| id: GO-2023-1925 |
| modules: |
| - module: github.com/weaveworks/tf-controller |
| versions: |
| - fixed: 0.14.4 |
| - introduced: 0.15.0-rc.1 |
| - fixed: 0.15.0-rc.5 |
| vulnerable_at: 0.15.0-rc.4 |
| summary: Weave GitOps Terraform Controller Information Disclosure Vulnerability in github.com/weaveworks/tf-controller |
| cves: |
| - CVE-2023-34236 |
| ghsas: |
| - GHSA-6hvv-j432-23cv |
| references: |
| - advisory: https://github.com/weaveworks/tf-controller/security/advisories/GHSA-6hvv-j432-23cv |
| - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-34236 |
| - fix: https://github.com/weaveworks/tf-controller/commit/28282bc644054e157c3b9a3d38f1f9551ce09074 |
| - fix: https://github.com/weaveworks/tf-controller/commit/6323b355bd7f5d2ce85d0244fe0883af3881df4e |
| - fix: https://github.com/weaveworks/tf-controller/commit/9708fda28ccd0466cb0a8fd409854ab4d92f7dca |
| - fix: https://github.com/weaveworks/tf-controller/commit/98a0688036e9dbcf43fa84960d9a1ef3e09a69cf |
| - report: https://github.com/weaveworks/tf-controller/issues/637 |
| - report: https://github.com/weaveworks/tf-controller/issues/649 |
| source: |
| id: GHSA-6hvv-j432-23cv |
| created: 2024-08-20T11:52:10.908462-04:00 |
| review_status: UNREVIEWED |
| unexcluded: EFFECTIVELY_PRIVATE |
