data/reports/GO-2023-1699.yaml

id: GO-2023-1699
modules:
    - module: github.com/docker/docker
      versions:
        - introduced: 1.12.0
        - fixed: 20.10.24+incompatible
        - introduced: 23.0.0+incompatible
        - fixed: 23.0.3+incompatible
      vulnerable_at: 23.0.2+incompatible
summary: Docker Swarm encrypted overlay network may be unauthenticated in github.com/docker/docker
cves:
    - CVE-2023-28840
ghsas:
    - GHSA-232p-vwff-86mp
references:
    - advisory: https://github.com/moby/moby/security/advisories/GHSA-232p-vwff-86mp
    - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-28840
    - web: https://github.com/moby/libnetwork/security/advisories/GHSA-gvm4-2qqg-m333
    - web: https://github.com/moby/moby/issues/43382
    - web: https://github.com/moby/moby/pull/45118
    - web: https://github.com/moby/moby/security/advisories/GHSA-33pg-m6jh-5237
    - web: https://github.com/moby/moby/security/advisories/GHSA-6wrf-mxfj-pf5p
    - web: https://github.com/moby/moby/security/advisories/GHSA-vwm3-crmr-xfxw
source:
    id: GHSA-232p-vwff-86mp
    created: 2024-08-20T11:39:59.101185-04:00
review_status: UNREVIEWED
unexcluded: EFFECTIVELY_PRIVATE