chains.advisories.yaml b/tekton-chains.advisories.yaml index 43827426d..7a2fbb46c 100644 --- a/tekton-chains.advisories.yaml +++ b/tekton-chains.advisories.yaml @@ -79,21 +79,26 @@ advisories: data: fixed-version: 0.19.0-r6 - - id: GHSA-2c7c-3mj9-8fqh - events: - - timestamp: 2023-12-14T09:33:13Z - type: fixed - data: - fixed-version: 0.19.0-r3 - - - id: GHSA-9763-4f94-gfch + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 events: - - timestamp: 2024-01-24T07:48:56Z - type: fixed + - timestamp: 2024-03-20T22:06:53Z + type: detection data: - fixed-version: 0.19.0-r6 + type: scan/v1 + data: + subpackageName: tekton-chains + componentID: 775e84de213e32a7 + componentName: google.golang.org/protobuf + componentVersion: v1.32.0 + componentType: go-module + componentLocation: /usr/bin/tekton-chains + scanner: grype - - id: GHSA-c5q2-7r4c-mv6g + - id: CVE-2024-28180 + aliases: + - GHSA-c5q2-7r4c-mv6g events: - timestamp: 2024-03-08T07:18:57Z type: detection @@ -112,6 +117,20 @@ advisories: data: fixed-version: 0.20.0-r3 + - id: GHSA-2c7c-3mj9-8fqh + events: + - timestamp: 2023-12-14T09:33:13Z + type: fixed + data: + fixed-version: 0.19.0-r3 + + - id: GHSA-9763-4f94-gfch + events: + - timestamp: 2024-01-24T07:48:56Z + type: fixed + data: + fixed-version: 0.19.0-r6 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-12-14T09:33:02Z From bd53a7e7be4eb54269feec179349215064e821d1 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:45:26 +0100 Subject: [PATCH 021/115] Adding Advisory GHSA-mq39-4gv4-mvpx for crossplane (#3128) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- crossplane.advisories.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/crossplane.advisories.yaml b/crossplane.advisories.yaml index 12ab03c2f..66b44aa60 100644 --- a/crossplane.advisories.yaml +++ b/crossplane.advisories.yaml @@ -117,3 +117,18 @@ advisories: type: fixed data: fixed-version: 1.14.5-r2 + + - id: GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T07:07:48Z + type: detection + data: + type: scan/v1 + data: + subpackageName: crossplane + componentID: c50fd69f50f2a147 + componentName: github.com/docker/docker + componentVersion: v25.0.2+incompatible + componentType: go-module + componentLocation: /usr/bin/crossplane + scanner: grype From 39d2af0b6c404cd63c64c9641096aecdb705c124 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:43:36 +0000 Subject: [PATCH 022/115] Adding Advisory GHSA-xw73-rw38-6vjc for flux (#3126) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- flux.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/flux.advisories.yaml b/flux.advisories.yaml index d6de7b1cc..c33132cad 100644 --- a/flux.advisories.yaml +++ b/flux.advisories.yaml @@ -69,6 +69,23 @@ advisories: data: fixed-version: 2.2.1-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T07:06:31Z + type: detection + data: + type: scan/v1 + data: + subpackageName: flux + componentID: cd013f1471b1a4f7 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/flux + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 90a05081cc34a1da74a256c8c8391e46ebb9a9fc Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:43:37 +0000 Subject: [PATCH 023/115] Adding Advisory GHSA-mq39-4gv4-mvpx for docker-compose (#3127) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- docker-compose.advisories.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/docker-compose.advisories.yaml b/docker-compose.advisories.yaml index 371ae6294..8fff543a2 100644 --- a/docker-compose.advisories.yaml +++ b/docker-compose.advisories.yaml @@ -45,3 +45,18 @@ advisories: type: fixed data: fixed-version: 2.25.0-r1 + + - id: GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T07:07:17Z + type: detection + data: + type: scan/v1 + data: + subpackageName: docker-compose + componentID: 0b3ad6c647777761 + componentName: github.com/docker/docker + componentVersion: v25.0.4-0.20240301160236-51e876cd964c+incompatible + componentType: go-module + componentLocation: /usr/bin/docker-compose + scanner: grype From 7b05f8360c341858b07eb98620a22e450a787648 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:43:39 +0000 Subject: [PATCH 024/115] Adding Advisory GHSA-xw73-rw38-6vjc for gitlab-runner-helper (#3129) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- gitlab-runner.advisories.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/gitlab-runner.advisories.yaml b/gitlab-runner.advisories.yaml index ae71b059d..d99dc825c 100644 --- a/gitlab-runner.advisories.yaml +++ b/gitlab-runner.advisories.yaml @@ -125,3 +125,18 @@ advisories: type: fixed data: fixed-version: 16.8.0-r2 + + - id: GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T07:07:44Z + type: detection + data: + type: scan/v1 + data: + subpackageName: gitlab-runner-helper + componentID: b930cee192b4cfa8 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/gitlab-runner-helper + scanner: grype From d73a08ef4c11ac669654b8579819bfccb190df3c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:43:40 +0000 Subject: [PATCH 025/115] Adding Advisory GHSA-xw73-rw38-6vjc for gitsign (#3130) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- gitsign.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/gitsign.advisories.yaml b/gitsign.advisories.yaml index 56b101e82..dacc23ad3 100644 --- a/gitsign.advisories.yaml +++ b/gitsign.advisories.yaml @@ -129,6 +129,23 @@ advisories: data: fixed-version: 0.8.1-r0 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T07:31:48Z + type: detection + data: + type: scan/v1 + data: + subpackageName: gitsign + componentID: 924476b050dcaea8 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/gitsign + scanner: grype + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 0a8c29ca9ca711b315a0d1404730f2295ffb3670 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:43:41 +0000 Subject: [PATCH 026/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for aactl (#3131) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- aactl.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/aactl.advisories.yaml b/aactl.advisories.yaml index c20dcac47..dcfde8157 100644 --- a/aactl.advisories.yaml +++ b/aactl.advisories.yaml @@ -269,6 +269,15 @@ advisories: data: fixed-version: 0.4.12-r7 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T07:33:49Z + type: fixed + data: + fixed-version: 0.4.12-r7 + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2024-02-14T10:35:34Z From aee6425955717a0e9ab9967d604d3d6f0e1e9131 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:43:42 +0000 Subject: [PATCH 027/115] Adding Advisory GHSA-mq39-4gv4-mvpx for buildkitd (#3132) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- buildkitd.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/buildkitd.advisories.yaml b/buildkitd.advisories.yaml index 747542ec2..af186867e 100644 --- a/buildkitd.advisories.yaml +++ b/buildkitd.advisories.yaml @@ -224,6 +224,23 @@ advisories: data: fixed-version: 0.13.0-r1 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T07:34:43Z + type: detection + data: + type: scan/v1 + data: + subpackageName: buildkitd + componentID: 19cd3c2af876f2e9 + componentName: github.com/docker/docker + componentVersion: v25.0.3+incompatible + componentType: go-module + componentLocation: /usr/bin/buildkitd + scanner: grype + - id: GHSA-7ww5-4wqc-m92c events: - timestamp: 2024-01-30T15:54:13Z From 0f445d413285c7b781d5c10f5b623229f5bacac1 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 08:43:43 +0000 Subject: [PATCH 028/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for datadog-agent (#3133) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- datadog-agent.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/datadog-agent.advisories.yaml b/datadog-agent.advisories.yaml index d9b133573..60ed3a3f9 100644 --- a/datadog-agent.advisories.yaml +++ b/datadog-agent.advisories.yaml @@ -127,6 +127,15 @@ advisories: data: fixed-version: 7.50.3-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T07:34:46Z + type: fixed + data: + fixed-version: 7.51.1-r3 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From aa91a81756afc909631a07f5bf85418a6e051a6d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:43:38 +0000 Subject: [PATCH 029/115] Adding detection events for cadvisor (#3134) * Adding Advisory GHSA-mq39-4gv4-mvpx for cadvisor * Adding Advisory GHSA-xw73-rw38-6vjc for cadvisor --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cadvisor.advisories.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/cadvisor.advisories.yaml b/cadvisor.advisories.yaml index b5842b738..aade61bfa 100644 --- a/cadvisor.advisories.yaml +++ b/cadvisor.advisories.yaml @@ -82,6 +82,23 @@ advisories: data: fixed-version: 0.48.1-r4 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T09:30:53Z + type: detection + data: + type: scan/v1 + data: + subpackageName: cadvisor + componentID: 5fd69375a57c4040 + componentName: github.com/docker/docker + componentVersion: v20.10.27+incompatible + componentType: go-module + componentLocation: /usr/bin/cadvisor + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -154,6 +171,23 @@ advisories: data: fixed-version: 0.49.1-r3 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T09:30:51Z + type: detection + data: + type: scan/v1 + data: + subpackageName: cadvisor + componentID: 5fd69375a57c4040 + componentName: github.com/docker/docker + componentVersion: v20.10.27+incompatible + componentType: go-module + componentLocation: /usr/bin/cadvisor + scanner: grype + - id: GHSA-6xv5-86q9-7xr8 events: - timestamp: 2023-09-09T15:18:01Z From a3ec2471dc5c35ef6d9f21383febfa48c2f7affd Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:43:39 +0000 Subject: [PATCH 030/115] Adding Advisory GHSA-xw73-rw38-6vjc for crictl (#3135) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cri-tools.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cri-tools.advisories.yaml b/cri-tools.advisories.yaml index 3b7dd3f6a..aa03e4681 100644 --- a/cri-tools.advisories.yaml +++ b/cri-tools.advisories.yaml @@ -73,6 +73,23 @@ advisories: data: fixed-version: 1.29.0-r2 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T09:31:05Z + type: detection + data: + type: scan/v1 + data: + subpackageName: crictl + componentID: 35ba693bbd3d51a6 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/crictl + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 63a9249735baa458734946b140705c63ded614c5 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:43:41 +0000 Subject: [PATCH 031/115] Adding Advisory GHSA-xw73-rw38-6vjc for katib-controller (#3137) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kubeflow-katib.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/kubeflow-katib.advisories.yaml b/kubeflow-katib.advisories.yaml index 44dd8dfae..63c203b69 100644 --- a/kubeflow-katib.advisories.yaml +++ b/kubeflow-katib.advisories.yaml @@ -79,6 +79,23 @@ advisories: data: fixed-version: 0.16.0-r2 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T09:31:40Z + type: detection + data: + type: scan/v1 + data: + subpackageName: katib-controller + componentID: 72f9aeb2d9b4291a + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/katib-controller + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 011ba1a540bea8e16d577890ffc1c1a1d2b179fc Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:43:42 +0000 Subject: [PATCH 032/115] Adding Advisory GHSA-xw73-rw38-6vjc for kyverno-reports-controller (#3138) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kyverno.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/kyverno.advisories.yaml b/kyverno.advisories.yaml index e10525b40..012f380a4 100644 --- a/kyverno.advisories.yaml +++ b/kyverno.advisories.yaml @@ -134,6 +134,23 @@ advisories: data: fixed-version: 1.11.4-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T09:31:37Z + type: detection + data: + type: scan/v1 + data: + subpackageName: kyverno-reports-controller + componentID: ce2e520604ff454a + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/reports-controller + scanner: grype + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From cda7b5042d5df3e700d9b82b225dbc2c8ab5331c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 10:43:43 +0000 Subject: [PATCH 033/115] Adding Advisory GHSA-xw73-rw38-6vjc for bom (#3139) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- bom.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/bom.advisories.yaml b/bom.advisories.yaml index 5f79ac54a..a6eff8f9b 100644 --- a/bom.advisories.yaml +++ b/bom.advisories.yaml @@ -132,6 +132,23 @@ advisories: data: fixed-version: 0.6.0-r0 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T10:30:53Z + type: detection + data: + type: scan/v1 + data: + subpackageName: bom + componentID: 032b3d6a67d55c61 + componentName: github.com/docker/docker + componentVersion: v24.0.0+incompatible + componentType: go-module + componentLocation: /usr/bin/bom + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 61dba6c82ebe7fa98e9cd2284d9d095e7df338ec Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:30 +0000 Subject: [PATCH 034/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for conftest (#3140) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- conftest.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/conftest.advisories.yaml b/conftest.advisories.yaml index e292f533b..8e8a25f16 100644 --- a/conftest.advisories.yaml +++ b/conftest.advisories.yaml @@ -88,6 +88,15 @@ advisories: data: fixed-version: 0.50.0-r1 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:16:31Z + type: fixed + data: + fixed-version: 0.50.0-r2 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-10-31T20:03:41Z From 4011468da741598d67bc1c08af43fb20e4326c29 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:32 +0000 Subject: [PATCH 035/115] Adding fixed events for kaniko-warmer (#3141) * Adding Fixed Advisory GHSA-8r3f-844c-mc37 for kaniko-warmer * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for kaniko-warmer --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kaniko.advisories.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/kaniko.advisories.yaml b/kaniko.advisories.yaml index dd3717899..c7b7e821b 100644 --- a/kaniko.advisories.yaml +++ b/kaniko.advisories.yaml @@ -145,6 +145,19 @@ advisories: componentType: go-module componentLocation: /usr/bin/executor scanner: grype + - timestamp: 2024-03-21T11:16:31Z + type: fixed + data: + fixed-version: 1.21.1-r1 + + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:16:35Z + type: fixed + data: + fixed-version: 1.21.1-r1 - id: GHSA-7ww5-4wqc-m92c events: From efb3b82e6ad0d0d460efba49c79a8d315f047b3f Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:33 +0000 Subject: [PATCH 036/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for cosign (#3142) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cosign.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/cosign.advisories.yaml b/cosign.advisories.yaml index 830e9e21d..3fbf59e96 100644 --- a/cosign.advisories.yaml +++ b/cosign.advisories.yaml @@ -80,6 +80,15 @@ advisories: data: fixed-version: 2.2.2-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:16:41Z + type: fixed + data: + fixed-version: 2.2.3-r4 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 4a4f86cfaa450311113879da90cdbd9ca010a87a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:34 +0000 Subject: [PATCH 037/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for docker-credential-gcr (#3143) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- docker-credential-gcr.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/docker-credential-gcr.advisories.yaml b/docker-credential-gcr.advisories.yaml index 1a4374c24..a43a0dcf1 100644 --- a/docker-credential-gcr.advisories.yaml +++ b/docker-credential-gcr.advisories.yaml @@ -42,6 +42,15 @@ advisories: data: fixed-version: 2.1.22-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:17:00Z + type: fixed + data: + fixed-version: 2.1.22-r2 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 36cb09433aec8c7d90ccf56091da00958b27adf4 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:37 +0000 Subject: [PATCH 038/115] Adding fixed events for telegraf-1.30 (#3145) * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for telegraf-1.30 * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for telegraf-1.30 --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- telegraf-1.30.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/telegraf-1.30.advisories.yaml b/telegraf-1.30.advisories.yaml index 5109ceb5f..fa55da803 100644 --- a/telegraf-1.30.advisories.yaml +++ b/telegraf-1.30.advisories.yaml @@ -4,6 +4,15 @@ package: name: telegraf-1.30 advisories: + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:17:05Z + type: fixed + data: + fixed-version: 1.30.0-r4 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 @@ -55,6 +64,15 @@ advisories: data: fixed-version: 1.30.0-r2 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:17:03Z + type: fixed + data: + fixed-version: 1.30.0-r4 + - id: GHSA-7jwh-3vrq-q3m8 events: - timestamp: 2024-03-15T09:07:57Z From 2d10049fcb0c31be9ede0d2fe8ba35454a906aa2 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:38 +0000 Subject: [PATCH 039/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for eksctl (#3146) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- eksctl.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/eksctl.advisories.yaml b/eksctl.advisories.yaml index ac0dc3b07..02c767405 100644 --- a/eksctl.advisories.yaml +++ b/eksctl.advisories.yaml @@ -80,6 +80,15 @@ advisories: data: fixed-version: 0.167.0-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:17:05Z + type: fixed + data: + fixed-version: 0.174.0-r1 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 46f53a01b723d38527b21cd991a96d7cb6c54b08 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:39 +0000 Subject: [PATCH 040/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for grype (#3147) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- grype.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/grype.advisories.yaml b/grype.advisories.yaml index 9880b616f..29194a435 100644 --- a/grype.advisories.yaml +++ b/grype.advisories.yaml @@ -127,6 +127,15 @@ advisories: data: fixed-version: 0.74.7-r2 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:17:05Z + type: fixed + data: + fixed-version: 0.74.7-r3 + - id: GHSA-7ww5-4wqc-m92c events: - timestamp: 2023-12-20T16:19:08Z From 919ffc02893ed9ff33817753d3ea4abe8034f93b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:40 +0000 Subject: [PATCH 041/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for k8sgpt (#3148) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- k8sgpt.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/k8sgpt.advisories.yaml b/k8sgpt.advisories.yaml index 2b8b13330..fbd6b70a0 100644 --- a/k8sgpt.advisories.yaml +++ b/k8sgpt.advisories.yaml @@ -113,6 +113,15 @@ advisories: data: fixed-version: 0.3.24-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:17:02Z + type: fixed + data: + fixed-version: 0.3.28-r2 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From fa3a5cd70c4707a2ea5673d3d6762c96a54f9472 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:41 +0000 Subject: [PATCH 042/115] Adding fixed events for kargo (#3150) * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for kargo * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for kargo --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kargo.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/kargo.advisories.yaml b/kargo.advisories.yaml index 07181e46c..bfdbaf3a2 100644 --- a/kargo.advisories.yaml +++ b/kargo.advisories.yaml @@ -34,6 +34,15 @@ advisories: type: vulnerable-code-not-included-in-package note: Only affects Windows + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:17:07Z + type: fixed + data: + fixed-version: 0.4.4-r2 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 @@ -63,3 +72,12 @@ advisories: type: fixed data: fixed-version: 0.4.3-r2 + + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:17:05Z + type: fixed + data: + fixed-version: 0.4.4-r2 From 2bcc50feabb6bc967dd5e85f93820c3596268fa7 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:43 +0000 Subject: [PATCH 043/115] Adding fixed events for aactl (#3149) * Adding Fixed Advisory GHSA-8r3f-844c-mc37 for aactl * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for aactl --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- aactl.advisories.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/aactl.advisories.yaml b/aactl.advisories.yaml index dcfde8157..b3f4136da 100644 --- a/aactl.advisories.yaml +++ b/aactl.advisories.yaml @@ -231,6 +231,15 @@ advisories: data: fixed-version: 0.4.12-r7 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:17:04Z + type: fixed + data: + fixed-version: 0.4.12-r8 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 @@ -247,6 +256,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/aactl scanner: grype + - timestamp: 2024-03-21T11:17:02Z + type: fixed + data: + fixed-version: 0.4.12-r8 - id: CVE-2024-28180 aliases: From 83d520409b4b49c459130e7f0f490c51a9ed29ca Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:46 +0000 Subject: [PATCH 044/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for crictl (#3153) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cri-tools.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/cri-tools.advisories.yaml b/cri-tools.advisories.yaml index aa03e4681..45951b12e 100644 --- a/cri-tools.advisories.yaml +++ b/cri-tools.advisories.yaml @@ -89,6 +89,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/crictl scanner: grype + - timestamp: 2024-03-21T11:41:55Z + type: fixed + data: + fixed-version: 1.29.0-r6 - id: CVE-2024-24783 aliases: From aac863c32dd9c816cd818b4c053376c8b80d7a5d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:47 +0000 Subject: [PATCH 045/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for kyverno (#3154) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kyverno.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kyverno.advisories.yaml b/kyverno.advisories.yaml index 012f380a4..fd557d5d8 100644 --- a/kyverno.advisories.yaml +++ b/kyverno.advisories.yaml @@ -150,6 +150,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/reports-controller scanner: grype + - timestamp: 2024-03-21T11:42:15Z + type: fixed + data: + fixed-version: 1.11.4-r8 - id: CVE-2024-24786 aliases: From 559cd5bd3854dceeb62db5208fb9ed0a8011c0db Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:48 +0000 Subject: [PATCH 046/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for spire-agent (#3155) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- spire-server.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/spire-server.advisories.yaml b/spire-server.advisories.yaml index 0bdaa1f3c..c04f37da6 100644 --- a/spire-server.advisories.yaml +++ b/spire-server.advisories.yaml @@ -126,6 +126,15 @@ advisories: data: fixed-version: 1.9.1-r1 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:42:18Z + type: fixed + data: + fixed-version: 1.9.1-r4 + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2023-11-22T16:41:27Z From c04d7c68604ef4ee24549c610e1ac3dcda96c6dc Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:49 +0000 Subject: [PATCH 047/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for crossplane-crank (#3156) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- crossplane.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/crossplane.advisories.yaml b/crossplane.advisories.yaml index 66b44aa60..64c9d2aca 100644 --- a/crossplane.advisories.yaml +++ b/crossplane.advisories.yaml @@ -132,3 +132,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/crossplane scanner: grype + - timestamp: 2024-03-21T11:42:22Z + type: fixed + data: + fixed-version: 1.15.1-r1 From 473f756fefc08feb6bfcfb60eb466376cb5d72a6 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:51 +0000 Subject: [PATCH 048/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for promtail (#3157) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- loki.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/loki.advisories.yaml b/loki.advisories.yaml index 98cc405f4..6926564e4 100644 --- a/loki.advisories.yaml +++ b/loki.advisories.yaml @@ -70,6 +70,15 @@ advisories: data: fixed-version: 2.9.3-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:42:22Z + type: fixed + data: + fixed-version: 2.9.5-r3 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 21b764cc5769cfb27756e8effb593312858a1efe Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:52 +0000 Subject: [PATCH 049/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for timoni (#3158) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- timoni.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/timoni.advisories.yaml b/timoni.advisories.yaml index c21c67bcf..e7f877af3 100644 --- a/timoni.advisories.yaml +++ b/timoni.advisories.yaml @@ -60,6 +60,15 @@ advisories: data: fixed-version: 0.20.0-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:42:22Z + type: fixed + data: + fixed-version: 0.20.0-r3 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From c917628072020eceae5f2019482fb680d91486b0 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:54 +0000 Subject: [PATCH 050/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for tekton-pipelines-entrypoint (#3160) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- tekton-pipelines.advisories.yaml | 51 +++++++++++++++++++------------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/tekton-pipelines.advisories.yaml b/tekton-pipelines.advisories.yaml index 50d47ca1c..a18a7deb3 100644 --- a/tekton-pipelines.advisories.yaml +++ b/tekton-pipelines.advisories.yaml @@ -52,6 +52,36 @@ advisories: data: fixed-version: 0.55.0-r2 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:42:19Z + type: fixed + data: + fixed-version: 0.58.0-r1 + + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-14T08:20:49Z + type: detection + data: + type: scan/v1 + data: + subpackageName: tekton-pipelines-webhook + componentID: 0ab968ec0130e453 + componentName: google.golang.org/protobuf + componentVersion: v1.32.0 + componentType: go-module + componentLocation: /usr/bin/tekton-pipelines-webhook + scanner: grype + - timestamp: 2024-03-14T15:19:43Z + type: fixed + data: + fixed-version: 0.57.0-r1 + - id: CVE-2024-28110 aliases: - GHSA-5pf6-2qwx-pxm2 @@ -108,27 +138,6 @@ advisories: data: fixed-version: 0.54.2-r1 - - id: CVE-2024-24786 - aliases: - - GHSA-8r3f-844c-mc37 - events: - - timestamp: 2024-03-14T08:20:49Z - type: detection - data: - type: scan/v1 - data: - subpackageName: tekton-pipelines-webhook - componentID: 0ab968ec0130e453 - componentName: google.golang.org/protobuf - componentVersion: v1.32.0 - componentType: go-module - componentLocation: /usr/bin/tekton-pipelines-webhook - scanner: grype - - timestamp: 2024-03-14T15:19:43Z - type: fixed - data: - fixed-version: 0.57.0-r1 - - id: GHSA-9763-4f94-gfch events: - timestamp: 2024-01-12T07:28:53Z From 60a0758787652b6128d054a85024e55d61cbb9e5 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:55 +0000 Subject: [PATCH 051/115] Adding fixed events for prometheus-bitnami-compat (#3161) * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for prometheus-bitnami-compat * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for prometheus-bitnami-compat --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- prometheus.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/prometheus.advisories.yaml b/prometheus.advisories.yaml index 0a420fb33..ddcc3df25 100644 --- a/prometheus.advisories.yaml +++ b/prometheus.advisories.yaml @@ -115,6 +115,15 @@ advisories: data: fixed-version: 2.48.1-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:42:58Z + type: fixed + data: + fixed-version: 2.51.0-r1 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -151,6 +160,15 @@ advisories: data: fixed-version: 2.50.1-r3 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:43:15Z + type: fixed + data: + fixed-version: 2.51.0-r1 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-10-31T20:04:00Z From 64617c21ef6350de6a65193d6e3facf4a3800c73 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:56 +0000 Subject: [PATCH 052/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for skopeo (#3162) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- skopeo.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/skopeo.advisories.yaml b/skopeo.advisories.yaml index eef866e7a..8a341bd10 100644 --- a/skopeo.advisories.yaml +++ b/skopeo.advisories.yaml @@ -66,6 +66,15 @@ advisories: data: fixed-version: 1.14.2-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:43:28Z + type: fixed + data: + fixed-version: 1.15.0-r1 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 8411f423c8e0f1e2e47661eb666bfa722f71ec2c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:57 +0000 Subject: [PATCH 053/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for istio-pilot-discovery-1.21 (#3163) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- istio-pilot-discovery-1.21.advisories.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 istio-pilot-discovery-1.21.advisories.yaml diff --git a/istio-pilot-discovery-1.21.advisories.yaml b/istio-pilot-discovery-1.21.advisories.yaml new file mode 100644 index 000000000..9e9a581ad --- /dev/null +++ b/istio-pilot-discovery-1.21.advisories.yaml @@ -0,0 +1,14 @@ +schema-version: 2.0.2 + +package: + name: istio-pilot-discovery-1.21 + +advisories: + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:43:36Z + type: fixed + data: + fixed-version: 1.21.0-r2 From ddd918d6f4dd988311e2fcf5b0c5610174d99f68 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:27:58 +0000 Subject: [PATCH 054/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for buildctl (#3164) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- buildkitd.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/buildkitd.advisories.yaml b/buildkitd.advisories.yaml index af186867e..521c77b6b 100644 --- a/buildkitd.advisories.yaml +++ b/buildkitd.advisories.yaml @@ -240,6 +240,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/buildkitd scanner: grype + - timestamp: 2024-03-21T11:43:47Z + type: fixed + data: + fixed-version: 0.13.1-r1 - id: GHSA-7ww5-4wqc-m92c events: From ecfd0d09122d6c3a8fd7272c60d2d1fe5fd1e34e Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:05 +0000 Subject: [PATCH 055/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for docker-compose (#3170) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- docker-compose.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/docker-compose.advisories.yaml b/docker-compose.advisories.yaml index 8fff543a2..a324a4edf 100644 --- a/docker-compose.advisories.yaml +++ b/docker-compose.advisories.yaml @@ -60,3 +60,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/docker-compose scanner: grype + - timestamp: 2024-03-21T11:44:19Z + type: fixed + data: + fixed-version: 2.25.0-r2 From 00084a1531bebf4d48242626a3b348fce52bcb5d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:08 +0000 Subject: [PATCH 056/115] Adding fixed events for dagger (#3172) * Adding Fixed Advisory GHSA-8r3f-844c-mc37 for dagger * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for dagger * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for dagger --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- dagger.advisories.yaml | 27 +++++++++++++++++++++++++++ 1 file changed, 27 insertions(+) diff --git a/dagger.advisories.yaml b/dagger.advisories.yaml index 6b6612d7e..7e2327a39 100644 --- a/dagger.advisories.yaml +++ b/dagger.advisories.yaml @@ -22,6 +22,15 @@ advisories: data: fixed-version: 0.10.1-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:44:14Z + type: fixed + data: + fixed-version: 0.10.2-r1 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -48,3 +57,21 @@ advisories: type: fixed data: fixed-version: 0.10.1-r1 + + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-21T11:43:58Z + type: fixed + data: + fixed-version: 0.10.2-r1 + + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:44:07Z + type: fixed + data: + fixed-version: 0.10.2-r1 From d0114dc3e456f0649f6cf21ae28dd8fd3fb5764b Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:09 +0000 Subject: [PATCH 057/115] Adding fixed events for tekton-chains (#3176) * Adding Fixed Advisory GHSA-8r3f-844c-mc37 for tekton-chains * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for tekton-chains --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- tekton-chains.advisories.yaml | 13 +++++++++++++ 1 file changed, 13 insertions(+) diff --git a/tekton-chains.advisories.yaml b/tekton-chains.advisories.yaml index 7a2fbb46c..ad176aafd 100644 --- a/tekton-chains.advisories.yaml +++ b/tekton-chains.advisories.yaml @@ -79,6 +79,15 @@ advisories: data: fixed-version: 0.19.0-r6 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:44:15Z + type: fixed + data: + fixed-version: 0.20.1-r1 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 @@ -95,6 +104,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/tekton-chains scanner: grype + - timestamp: 2024-03-21T11:44:11Z + type: fixed + data: + fixed-version: 0.20.1-r1 - id: CVE-2024-28180 aliases: From f81ba055594275d44313150a8e912c8574e22674 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:11 +0000 Subject: [PATCH 058/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for guacone (#3175) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- guac.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/guac.advisories.yaml b/guac.advisories.yaml index f462c2ec9..8382d415f 100644 --- a/guac.advisories.yaml +++ b/guac.advisories.yaml @@ -60,6 +60,15 @@ advisories: data: fixed-version: 0.4.0-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:44:16Z + type: fixed + data: + fixed-version: 0.5.1-r4 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 3221a60cdc2ccc805a0b89e5c6560b11dc865c29 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:14 +0000 Subject: [PATCH 059/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for flux-image-reflector-controller (#3182) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- flux-image-reflector-controller.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/flux-image-reflector-controller.advisories.yaml b/flux-image-reflector-controller.advisories.yaml index 6ba2ba579..c15553f9b 100644 --- a/flux-image-reflector-controller.advisories.yaml +++ b/flux-image-reflector-controller.advisories.yaml @@ -69,6 +69,15 @@ advisories: data: fixed-version: 0.31.1-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:44:18Z + type: fixed + data: + fixed-version: 0.31.2-r3 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From fcec26367798a56ebaa8cc23fe2e4883d88c20be Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:15 +0000 Subject: [PATCH 060/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for crane (#3181) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- crane.advisories.yaml | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) diff --git a/crane.advisories.yaml b/crane.advisories.yaml index 937259152..ee98da54c 100644 --- a/crane.advisories.yaml +++ b/crane.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: 2.0.1 +schema-version: 2.0.2 package: name: crane @@ -23,3 +23,12 @@ advisories: data: type: vulnerable-code-not-included-in-package note: Only affects Windows + + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:44:21Z + type: fixed + data: + fixed-version: 0.19.1-r1 From c737186fae2d85371e5a5c1f0c1fded2720a186c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:20 +0000 Subject: [PATCH 061/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for traefik (#3183) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- traefik.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/traefik.advisories.yaml b/traefik.advisories.yaml index 477c147b2..377a06e26 100644 --- a/traefik.advisories.yaml +++ b/traefik.advisories.yaml @@ -123,6 +123,15 @@ advisories: data: fixed-version: 2.10.7-r3 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:44:20Z + type: fixed + data: + fixed-version: 2.11.0-r4 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From dfed1da3d676eefce7a5c59e662585c504d53d39 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:22 +0000 Subject: [PATCH 062/115] Adding fixed events for kubescape (#3185) * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for kubescape * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for kubescape --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kubescape.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/kubescape.advisories.yaml b/kubescape.advisories.yaml index 0af8496a0..a3b378b75 100644 --- a/kubescape.advisories.yaml +++ b/kubescape.advisories.yaml @@ -269,6 +269,15 @@ advisories: data: fixed-version: 3.0.3-r7 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:52:49Z + type: fixed + data: + fixed-version: 3.0.7-r1 + - id: CVE-2024-24579 aliases: - GHSA-hpxr-w9w7-g4gv @@ -374,6 +383,15 @@ advisories: data: fixed-version: 3.0.4-r2 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:52:52Z + type: fixed + data: + fixed-version: 3.0.7-r1 + - id: GHSA-2c7c-3mj9-8fqh events: - timestamp: 2024-01-08T11:54:42Z From 109f11d0a952987049bfabdb385d16965c5f31fd Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:28:24 +0000 Subject: [PATCH 063/115] Adding fixed events for up (#3186) * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for up * Adding Fixed Advisory GHSA-8r3f-844c-mc37 for up * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for up --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- up.advisories.yaml | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) diff --git a/up.advisories.yaml b/up.advisories.yaml index fcfa1a10f..6b9e3a52d 100644 --- a/up.advisories.yaml +++ b/up.advisories.yaml @@ -206,6 +206,15 @@ advisories: data: fixed-version: 0.24.0-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T12:13:39Z + type: fixed + data: + fixed-version: 0.26.0-r1 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -249,6 +258,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/up scanner: grype + - timestamp: 2024-03-21T12:13:42Z + type: fixed + data: + fixed-version: 0.26.0-r1 - id: CVE-2024-25620 aliases: @@ -292,6 +305,15 @@ advisories: data: fixed-version: 0.24.1-r3 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T12:13:42Z + type: fixed + data: + fixed-version: 0.26.0-r1 + - id: GHSA-6xv5-86q9-7xr8 events: - timestamp: 2024-01-31T03:18:02Z From ae1d53be9159048334f99b63941a3cab07ba2435 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 12:47:32 +0000 Subject: [PATCH 064/115] Adding fixed events for trivy (#3187) * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for trivy * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for trivy --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- trivy.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/trivy.advisories.yaml b/trivy.advisories.yaml index 9f87d5b0b..ecbe9c7b1 100644 --- a/trivy.advisories.yaml +++ b/trivy.advisories.yaml @@ -155,6 +155,15 @@ advisories: data: fixed-version: 0.49.0-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T12:46:40Z + type: fixed + data: + fixed-version: 0.50.0-r1 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 @@ -206,6 +215,15 @@ advisories: data: fixed-version: 0.49.1-r2 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T12:46:38Z + type: fixed + data: + fixed-version: 0.50.0-r1 + - id: GHSA-7ww5-4wqc-m92c events: - timestamp: 2023-12-20T09:42:19Z From e8c7ebb78cc3b79ba65732ea967b307adfb52cd3 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 13:43:30 +0000 Subject: [PATCH 065/115] Adding Fixed Advisory GHSA-8r3f-844c-mc37 for argo-workflow-executor (#3189) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- argo-workflows.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/argo-workflows.advisories.yaml b/argo-workflows.advisories.yaml index e2f740af3..558dade39 100644 --- a/argo-workflows.advisories.yaml +++ b/argo-workflows.advisories.yaml @@ -58,6 +58,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/workflow-controller scanner: grype + - timestamp: 2024-03-21T13:30:59Z + type: fixed + data: + fixed-version: 3.5.5-r4 - id: CVE-2024-27289 aliases: From 892172ea5c440e80d684aa7c83bee7100fb87b0c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 13:43:33 +0000 Subject: [PATCH 066/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for k3s (#3192) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- k3s.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/k3s.advisories.yaml b/k3s.advisories.yaml index 96b490e78..385a071ed 100644 --- a/k3s.advisories.yaml +++ b/k3s.advisories.yaml @@ -106,6 +106,15 @@ advisories: data: fixed-version: 1.29.0-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T13:31:10Z + type: fixed + data: + fixed-version: 1.29.2-r5 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 4a662ce131bc7de2a78652cea30cc1f12deef570 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 15:43:20 +0000 Subject: [PATCH 067/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for datadog-agent (#3193) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- datadog-agent.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/datadog-agent.advisories.yaml b/datadog-agent.advisories.yaml index 60ed3a3f9..e3dd58da2 100644 --- a/datadog-agent.advisories.yaml +++ b/datadog-agent.advisories.yaml @@ -183,3 +183,12 @@ advisories: type: fixed data: fixed-version: 7.51.1-r2 + + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T14:49:35Z + type: fixed + data: + fixed-version: 7.52.0-r0 From f28162711e8ad5635da6b67cd09f71b8848b5a4f Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 21:59:07 +0100 Subject: [PATCH 068/115] Adding Advisory GHSA-mq39-4gv4-mvpx for wolfictl (#3136) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- wolfictl.advisories.yaml | 47 ++++++++++++++++++++++++++++------------ 1 file changed, 33 insertions(+), 14 deletions(-) diff --git a/wolfictl.advisories.yaml b/wolfictl.advisories.yaml index 5302be18f..2f21e5b76 100644 --- a/wolfictl.advisories.yaml +++ b/wolfictl.advisories.yaml @@ -42,40 +42,59 @@ advisories: data: fixed-version: 0.14.13-r0 - - id: GHSA-9763-4f94-gfch + - id: CVE-2024-28180 + aliases: + - GHSA-c5q2-7r4c-mv6g events: - - timestamp: 2024-01-11T07:20:11Z + - timestamp: 2024-03-08T07:35:09Z type: detection data: type: scan/v1 data: subpackageName: wolfictl - componentID: 1e68f4c9d36f367e - componentName: github.com/cloudflare/circl - componentVersion: v1.3.6 + componentID: 4f29ea779dca2fc0 + componentName: gopkg.in/go-jose/go-jose.v2 + componentVersion: v2.6.2 componentType: go-module componentLocation: /usr/bin/wolfictl scanner: grype - - timestamp: 2024-01-23T15:32:12Z + - timestamp: 2024-03-08T10:56:39Z type: fixed data: - fixed-version: 0.14.1-r0 + fixed-version: 0.15.3-r3 - - id: GHSA-c5q2-7r4c-mv6g + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx events: - - timestamp: 2024-03-08T07:35:09Z + - timestamp: 2024-03-21T09:31:30Z type: detection data: type: scan/v1 data: subpackageName: wolfictl - componentID: 4f29ea779dca2fc0 - componentName: gopkg.in/go-jose/go-jose.v2 - componentVersion: v2.6.2 + componentID: bc897b5baae4b79e + componentName: github.com/docker/docker + componentVersion: v25.0.4+incompatible componentType: go-module componentLocation: /usr/bin/wolfictl scanner: grype - - timestamp: 2024-03-08T10:56:39Z + + - id: GHSA-9763-4f94-gfch + events: + - timestamp: 2024-01-11T07:20:11Z + type: detection + data: + type: scan/v1 + data: + subpackageName: wolfictl + componentID: 1e68f4c9d36f367e + componentName: github.com/cloudflare/circl + componentVersion: v1.3.6 + componentType: go-module + componentLocation: /usr/bin/wolfictl + scanner: grype + - timestamp: 2024-01-23T15:32:12Z type: fixed data: - fixed-version: 0.15.3-r3 + fixed-version: 0.14.1-r0 From c41149f820d5ee5d4b66cf22ead0288d9a88dc94 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 21:00:54 +0000 Subject: [PATCH 069/115] Adding fixed events for cadvisor (#3151) * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for cadvisor * Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for cadvisor --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cadvisor.advisories.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/cadvisor.advisories.yaml b/cadvisor.advisories.yaml index aade61bfa..a66c75551 100644 --- a/cadvisor.advisories.yaml +++ b/cadvisor.advisories.yaml @@ -98,6 +98,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/cadvisor scanner: grype + - timestamp: 2024-03-21T11:23:06Z + type: fixed + data: + fixed-version: 0.49.1-r4 - id: CVE-2024-24783 aliases: @@ -187,6 +191,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/cadvisor scanner: grype + - timestamp: 2024-03-21T11:23:06Z + type: fixed + data: + fixed-version: 0.49.1-r4 - id: GHSA-6xv5-86q9-7xr8 events: From 0990043829b7be36a920a5190876f74c62bc2494 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 22:03:08 +0100 Subject: [PATCH 070/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for newrelic-infrastructure-agent (#3152) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- newrelic-infrastructure-agent.advisories.yaml | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/newrelic-infrastructure-agent.advisories.yaml b/newrelic-infrastructure-agent.advisories.yaml index 4b316545b..403a68923 100644 --- a/newrelic-infrastructure-agent.advisories.yaml +++ b/newrelic-infrastructure-agent.advisories.yaml @@ -78,6 +78,15 @@ advisories: data: fixed-version: 1.48.4-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T11:23:08Z + type: fixed + data: + fixed-version: 1.50.0-r3 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -105,14 +114,9 @@ advisories: data: fixed-version: 1.50.0-r1 - - id: GHSA-7ww5-4wqc-m92c - events: - - timestamp: 2023-12-26T04:05:25Z - type: fixed - data: - fixed-version: 1.48.1-r2 - - - id: GHSA-8r3f-844c-mc37 + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 events: - timestamp: 2024-03-14T13:21:41Z type: detection @@ -131,6 +135,13 @@ advisories: data: fixed-version: 1.50.0-r2 + - id: GHSA-7ww5-4wqc-m92c + events: + - timestamp: 2023-12-26T04:05:25Z + type: fixed + data: + fixed-version: 1.48.1-r2 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-10-31T20:03:59Z From 7f9e517a4dbc948385c8e96ea5e5b0f4919f0ca0 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 22:03:47 +0100 Subject: [PATCH 071/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for ko (#3159) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- ko.advisories.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/ko.advisories.yaml b/ko.advisories.yaml index b75eeade0..17f9bce64 100644 --- a/ko.advisories.yaml +++ b/ko.advisories.yaml @@ -97,7 +97,9 @@ advisories: data: fixed-version: 0.15.1-r2 - - id: GHSA-c5q2-7r4c-mv6g + - id: CVE-2024-28180 + aliases: + - GHSA-c5q2-7r4c-mv6g events: - timestamp: 2024-03-08T07:16:44Z type: detection @@ -116,6 +118,15 @@ advisories: data: fixed-version: 0.15.2-r3 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-21T11:42:16Z + type: fixed + data: + fixed-version: 0.15.2-r4 + - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-10-31T20:03:54Z From 55e5621c5d06b7513ce677365506d8b9c79db822 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Thu, 21 Mar 2024 22:08:58 +0100 Subject: [PATCH 072/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for cmctl-1.14 (#3188) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cert-manager-1.14.advisories.yaml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/cert-manager-1.14.advisories.yaml b/cert-manager-1.14.advisories.yaml index 437701c8a..4139e179a 100644 --- a/cert-manager-1.14.advisories.yaml +++ b/cert-manager-1.14.advisories.yaml @@ -26,6 +26,15 @@ advisories: type: vulnerability-record-analysis-contested note: 'This is not a vulnerability. Learn more about the response from Helm: https://helm.sh/blog/response-cve-2019-25210' + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-21T12:47:16Z + type: fixed + data: + fixed-version: 1.14.4-r2 + - id: CVE-2024-25620 aliases: - GHSA-v53g-5gjp-272r @@ -68,7 +77,9 @@ advisories: data: fixed-version: 1.14.2-r2 - - id: GHSA-c5q2-7r4c-mv6g + - id: CVE-2024-28180 + aliases: + - GHSA-c5q2-7r4c-mv6g events: - timestamp: 2024-03-08T07:11:22Z type: detection From df19ee43b90a8b9a9131bebf43e8abb9031f8c54 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 06:43:23 +0000 Subject: [PATCH 073/115] Adding detection events for trino-plugin-accumulo (#3194) * Adding Advisory GHSA-9w38-p64v-xpmv for trino-plugin-accumulo * Adding Advisory GHSA-xjp4-hw94-mvp5 for trino-plugin-accumulo --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- trino.advisories.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/trino.advisories.yaml b/trino.advisories.yaml index 51e5902e7..8013bcd04 100644 --- a/trino.advisories.yaml +++ b/trino.advisories.yaml @@ -485,6 +485,40 @@ advisories: data: fixed-version: 439-r2 + - id: CVE-2024-29131 + aliases: + - GHSA-xjp4-hw94-mvp5 + events: + - timestamp: 2024-03-22T05:51:34Z + type: detection + data: + type: scan/v1 + data: + subpackageName: trino-plugin-accumulo + componentID: 42bba93ce57c3963 + componentName: commons-configuration2 + componentVersion: 2.9.0 + componentType: java-archive + componentLocation: /usr/lib/trino/lib/commons-configuration2-2.9.0.jar + scanner: grype + + - id: CVE-2024-29133 + aliases: + - GHSA-9w38-p64v-xpmv + events: + - timestamp: 2024-03-22T05:51:30Z + type: detection + data: + type: scan/v1 + data: + subpackageName: trino-plugin-accumulo + componentID: 42bba93ce57c3963 + componentName: commons-configuration2 + componentVersion: 2.9.0 + componentType: java-archive + componentLocation: /usr/lib/trino/lib/commons-configuration2-2.9.0.jar + scanner: grype + - id: GHSA-xpw8-rcwv-8f8p events: - timestamp: 2024-02-16T01:44:04Z From bd9cf00b5275c55a6a9359cfd34d3afd020a4446 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 06:43:24 +0000 Subject: [PATCH 074/115] Adding Fixed Advisory GHSA-r978-9m6m-6gm6 for trino-plugin-accumulo (#3197) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- trino.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/trino.advisories.yaml b/trino.advisories.yaml index 8013bcd04..c4fbf8586 100644 --- a/trino.advisories.yaml +++ b/trino.advisories.yaml @@ -442,6 +442,10 @@ advisories: componentType: java-archive componentLocation: /usr/lib/trino/lib/zookeeper-3.9.1.jar scanner: grype + - timestamp: 2024-03-22T05:52:12Z + type: fixed + data: + fixed-version: 443-r0 - id: CVE-2024-25710 aliases: From 6d844e307a150368536e016d6e65fd0faff99b64 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 06:43:28 +0000 Subject: [PATCH 075/115] Adding Fixed Advisory GHSA-r978-9m6m-6gm6 for trino-plugin-pinot (#3196) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> From 41dc8c7fe96b8fc111c1bc08752c9420d8e1578c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 08:28:16 +0100 Subject: [PATCH 076/115] Adding Advisory GHSA-xw73-rw38-6vjc for chartmuseum (#3201) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- chartmuseum.advisories.yaml | 57 ++++++++++++++++++++++++------------- 1 file changed, 38 insertions(+), 19 deletions(-) diff --git a/chartmuseum.advisories.yaml b/chartmuseum.advisories.yaml index 51ddd8432..7dacc3584 100644 --- a/chartmuseum.advisories.yaml +++ b/chartmuseum.advisories.yaml @@ -82,6 +82,23 @@ advisories: data: fixed-version: 0.16.1-r4 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T07:18:34Z + type: detection + data: + type: scan/v1 + data: + subpackageName: chartmuseum + componentID: e8713d467cb089c5 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/chartmuseum + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -109,6 +126,27 @@ advisories: data: fixed-version: 0.16.1-r4 + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-14T07:08:26Z + type: detection + data: + type: scan/v1 + data: + subpackageName: chartmuseum + componentID: 03eb8e87cf063a9d + componentName: google.golang.org/protobuf + componentVersion: v1.31.0 + componentType: go-module + componentLocation: /usr/bin/chartmuseum + scanner: grype + - timestamp: 2024-03-14T15:22:59Z + type: fixed + data: + fixed-version: 0.16.1-r5 + - id: CVE-2024-25620 aliases: - GHSA-v53g-5gjp-272r @@ -151,25 +189,6 @@ advisories: data: fixed-version: 0.16.1-r3 - - id: GHSA-8r3f-844c-mc37 - events: - - timestamp: 2024-03-14T07:08:26Z - type: detection - data: - type: scan/v1 - data: - subpackageName: chartmuseum - componentID: 03eb8e87cf063a9d - componentName: google.golang.org/protobuf - componentVersion: v1.31.0 - componentType: go-module - componentLocation: /usr/bin/chartmuseum - scanner: grype - - timestamp: 2024-03-14T15:22:59Z - type: fixed - data: - fixed-version: 0.16.1-r5 - - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2023-12-27T14:29:46Z From d0dc7c6e8a786e8a065e9d24e57796c6f6899e97 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 08:28:42 +0100 Subject: [PATCH 077/115] Adding Advisory GHSA-xw73-rw38-6vjc for k3d (#3198) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- k3d.advisories.yaml | 57 ++++++++++++++++++++++++++++++--------------- 1 file changed, 38 insertions(+), 19 deletions(-) diff --git a/k3d.advisories.yaml b/k3d.advisories.yaml index 1451e274f..241336167 100644 --- a/k3d.advisories.yaml +++ b/k3d.advisories.yaml @@ -998,6 +998,23 @@ advisories: data: fixed-version: 5.6.0-r6 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T07:06:05Z + type: detection + data: + type: scan/v1 + data: + subpackageName: k3d + componentID: 22f44d686d875f84 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/k3d + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -1025,6 +1042,27 @@ advisories: data: fixed-version: 5.6.0-r7 + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-14T07:08:28Z + type: detection + data: + type: scan/v1 + data: + subpackageName: k3d + componentID: 6ae545edc2d9ee4a + componentName: google.golang.org/protobuf + componentVersion: v1.31.0 + componentType: go-module + componentLocation: /usr/bin/k3d + scanner: grype + - timestamp: 2024-03-16T20:28:53Z + type: fixed + data: + fixed-version: 5.6.0-r8 + - id: GHSA-76wf-9vgp-pj7w events: - timestamp: 2024-02-17T17:00:05Z @@ -1059,25 +1097,6 @@ advisories: data: fixed-version: 5.6.0-r6 - - id: GHSA-8r3f-844c-mc37 - events: - - timestamp: 2024-03-14T07:08:28Z - type: detection - data: - type: scan/v1 - data: - subpackageName: k3d - componentID: 6ae545edc2d9ee4a - componentName: google.golang.org/protobuf - componentVersion: v1.31.0 - componentType: go-module - componentLocation: /usr/bin/k3d - scanner: grype - - timestamp: 2024-03-16T20:28:53Z - type: fixed - data: - fixed-version: 5.6.0-r8 - - id: GHSA-jq35-85cj-fj4p events: - timestamp: 2024-02-14T12:26:39Z From ac668572e625e1d5e3429aeec0023d56f17eca34 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 07:27:33 +0000 Subject: [PATCH 078/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for zot (#3200) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- zot.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/zot.advisories.yaml b/zot.advisories.yaml index 0288803c3..fc0d4ac54 100644 --- a/zot.advisories.yaml +++ b/zot.advisories.yaml @@ -185,6 +185,15 @@ advisories: data: fixed-version: 2.0.1-r2 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T07:17:51Z + type: fixed + data: + fixed-version: 2.0.2-r0 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From b09bf17f38d3ea88bb88d9192f145a89b021c664 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 07:27:50 +0000 Subject: [PATCH 079/115] Adding Advisory GHSA-mq39-4gv4-mvpx for buf (#3199) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- buf.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/buf.advisories.yaml b/buf.advisories.yaml index 1d024aed0..f77ac3a82 100644 --- a/buf.advisories.yaml +++ b/buf.advisories.yaml @@ -41,3 +41,20 @@ advisories: type: fixed data: fixed-version: 1.30.0-r0 + + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-22T07:06:18Z + type: detection + data: + type: scan/v1 + data: + subpackageName: buf + componentID: 092d335917925f4e + componentName: github.com/docker/docker + componentVersion: v25.0.4+incompatible + componentType: go-module + componentLocation: /usr/bin/buf + scanner: grype From 829a17c3b2382720f6ad4cad901a2317bf149b88 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 11:01:44 +0100 Subject: [PATCH 080/115] Adding Advisory GHSA-xw73-rw38-6vjc for helm (#3202) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- helm.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/helm.advisories.yaml b/helm.advisories.yaml index 1be904f64..e3f31cc2b 100644 --- a/helm.advisories.yaml +++ b/helm.advisories.yaml @@ -151,6 +151,23 @@ advisories: data: fixed-version: 3.13.3-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T09:16:45Z + type: detection + data: + type: scan/v1 + data: + subpackageName: helm + componentID: 7a48b19dca54b4bd + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/helm + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From dbe3c55287578fe7799791cb77fc03dbdff96865 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 11:01:59 +0100 Subject: [PATCH 081/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for argo-workflow-controller (#3203) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- argo-workflows.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/argo-workflows.advisories.yaml b/argo-workflows.advisories.yaml index 558dade39..e329b970a 100644 --- a/argo-workflows.advisories.yaml +++ b/argo-workflows.advisories.yaml @@ -42,6 +42,15 @@ advisories: data: fixed-version: 3.5.2-r3 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T09:21:48Z + type: fixed + data: + fixed-version: 3.5.5-r4 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 6a76bca743634c115679dc9118025df72938d9a0 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 13:43:21 +0000 Subject: [PATCH 082/115] Adding Advisory GHSA-mq39-4gv4-mvpx for zot (#3204) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- zot.advisories.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/zot.advisories.yaml b/zot.advisories.yaml index fc0d4ac54..20af34310 100644 --- a/zot.advisories.yaml +++ b/zot.advisories.yaml @@ -299,3 +299,18 @@ advisories: type: fixed data: fixed-version: 2.0.0-r2 + + - id: GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-22T09:26:00Z + type: detection + data: + type: scan/v1 + data: + subpackageName: zot + componentID: e0f4f9fab9f873bf + componentName: github.com/docker/docker + componentVersion: v25.0.3+incompatible + componentType: go-module + componentLocation: /usr/bin/zli + scanner: grype From 59ff78814d1436420ba381cfe9cc51f8f5d4d119 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 13:43:23 +0000 Subject: [PATCH 083/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for falcoctl (#3205) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- falcoctl.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/falcoctl.advisories.yaml b/falcoctl.advisories.yaml index 6dca519bf..0c333ee3d 100644 --- a/falcoctl.advisories.yaml +++ b/falcoctl.advisories.yaml @@ -93,6 +93,15 @@ advisories: data: fixed-version: 0.7.1-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T12:18:18Z + type: fixed + data: + fixed-version: 0.7.3-r5 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 06b0f859caeac50d536032408f62c9c71a68284c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 13:43:24 +0000 Subject: [PATCH 084/115] Adding detection events for prometheus-2.50-bitnami-compat (#3206) * Adding Advisory GHSA-mq39-4gv4-mvpx for prometheus-2.50-bitnami-compat * Adding Advisory GHSA-xw73-rw38-6vjc for prometheus-2.50-bitnami-compat --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- prometheus-2.50.advisories.yaml | 34 +++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/prometheus-2.50.advisories.yaml b/prometheus-2.50.advisories.yaml index 2f7852979..506ef0c21 100644 --- a/prometheus-2.50.advisories.yaml +++ b/prometheus-2.50.advisories.yaml @@ -4,6 +4,23 @@ package: name: prometheus-2.50 advisories: + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T13:18:26Z + type: detection + data: + type: scan/v1 + data: + subpackageName: prometheus-2.50-bitnami-compat + componentID: c38a4ddb2ec79614 + componentName: github.com/docker/docker + componentVersion: v25.0.0+incompatible + componentType: go-module + componentLocation: /opt/bitnami/prometheus/bin/prometheus + scanner: grype + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 @@ -24,3 +41,20 @@ advisories: type: fixed data: fixed-version: 2.50.1-r2 + + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-22T13:18:25Z + type: detection + data: + type: scan/v1 + data: + subpackageName: prometheus-2.50-bitnami-compat + componentID: c38a4ddb2ec79614 + componentName: github.com/docker/docker + componentVersion: v25.0.0+incompatible + componentType: go-module + componentLocation: /opt/bitnami/prometheus/bin/prometheus + scanner: grype From 036ac5f792f312fbcc93e9d3717957fbef37f2b8 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 13:43:26 +0000 Subject: [PATCH 085/115] Adding Advisory GHSA-xw73-rw38-6vjc for policy-controller-tester (#3208) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- policy-controller.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/policy-controller.advisories.yaml b/policy-controller.advisories.yaml index 585754dca..05b37e42c 100644 --- a/policy-controller.advisories.yaml +++ b/policy-controller.advisories.yaml @@ -69,6 +69,23 @@ advisories: data: fixed-version: 0.8.3-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T13:34:03Z + type: detection + data: + type: scan/v1 + data: + subpackageName: policy-controller-tester + componentID: 7da93f5585435b62 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/policy-tester + scanner: grype + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 290be5072f088f4644c17f76f3a2d20a9dd0dd0d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 14:43:34 +0000 Subject: [PATCH 086/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for prometheus-2.51-bitnami-compat (#3209) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- prometheus-2.51.advisories.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 prometheus-2.51.advisories.yaml diff --git a/prometheus-2.51.advisories.yaml b/prometheus-2.51.advisories.yaml new file mode 100644 index 000000000..1daf11e3b --- /dev/null +++ b/prometheus-2.51.advisories.yaml @@ -0,0 +1,14 @@ +schema-version: 2.0.2 + +package: + name: prometheus-2.51 + +advisories: + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-22T13:57:44Z + type: fixed + data: + fixed-version: 2.51.0-r1 From 350390a4c8bd51fd3125058baa1de10105df586f Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 14:43:35 +0000 Subject: [PATCH 087/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for wolfictl (#3210) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- wolfictl.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/wolfictl.advisories.yaml b/wolfictl.advisories.yaml index 2f21e5b76..15ad240a9 100644 --- a/wolfictl.advisories.yaml +++ b/wolfictl.advisories.yaml @@ -79,6 +79,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/wolfictl scanner: grype + - timestamp: 2024-03-22T13:57:56Z + type: fixed + data: + fixed-version: 0.15.7-r1 - id: GHSA-9763-4f94-gfch events: From 2603a2e3edfb246b619724f7b84eb16d7aa67ce2 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 14:43:37 +0000 Subject: [PATCH 088/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for gitsign (#3211) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- gitsign.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/gitsign.advisories.yaml b/gitsign.advisories.yaml index dacc23ad3..cca618c24 100644 --- a/gitsign.advisories.yaml +++ b/gitsign.advisories.yaml @@ -145,6 +145,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/gitsign scanner: grype + - timestamp: 2024-03-22T13:58:00Z + type: fixed + data: + fixed-version: 0.8.1-r5 - id: CVE-2024-24786 aliases: From 79a65016cd53712a9a06849861f63b5aaf5f7355 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 14:43:38 +0000 Subject: [PATCH 089/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for melange (#3212) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- melange.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/melange.advisories.yaml b/melange.advisories.yaml index 7b2df8261..61edd80e5 100644 --- a/melange.advisories.yaml +++ b/melange.advisories.yaml @@ -108,6 +108,15 @@ advisories: data: fixed-version: 0.6.9-r2 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-22T13:58:15Z + type: fixed + data: + fixed-version: 0.6.9-r4 + - id: GHSA-7ww5-4wqc-m92c events: - timestamp: 2023-12-21T10:58:30Z From 748271764b4408d863985f5ee58ae5efc3b0c740 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 14:43:39 +0000 Subject: [PATCH 090/115] Adding fixed events for gitleaks (#3213) * Adding Fixed Advisory GHSA-69ch-w2m2-3vjp for gitleaks * Adding Fixed Advisory GHSA-ppp9-7jff-5vj2 for gitleaks --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- gitleaks.advisories.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 gitleaks.advisories.yaml diff --git a/gitleaks.advisories.yaml b/gitleaks.advisories.yaml new file mode 100644 index 000000000..5092e0e5e --- /dev/null +++ b/gitleaks.advisories.yaml @@ -0,0 +1,23 @@ +schema-version: 2.0.2 + +package: + name: gitleaks + +advisories: + - id: CVE-2021-38561 + aliases: + - GHSA-ppp9-7jff-5vj2 + events: + - timestamp: 2024-03-22T13:58:58Z + type: fixed + data: + fixed-version: 8.18.2-r1 + + - id: CVE-2022-32149 + aliases: + - GHSA-69ch-w2m2-3vjp + events: + - timestamp: 2024-03-22T13:58:57Z + type: fixed + data: + fixed-version: 8.18.2-r1 From 03107f19327b075f9a11aa2bb54200381ae1a105 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 15:43:29 +0000 Subject: [PATCH 091/115] Adding detection events for spark-3.5 (#3214) * Adding Advisory GHSA-4265-ccf5-phj5 for spark-3.5 * Adding Advisory GHSA-493p-pfq6-5258 for spark-3.5 * Adding Advisory GHSA-4g9r-vxhx-9pgx for spark-3.5 * Adding Advisory GHSA-4gg5-vx3j-xwc7 for spark-3.5 * Adding Advisory GHSA-5mg8-w23w-74h3 for spark-3.5 * Adding Advisory GHSA-77rm-9x9h-xj3g for spark-3.5 * Adding Advisory GHSA-7g45-4rm6-3mm3 for spark-3.5 * Adding Advisory GHSA-95q3-pppp-r683 for spark-3.5 * Adding Advisory GHSA-9w38-p64v-xpmv for spark-3.5 * Adding Advisory GHSA-c27h-mcmw-48hv for spark-3.5 * Adding Advisory GHSA-fg2v-w576-w4v3 for spark-3.5 * Adding Advisory GHSA-g2fg-mr77-6vrm for spark-3.5 * Adding Advisory GHSA-g5ww-5jh7-63cx for spark-3.5 * Adding Advisory GHSA-gvpg-vgmx-xg6w for spark-3.5 * Adding Advisory GHSA-h4h5-3hr4-j3g2 for spark-3.5 * Adding Advisory GHSA-r6j9-8759-g62w for spark-3.5 * Adding Advisory GHSA-r978-9m6m-6gm6 for spark-3.5 * Adding Advisory GHSA-rcjc-c4pj-xxrp for spark-3.5 * Adding Advisory GHSA-rhrv-645h-fjfh for spark-3.5 * Adding Advisory GHSA-rj7p-rfgp-852x for spark-3.5 * Adding Advisory GHSA-wrvw-hg22-4m67 for spark-3.5 * Adding Advisory GHSA-xjp4-hw94-mvp5 for spark-3.5 --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- spark-3.5.advisories.yaml | 379 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 379 insertions(+) create mode 100644 spark-3.5.advisories.yaml diff --git a/spark-3.5.advisories.yaml b/spark-3.5.advisories.yaml new file mode 100644 index 000000000..da1ab93eb --- /dev/null +++ b/spark-3.5.advisories.yaml @@ -0,0 +1,379 @@ +schema-version: 2.0.2 + +package: + name: spark-3.5 + +advisories: + - id: CVE-2018-1330 + aliases: + - GHSA-95q3-pppp-r683 + events: + - timestamp: 2024-03-22T15:35:57Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: cb7372e7b41a1d4d + componentName: mesos + componentVersion: 1.4.3 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/mesos-1.4.3-shaded-protobuf.jar + scanner: grype + + - id: CVE-2019-0205 + aliases: + - GHSA-rj7p-rfgp-852x + events: + - timestamp: 2024-03-22T15:36:20Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 0954fe60f11d2db6 + componentName: libthrift + componentVersion: 0.12.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/libthrift-0.12.0.jar + scanner: grype + + - id: CVE-2019-10172 + aliases: + - GHSA-r6j9-8759-g62w + events: + - timestamp: 2024-03-22T15:36:10Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 5dd330a31e13299a + componentName: jackson-mapper-asl + componentVersion: 1.9.13 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/jackson-mapper-asl-1.9.13.jar + scanner: grype + + - id: CVE-2019-10202 + aliases: + - GHSA-c27h-mcmw-48hv + events: + - timestamp: 2024-03-22T15:35:59Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 5dd330a31e13299a + componentName: jackson-mapper-asl + componentVersion: 1.9.13 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/jackson-mapper-asl-1.9.13.jar + scanner: grype + + - id: CVE-2020-13949 + aliases: + - GHSA-g2fg-mr77-6vrm + events: + - timestamp: 2024-03-22T15:36:03Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 0954fe60f11d2db6 + componentName: libthrift + componentVersion: 0.12.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/libthrift-0.12.0.jar + scanner: grype + + - id: CVE-2020-8908 + aliases: + - GHSA-5mg8-w23w-74h3 + events: + - timestamp: 2024-03-22T15:35:53Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 62e0331d1b6a85ab + componentName: guava + componentVersion: 30.1.1-jre + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-shaded-guava-1.1.1.jar + scanner: grype + + - id: CVE-2021-22569 + aliases: + - GHSA-wrvw-hg22-4m67 + events: + - timestamp: 2024-03-22T15:36:22Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 05d65a777f236575 + componentName: protobuf-java + componentVersion: 3.3.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/mesos-1.4.3-shaded-protobuf.jar + scanner: grype + + - id: CVE-2021-22570 + aliases: + - GHSA-77rm-9x9h-xj3g + events: + - timestamp: 2024-03-22T15:35:54Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 05d65a777f236575 + componentName: protobuf-java + componentVersion: 3.3.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/mesos-1.4.3-shaded-protobuf.jar + scanner: grype + + - id: CVE-2021-31684 + aliases: + - GHSA-fg2v-w576-w4v3 + events: + - timestamp: 2024-03-22T15:36:01Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: dcd614a72a6218e3 + componentName: json-smart + componentVersion: 1.3.2 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype + + - id: CVE-2022-3171 + aliases: + - GHSA-h4h5-3hr4-j3g2 + events: + - timestamp: 2024-03-22T15:36:08Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 05d65a777f236575 + componentName: protobuf-java + componentVersion: 3.3.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/mesos-1.4.3-shaded-protobuf.jar + scanner: grype + + - id: CVE-2022-3509 + aliases: + - GHSA-g5ww-5jh7-63cx + events: + - timestamp: 2024-03-22T15:36:04Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 05d65a777f236575 + componentName: protobuf-java + componentVersion: 3.3.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/mesos-1.4.3-shaded-protobuf.jar + scanner: grype + + - id: CVE-2022-3510 + aliases: + - GHSA-4gg5-vx3j-xwc7 + events: + - timestamp: 2024-03-22T15:35:52Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 05d65a777f236575 + componentName: protobuf-java + componentVersion: 3.3.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/mesos-1.4.3-shaded-protobuf.jar + scanner: grype + + - id: CVE-2022-46337 + aliases: + - GHSA-rcjc-c4pj-xxrp + events: + - timestamp: 2024-03-22T15:36:15Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 4059c3ac557e290c + componentName: derby + componentVersion: 10.14.2.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/derby-10.14.2.0.jar + scanner: grype + + - id: CVE-2023-1370 + aliases: + - GHSA-493p-pfq6-5258 + events: + - timestamp: 2024-03-22T15:35:50Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: dcd614a72a6218e3 + componentName: json-smart + componentVersion: 1.3.2 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype + + - id: CVE-2023-2976 + aliases: + - GHSA-7g45-4rm6-3mm3 + events: + - timestamp: 2024-03-22T15:35:55Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 62e0331d1b6a85ab + componentName: guava + componentVersion: 30.1.1-jre + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-shaded-guava-1.1.1.jar + scanner: grype + + - id: CVE-2023-39410 + aliases: + - GHSA-rhrv-645h-fjfh + events: + - timestamp: 2024-03-22T15:36:17Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 777252f11bc4cb19 + componentName: avro + componentVersion: 1.7.7 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype + + - id: CVE-2023-52428 + aliases: + - GHSA-gvpg-vgmx-xg6w + events: + - timestamp: 2024-03-22T15:36:06Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: f9e3959f7fa07432 + componentName: nimbus-jose-jwt + componentVersion: 9.8.1 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype + + - id: CVE-2024-23944 + aliases: + - GHSA-r978-9m6m-6gm6 + events: + - timestamp: 2024-03-22T15:36:13Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 443de83060a0cff6 + componentName: zookeeper + componentVersion: 3.7.2 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/zookeeper-3.7.2.jar + scanner: grype + + - id: CVE-2024-25710 + aliases: + - GHSA-4g9r-vxhx-9pgx + events: + - timestamp: 2024-03-22T15:35:51Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: f411c933c542e09c + componentName: commons-compress + componentVersion: "1.21" + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype + + - id: CVE-2024-26308 + aliases: + - GHSA-4265-ccf5-phj5 + events: + - timestamp: 2024-03-22T15:35:50Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: f411c933c542e09c + componentName: commons-compress + componentVersion: "1.21" + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype + + - id: CVE-2024-29131 + aliases: + - GHSA-xjp4-hw94-mvp5 + events: + - timestamp: 2024-03-22T15:36:25Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 79d9edf4e5ff5bf6 + componentName: commons-configuration2 + componentVersion: 2.8.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype + + - id: CVE-2024-29133 + aliases: + - GHSA-9w38-p64v-xpmv + events: + - timestamp: 2024-03-22T15:35:58Z + type: detection + data: + type: scan/v1 + data: + subpackageName: spark-3.5 + componentID: 79d9edf4e5ff5bf6 + componentName: commons-configuration2 + componentVersion: 2.8.0 + componentType: java-archive + componentLocation: /usr/lib/spark/jars/hadoop-client-runtime-3.3.6.jar + scanner: grype From 8e79b92fca58c7e2a3954d9ff6906b3d6d694d28 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 15:43:31 +0000 Subject: [PATCH 092/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for flux-helm-controller (#3215) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- flux-helm-controller.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/flux-helm-controller.advisories.yaml b/flux-helm-controller.advisories.yaml index 283429d45..5bcf793b7 100644 --- a/flux-helm-controller.advisories.yaml +++ b/flux-helm-controller.advisories.yaml @@ -106,6 +106,15 @@ advisories: data: fixed-version: 0.37.1-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T15:42:09Z + type: fixed + data: + fixed-version: 0.37.4-r5 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From d1df1010356360055087ca8ab64bc2ea42b2a443 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 16:43:16 +0000 Subject: [PATCH 093/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for katib-controller (#3216) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kubeflow-katib.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/kubeflow-katib.advisories.yaml b/kubeflow-katib.advisories.yaml index 63c203b69..d8854e526 100644 --- a/kubeflow-katib.advisories.yaml +++ b/kubeflow-katib.advisories.yaml @@ -95,6 +95,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/katib-controller scanner: grype + - timestamp: 2024-03-22T16:08:07Z + type: fixed + data: + fixed-version: 0.16.0-r7 - id: CVE-2024-24783 aliases: From 946afa5d3a4eec6beafbb4fc566696ca1d6ea232 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Fri, 22 Mar 2024 18:43:43 +0000 Subject: [PATCH 094/115] Adding detection events for temporal-server (#3218) * Adding Advisory GHSA-7jwh-3vrq-q3m8 for temporal-server * Adding Advisory GHSA-mrww-27vc-gghv for temporal-server --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- temporal-server.advisories.yaml | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/temporal-server.advisories.yaml b/temporal-server.advisories.yaml index cec1c1084..ff4d13cfa 100644 --- a/temporal-server.advisories.yaml +++ b/temporal-server.advisories.yaml @@ -112,3 +112,35 @@ advisories: type: fixed data: fixed-version: 1.22.6-r2 + + - id: CVE-2024-27304 + aliases: + - GHSA-mrww-27vc-gghv + events: + - timestamp: 2024-03-22T18:37:58Z + type: detection + data: + type: scan/v1 + data: + subpackageName: temporal-server + componentID: b4b041513ae9fdd7 + componentName: github.com/jackc/pgx/v5 + componentVersion: v5.4.3 + componentType: go-module + componentLocation: /usr/bin/temporal-server + scanner: grype + + - id: GHSA-7jwh-3vrq-q3m8 + events: + - timestamp: 2024-03-22T18:37:55Z + type: detection + data: + type: scan/v1 + data: + subpackageName: temporal-server + componentID: b4b041513ae9fdd7 + componentName: github.com/jackc/pgx/v5 + componentVersion: v5.4.3 + componentType: go-module + componentLocation: /usr/bin/temporal-server + scanner: grype From 9771d083a36becf0f988671d553e985d826804cf Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 23 Mar 2024 12:01:35 +0100 Subject: [PATCH 095/115] Adding Advisory GHSA-xw73-rw38-6vjc for scorecard (#3207) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- scorecard.advisories.yaml | 21 ++++++++++++++++++++- 1 file changed, 20 insertions(+), 1 deletion(-) diff --git a/scorecard.advisories.yaml b/scorecard.advisories.yaml index d31c8d2ba..93026cc80 100644 --- a/scorecard.advisories.yaml +++ b/scorecard.advisories.yaml @@ -196,6 +196,23 @@ advisories: componentLocation: /usr/bin/scorecard scanner: grype + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-22T13:33:30Z + type: detection + data: + type: scan/v1 + data: + subpackageName: scorecard + componentID: 8fd9f63738b717a6 + componentName: github.com/docker/docker + componentVersion: v24.0.4+incompatible + componentType: go-module + componentLocation: /usr/bin/scorecard + scanner: grype + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -223,7 +240,9 @@ advisories: data: fixed-version: 4.13.1-r2 - - id: GHSA-8r3f-844c-mc37 + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 events: - timestamp: 2024-03-14T13:19:32Z type: detection From c7982e39e7daf6ef911d0eb4e525d371341e600c Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 23 Mar 2024 12:05:32 +0100 Subject: [PATCH 096/115] Adding fixed events for temporal-sql-tool (#3217) * Adding Fixed Advisory GHSA-8pgv-569h-w5rw for temporal-sql-tool * Update temporal-server.advisories.yaml Signed-off-by: Carlos Tadeu Panato Junior --------- Signed-off-by: Carlos Tadeu Panato Junior Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> Co-authored-by: Carlos Tadeu Panato Junior --- temporal-server.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/temporal-server.advisories.yaml b/temporal-server.advisories.yaml index ff4d13cfa..b26cccfcd 100644 --- a/temporal-server.advisories.yaml +++ b/temporal-server.advisories.yaml @@ -55,6 +55,10 @@ advisories: data: note: | We faced issues with "otlpmetricgrpc@v0.44.0/internal/transform/metricdata.go:108:18:undefined: metricdata.ExponentialHistogram" when upgrading otlpmetricgrpc to v0.46.0. It has some strict dependencies in the source code common/telemetry using an old version and thus this fix will require some code changes in upstream. + - timestamp: 2024-03-22T18:37:56Z + type: fixed + data: + fixed-version: 1.23.0-r0 - id: CVE-2023-48795 aliases: From 617a15cf71836d42dec5d1a25609fbdaee585c79 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 23 Mar 2024 11:06:12 +0000 Subject: [PATCH 097/115] Adding Advisory GHSA-2vgg-9h6w-m454 for argo-cd-2.7 (#3225) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- argo-cd-2.7.advisories.yaml | 15 +++++++++++++++ 1 file changed, 15 insertions(+) diff --git a/argo-cd-2.7.advisories.yaml b/argo-cd-2.7.advisories.yaml index c126eff8c..1d7fee1c2 100644 --- a/argo-cd-2.7.advisories.yaml +++ b/argo-cd-2.7.advisories.yaml @@ -249,6 +249,21 @@ advisories: componentLocation: /usr/bin/argocd scanner: grype + - id: GHSA-2vgg-9h6w-m454 + events: + - timestamp: 2024-03-23T07:06:33Z + type: detection + data: + type: scan/v1 + data: + subpackageName: argo-cd-2.7 + componentID: 017ef98c4182ad84 + componentName: github.com/argoproj/argo-cd/v2 + componentVersion: v2.7.17 + componentType: go-module + componentLocation: /usr/bin/argocd + scanner: grype + - id: GHSA-6xv5-86q9-7xr8 events: - timestamp: 2023-09-09T15:17:59Z From b7e8852a8ed17b2fc889e6b739948aabb0b21adf Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 23 Mar 2024 11:06:35 +0000 Subject: [PATCH 098/115] Adding Fixed Advisory GHSA-55m3-44xf-hg4h for py3-oauthenticator (#3227) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- py3-oauthenticator.advisories.yaml | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 py3-oauthenticator.advisories.yaml diff --git a/py3-oauthenticator.advisories.yaml b/py3-oauthenticator.advisories.yaml new file mode 100644 index 000000000..f67382ec0 --- /dev/null +++ b/py3-oauthenticator.advisories.yaml @@ -0,0 +1,14 @@ +schema-version: 2.0.2 + +package: + name: py3-oauthenticator + +advisories: + - id: CVE-2024-29033 + aliases: + - GHSA-55m3-44xf-hg4h + events: + - timestamp: 2024-03-23T11:02:16Z + type: fixed + data: + fixed-version: 16.3.0-r0 From 1710e18f178c8403fe01f74b16a3570b2a6caf5a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 23 Mar 2024 11:06:51 +0000 Subject: [PATCH 099/115] Adding Advisory GHSA-xw73-rw38-6vjc for istio-pilot-discovery-1.20 (#3226) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- istio-pilot-discovery-1.20.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/istio-pilot-discovery-1.20.advisories.yaml b/istio-pilot-discovery-1.20.advisories.yaml index b9a026336..48ca67e6a 100644 --- a/istio-pilot-discovery-1.20.advisories.yaml +++ b/istio-pilot-discovery-1.20.advisories.yaml @@ -53,6 +53,23 @@ advisories: data: fixed-version: 1.20.2-r3 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-23T08:01:43Z + type: detection + data: + type: scan/v1 + data: + subpackageName: istio-pilot-discovery-1.20 + componentID: 121f21f662b2e868 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/pilot-discovery + scanner: grype + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From 4b7efaa0892b6c4dfdcae9d35b3da8d8bf76310a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 23 Mar 2024 14:43:35 +0000 Subject: [PATCH 100/115] Adding detection events for neo4j (#3228) * Adding Advisory GHSA-9w38-p64v-xpmv for neo4j * Adding Advisory GHSA-xjp4-hw94-mvp5 for neo4j --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- neo4j.advisories.yaml | 34 ++++++++++++++++++++++++++++++++++ 1 file changed, 34 insertions(+) diff --git a/neo4j.advisories.yaml b/neo4j.advisories.yaml index 7e3dafc9b..51777719f 100644 --- a/neo4j.advisories.yaml +++ b/neo4j.advisories.yaml @@ -83,3 +83,37 @@ advisories: type: fixed data: fixed-version: 5.18.0-r0 + + - id: CVE-2024-29131 + aliases: + - GHSA-xjp4-hw94-mvp5 + events: + - timestamp: 2024-03-23T13:02:02Z + type: detection + data: + type: scan/v1 + data: + subpackageName: neo4j + componentID: fd212276536299ae + componentName: commons-configuration2 + componentVersion: 2.9.0 + componentType: java-archive + componentLocation: /usr/share/java/neo4j/lib/commons-configuration2-2.9.0.jar + scanner: grype + + - id: CVE-2024-29133 + aliases: + - GHSA-9w38-p64v-xpmv + events: + - timestamp: 2024-03-23T13:02:01Z + type: detection + data: + type: scan/v1 + data: + subpackageName: neo4j + componentID: fd212276536299ae + componentName: commons-configuration2 + componentVersion: 2.9.0 + componentType: java-archive + componentLocation: /usr/share/java/neo4j/lib/commons-configuration2-2.9.0.jar + scanner: grype From 880a6197085bd99d9c78e5849b7e1b45e05deecd Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Sat, 23 Mar 2024 15:43:30 +0000 Subject: [PATCH 101/115] Adding fixed events for helm-operator (#3229) * Adding Fixed Advisory GHSA-8r3f-844c-mc37 for helm-operator * Adding Fixed Advisory GHSA-xw73-rw38-6vjc for helm-operator --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- helm-operator.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/helm-operator.advisories.yaml b/helm-operator.advisories.yaml index 24443166b..d0f246a4d 100644 --- a/helm-operator.advisories.yaml +++ b/helm-operator.advisories.yaml @@ -39,6 +39,15 @@ advisories: data: fixed-version: 1.34.1-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-23T15:15:55Z + type: fixed + data: + fixed-version: 1.34.1-r2 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp @@ -66,6 +75,15 @@ advisories: data: fixed-version: 1.34.1-r1 + - id: CVE-2024-24786 + aliases: + - GHSA-8r3f-844c-mc37 + events: + - timestamp: 2024-03-23T15:15:54Z + type: fixed + data: + fixed-version: 1.34.1-r2 + - id: CVE-2024-25620 aliases: - GHSA-v53g-5gjp-272r From f73b20b6b74b358b1cd6651e4307bdf725314ba1 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 14:43:27 +0000 Subject: [PATCH 102/115] Adding Advisory GHSA-mq39-4gv4-mvpx for cilium-cli (#3230) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cilium-cli.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cilium-cli.advisories.yaml b/cilium-cli.advisories.yaml index 1a100eec6..7b2c8b086 100644 --- a/cilium-cli.advisories.yaml +++ b/cilium-cli.advisories.yaml @@ -105,6 +105,23 @@ advisories: data: fixed-version: 0.15.23-r2 + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-25T09:22:18Z + type: detection + data: + type: scan/v1 + data: + subpackageName: cilium-cli + componentID: 8758da7de28199e7 + componentName: github.com/docker/docker + componentVersion: v25.0.3+incompatible + componentType: go-module + componentLocation: /usr/bin/cilium + scanner: grype + - id: GHSA-7ww5-4wqc-m92c events: - timestamp: 2024-01-25T07:12:56Z From 9963bcef8012d9dfb6b377ca3d8c863cecf198f9 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 14:43:28 +0000 Subject: [PATCH 103/115] Adding Advisory GHSA-xw73-rw38-6vjc for cmctl-1.12 (#3231) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- cert-manager-1.12.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/cert-manager-1.12.advisories.yaml b/cert-manager-1.12.advisories.yaml index 629fce1d4..bb193ad30 100644 --- a/cert-manager-1.12.advisories.yaml +++ b/cert-manager-1.12.advisories.yaml @@ -78,6 +78,23 @@ advisories: data: fixed-version: 1.12.7-r2 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-25T10:04:27Z + type: detection + data: + type: scan/v1 + data: + subpackageName: cmctl-1.12 + componentID: 69719a35eed06ed4 + componentName: github.com/docker/docker + componentVersion: v24.0.7+incompatible + componentType: go-module + componentLocation: /usr/bin/cmctl + scanner: grype + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From f4d2b4aae3d7152577ef6e2a7d8ff2901708d108 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 14:43:29 +0000 Subject: [PATCH 104/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for skaffold (#3232) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- skaffold.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/skaffold.advisories.yaml b/skaffold.advisories.yaml index adfb4c6ca..2de8e69c8 100644 --- a/skaffold.advisories.yaml +++ b/skaffold.advisories.yaml @@ -208,6 +208,15 @@ advisories: data: note: Upgrading buildkit to a non-vulnerable version requires to bump github.com/docker/docker to v25.0.3 (currently using v24.0.7) and as a consequence needs multiple code changes to adapt the source code to this new version. + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-25T14:36:15Z + type: fixed + data: + fixed-version: 2.10.1-r3 + - id: CVE-2024-24783 aliases: - GHSA-3q2c-pvp5-3cqp From 782263787a0c8f14d5bfc79d4996b32799aab8fd Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 16:43:31 +0000 Subject: [PATCH 105/115] Adding Fixed Advisory GHSA-8r3f-844c-mc37 for newrelic-nri-kube-events (#3233) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- newrelic-nri-kube-events.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/newrelic-nri-kube-events.advisories.yaml b/newrelic-nri-kube-events.advisories.yaml index 4a8ead352..f1b2f4761 100644 --- a/newrelic-nri-kube-events.advisories.yaml +++ b/newrelic-nri-kube-events.advisories.yaml @@ -40,3 +40,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/nri-kube-events scanner: grype + - timestamp: 2024-03-25T16:41:26Z + type: fixed + data: + fixed-version: 2.9.3-r0 From 746cac34cf5e1d5221f0fa8faf658d932202de77 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 16:43:32 +0000 Subject: [PATCH 106/115] Adding Fixed Advisory GHSA-xw73-rw38-6vjc for kots (#3234) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kots.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/kots.advisories.yaml b/kots.advisories.yaml index 78dbcbd8f..6d6cd3a3e 100644 --- a/kots.advisories.yaml +++ b/kots.advisories.yaml @@ -159,6 +159,15 @@ advisories: data: fixed-version: 1.107.0-r1 + - id: CVE-2024-24557 + aliases: + - GHSA-xw73-rw38-6vjc + events: + - timestamp: 2024-03-25T16:41:27Z + type: fixed + data: + fixed-version: 1.108.2-r0 + - id: CVE-2024-24786 aliases: - GHSA-8r3f-844c-mc37 From f020479551156f1d0ba980aaeeacc3b3d6c3835a Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 19:43:32 +0000 Subject: [PATCH 107/115] Adding detection events for aws-cli-v2 (#3236) * Adding Advisory CVE-2023-6597 for aws-cli-v2 * Adding Advisory CVE-2024-0450 for aws-cli-v2 --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- aws-cli-v2.advisories.yaml | 39 ++++++++++++++++++++++++++++++++++++++ 1 file changed, 39 insertions(+) create mode 100644 aws-cli-v2.advisories.yaml diff --git a/aws-cli-v2.advisories.yaml b/aws-cli-v2.advisories.yaml new file mode 100644 index 000000000..ecdb5cebb --- /dev/null +++ b/aws-cli-v2.advisories.yaml @@ -0,0 +1,39 @@ +schema-version: 2.0.2 + +package: + name: aws-cli-v2 + +advisories: + - id: CVE-2023-6597 + aliases: + - GHSA-797f-63wg-8chv + events: + - timestamp: 2024-03-25T18:52:05Z + type: detection + data: + type: scan/v1 + data: + subpackageName: aws-cli-v2 + componentID: d308222d66b99a12 + componentName: python + componentVersion: 3.11.8 + componentType: binary + componentLocation: /usr/lib/aws-cli/libpython3.11.so.1.0 + scanner: grype + + - id: CVE-2024-0450 + aliases: + - GHSA-jm46-725r-hh9v + events: + - timestamp: 2024-03-25T18:52:06Z + type: detection + data: + type: scan/v1 + data: + subpackageName: aws-cli-v2 + componentID: d308222d66b99a12 + componentName: python + componentVersion: 3.11.8 + componentType: binary + componentLocation: /usr/lib/aws-cli/libpython3.11.so.1.0 + scanner: grype From 06b792a4d39231e18856ff94fa91b86ef81eb05f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Furkan=20T=C3=BCrkal?= Date: Mon, 25 Mar 2024 23:41:53 +0300 Subject: [PATCH 108/115] advisory for confluent-kafka (#3235) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Signed-off-by: Furkan Türkal --- confluent-kafka.advisories.yaml | 23 +++++++++++++++++++++++ 1 file changed, 23 insertions(+) create mode 100644 confluent-kafka.advisories.yaml diff --git a/confluent-kafka.advisories.yaml b/confluent-kafka.advisories.yaml new file mode 100644 index 000000000..f63b2da4a --- /dev/null +++ b/confluent-kafka.advisories.yaml @@ -0,0 +1,23 @@ +schema-version: 2.0.2 + +package: + name: confluent-kafka + +advisories: + - id: CVE-2023-51775 + aliases: + - GHSA-6qvw-249j-h44c + events: + - timestamp: 2024-03-25T18:13:26Z + type: pending-upstream-fix + data: + note: Confluent should publish the latest version of common package to their maven repository. They do not have any jars/poms past 7.6.x but they have 7.7.x tags in their GitHub repository. + + - id: CVE-2024-23944 + aliases: + - GHSA-r978-9m6m-6gm6 + events: + - timestamp: 2024-03-25T18:14:57Z + type: pending-upstream-fix + data: + note: Confluent should publish the latest version of common package to their maven repository. They do not have any jars/poms past 7.6.x but they have 7.7.x tags in their GitHub repository. From bd6ce20186cd20e498ce9875da02eb1a3e7e1d48 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Mon, 25 Mar 2024 22:43:14 +0000 Subject: [PATCH 109/115] Adding Fixed Advisory GHSA-mq39-4gv4-mvpx for syft (#3237) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- syft.advisories.yaml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/syft.advisories.yaml b/syft.advisories.yaml index 9ee567438..d92694bba 100644 --- a/syft.advisories.yaml +++ b/syft.advisories.yaml @@ -71,6 +71,15 @@ advisories: componentLocation: /usr/bin/syft scanner: grype + - id: CVE-2024-29018 + aliases: + - GHSA-mq39-4gv4-mvpx + events: + - timestamp: 2024-03-25T21:45:34Z + type: fixed + data: + fixed-version: 1.1.0-r0 + - id: GHSA-9763-4f94-gfch events: - timestamp: 2024-01-12T07:21:43Z From 254e0cfbb556c3a12b59117f8dca926656e20c33 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 07:43:27 +0000 Subject: [PATCH 110/115] Adding Advisory GHSA-rv95-896h-c2vc for kubeflow-pipelines-frontend (#3238) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- kubeflow-pipelines.advisories.yaml | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/kubeflow-pipelines.advisories.yaml b/kubeflow-pipelines.advisories.yaml index 03391a2b1..5fd90f634 100644 --- a/kubeflow-pipelines.advisories.yaml +++ b/kubeflow-pipelines.advisories.yaml @@ -441,6 +441,23 @@ advisories: data: fixed-version: 2.0.5-r5 + - id: CVE-2024-29041 + aliases: + - GHSA-rv95-896h-c2vc + events: + - timestamp: 2024-03-26T07:38:45Z + type: detection + data: + type: scan/v1 + data: + subpackageName: kubeflow-pipelines-frontend + componentID: 867d448592ecd82c + componentName: express + componentVersion: 4.17.3 + componentType: npm + componentLocation: /server/node_modules/express/package.json + scanner: grype + - id: GHSA-2jcg-qqmg-46q6 events: - timestamp: 2023-11-01T07:13:06Z From 145737523b906476d3f6da9c23481f489218acc4 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 07:43:29 +0000 Subject: [PATCH 111/115] Adding fixed events for temporal-server (#3239) * Adding Fixed Advisory GHSA-7jwh-3vrq-q3m8 for temporal-server * Adding Fixed Advisory GHSA-mrww-27vc-gghv for temporal-server --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- temporal-server.advisories.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/temporal-server.advisories.yaml b/temporal-server.advisories.yaml index b26cccfcd..339fb3605 100644 --- a/temporal-server.advisories.yaml +++ b/temporal-server.advisories.yaml @@ -133,6 +133,10 @@ advisories: componentType: go-module componentLocation: /usr/bin/temporal-server scanner: grype + - timestamp: 2024-03-26T07:41:41Z + type: fixed + data: + fixed-version: 1.23.0-r1 - id: GHSA-7jwh-3vrq-q3m8 events: @@ -148,3 +152,7 @@ advisories: componentType: go-module componentLocation: /usr/bin/temporal-server scanner: grype + - timestamp: 2024-03-26T07:41:40Z + type: fixed + data: + fixed-version: 1.23.0-r1 From 966fb0190c060b3606010b465cda74a1b3864c4d Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 08:43:30 +0000 Subject: [PATCH 112/115] Adding detection events for python-3.12-base (#3240) * Adding Advisory CVE-2023-6597 for python-3.12-base * Adding Advisory CVE-2024-0450 for python-3.12-base --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- python-3.12.advisories.yaml | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) diff --git a/python-3.12.advisories.yaml b/python-3.12.advisories.yaml index dd1596ddd..8a1aa63a1 100644 --- a/python-3.12.advisories.yaml +++ b/python-3.12.advisories.yaml @@ -1,4 +1,4 @@ -schema-version: "2" +schema-version: 2.0.2 package: name: python-3.12 @@ -52,3 +52,37 @@ advisories: data: type: vulnerability-record-analysis-contested note: The vendor's perspective is that this is neither a vulnerability nor a bug. + + - id: CVE-2023-6597 + aliases: + - GHSA-797f-63wg-8chv + events: + - timestamp: 2024-03-26T08:39:21Z + type: detection + data: + type: scan/v1 + data: + subpackageName: python-3.12-base + componentID: 0a3425e789d2fa2a + componentName: python + componentVersion: 3.12.2 + componentType: binary + componentLocation: /usr/bin/python3.12, /usr/lib/libpython3.12.so.1.0 + scanner: grype + + - id: CVE-2024-0450 + aliases: + - GHSA-jm46-725r-hh9v + events: + - timestamp: 2024-03-26T08:39:22Z + type: detection + data: + type: scan/v1 + data: + subpackageName: python-3.12-base + componentID: 0a3425e789d2fa2a + componentName: python + componentVersion: 3.12.2 + componentType: binary + componentLocation: /usr/bin/python3.12, /usr/lib/libpython3.12.so.1.0 + scanner: grype From 3a17d8fca2d2b6a2962b23e7d115a15f66626f26 Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:43:27 +0000 Subject: [PATCH 113/115] Adding Fixed Advisory GHSA-78xj-cgh5-2h22 for node-gyp (#3241) Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- node-gyp.advisories.yaml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/node-gyp.advisories.yaml b/node-gyp.advisories.yaml index 96c6cb209..6dc85789f 100644 --- a/node-gyp.advisories.yaml +++ b/node-gyp.advisories.yaml @@ -20,3 +20,7 @@ advisories: componentType: npm componentLocation: /usr/lib/node_modules/node-gyp/node_modules/ip/package.json scanner: grype + - timestamp: 2024-03-26T12:38:12Z + type: fixed + data: + fixed-version: 10.1.0-r0 From 38759a400c05633426fd9f4546bae57c8f8bd2ae Mon Sep 17 00:00:00 2001 From: "octo-sts[bot]" <157150467+octo-sts[bot]@users.noreply.github.com> Date: Tue, 26 Mar 2024 13:43:28 +0000 Subject: [PATCH 114/115] Adding fixed events for python-3.10 (#3242) * Adding Fixed Advisory CVE-2023-6597 for python-3.10 * Adding Fixed Advisory CVE-2024-0450 for python-3.10 --------- Co-authored-by: octo-sts[bot] <101908552+octo-sts@users.noreply.github.com> --- python-3.10.advisories.yaml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/python-3.10.advisories.yaml b/python-3.10.advisories.yaml index 88c96aa31..c24060f57 100644 --- a/python-3.10.advisories.yaml +++ b/python-3.10.advisories.yaml @@ -64,3 +64,21 @@ advisories: data: type: vulnerability-record-analysis-contested note: The vendor's perspective is that this is neither a vulnerability nor a bug. + + - id: CVE-2023-6597 + aliases: + - GHSA-797f-63wg-8chv + events: + - timestamp: 2024-03-26T12:39:08Z + type: fixed + data: + fixed-version: 3.10.14-r0 + + - id: CVE-2024-0450 + aliases: + - GHSA-jm46-725r-hh9v + events: + - timestamp: 2024-03-26T12:39:09Z + type: fixed + data: + fixed-version: 3.10.14-r0 From 52de36de867d796ec89aa2bf52101b7d74c63c94 Mon Sep 17 00:00:00 2001 From: Carlos Tadeu Panato Junior Date: Tue, 26 Mar 2024 16:03:06 +0100 Subject: [PATCH 115/115] add job to export advisories in the OSV format (#3243) --- .github/workflows/build-and-publish-osv.yaml | 43 ++++++++++++++++++++ 1 file changed, 43 insertions(+) create mode 100644 .github/workflows/build-and-publish-osv.yaml diff --git a/.github/workflows/build-and-publish-osv.yaml b/.github/workflows/build-and-publish-osv.yaml new file mode 100644 index 000000000..9bcb24049 --- /dev/null +++ b/.github/workflows/build-and-publish-osv.yaml @@ -0,0 +1,43 @@ +name: Build and publish OSV + +on: + push: + branches: + - main + workflow_dispatch: + +jobs: + build-publish: + name: Build and publish OSV + runs-on: ubuntu-latest + if: github.repository == 'wolfi-dev/advisories' + + permissions: + id-token: write + contents: read + + steps: + - uses: actions/checkout@v4 + + - uses: wolfi-dev/actions/build-and-publish-osv@main + with: + workload_identity_provider: "projects/618116202522/locations/global/workloadIdentityPools/prod-shared-e350/providers/prod-shared-gha" + service_account: "prod-images-ci@prod-images-c6e5.iam.gserviceaccount.com" + gcp_project_id: prod-images-c6e5 + wolfictl_args: "--ecosystem wolfi --advisories-repo-dir ." + gcs_apk_bucket_name: wolfi-production-registry-destination + gcs_apk_directory_name: os + + - name: Post failure notice to Slack + uses: rtCamp/action-slack-notify@4e5fb42d249be6a45a298f3c9543b111b02f7907 # ratchet:rtCamp/action-slack-notify@v2.3.0 + if: ${{ failure() }} + env: + SLACK_ICON: http://github.com/chainguard-dev.png?size=48 + SLACK_USERNAME: guardian + SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }} + SLACK_CHANNEL: 'eng-squad-lifecycle-alerts' + SLACK_COLOR: '#8E1600' + MSG_MINIMAL: 'true' + SLACK_TITLE: Build/Publish YAML for ${{ github.repository }} failed! + SLACK_MESSAGE: | + For detailed logs: https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}