data/reports: review GO-2024-3181
- data/reports/GO-2024-3181.yaml
Fixes golang/vulndb#3181
Fixes golang/vulndb#3388
Change-Id: I13ed687b23ac3a1cd83076b6d720dc717386628d
Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/645255
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
Auto-Submit: Tatiana Bradley <tatianabradley@google.com>
Reviewed-by: Damien Neil <dneil@google.com>
diff --git a/data/osv/GO-2024-3181.json b/data/osv/GO-2024-3181.json
index d36b42c..79dd3a1 100644
--- a/data/osv/GO-2024-3181.json
+++ b/data/osv/GO-2024-3181.json
@@ -8,7 +8,7 @@
"GHSA-x5q3-c8rm-w787"
],
"summary": "PAM module may allow accessing with the credentials of another user in github.com/ubuntu/authd",
- "details": "PAM module may allow accessing with the credentials of another user in github.com/ubuntu/authd.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/ubuntu/authd before v0.0.0-20240930103526-63e527496b01.",
+ "details": "PAM module may allow accessing with the credentials of another user in github.com/ubuntu/authd",
"affected": [
{
"package": {
@@ -21,25 +21,14 @@
"events": [
{
"introduced": "0"
+ },
+ {
+ "fixed": "0.3.5"
}
]
}
],
- "ecosystem_specific": {
- "custom_ranges": [
- {
- "type": "ECOSYSTEM",
- "events": [
- {
- "introduced": "0"
- },
- {
- "fixed": "0.0.0-20240930103526-63e527496b01"
- }
- ]
- }
- ]
- }
+ "ecosystem_specific": {}
}
],
"references": [
@@ -48,20 +37,12 @@
"url": "https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787"
},
{
- "type": "ADVISORY",
- "url": "https://nvd.nist.gov/vuln/detail/CVE-2024-9313"
- },
- {
- "type": "ADVISORY",
- "url": "https://www.cve.org/CVERecord?id=CVE-2024-9313"
- },
- {
"type": "FIX",
"url": "https://github.com/ubuntu/authd/commit/63e527496b013bed46904c1c58be593c13ebdce5"
}
],
"database_specific": {
"url": "https://pkg.go.dev/vuln/GO-2024-3181",
- "review_status": "UNREVIEWED"
+ "review_status": "REVIEWED"
}
}
\ No newline at end of file
diff --git a/data/reports/GO-2024-3181.yaml b/data/reports/GO-2024-3181.yaml
index 3b2e62f..83f9935 100644
--- a/data/reports/GO-2024-3181.yaml
+++ b/data/reports/GO-2024-3181.yaml
@@ -1,20 +1,19 @@
id: GO-2024-3181
modules:
- module: github.com/ubuntu/authd
- non_go_versions:
- - fixed: 0.0.0-20240930103526-63e527496b01
- vulnerable_at: 0.0.0-20230706090440-d8cb2d561419
-summary: PAM module may allow accessing with the credentials of another user in github.com/ubuntu/authd
+ versions:
+ - fixed: 0.3.5
+ vulnerable_at: 0.3.4
+summary: |
+ PAM module may allow accessing with the credentials of another user in github.com/ubuntu/authd
cves:
- CVE-2024-9313
ghsas:
- GHSA-x5q3-c8rm-w787
references:
- advisory: https://github.com/ubuntu/authd/security/advisories/GHSA-x5q3-c8rm-w787
- - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-9313
- - advisory: https://www.cve.org/CVERecord?id=CVE-2024-9313
- fix: https://github.com/ubuntu/authd/commit/63e527496b013bed46904c1c58be593c13ebdce5
source:
id: GHSA-x5q3-c8rm-w787
- created: 2024-10-08T10:54:15.521922-04:00
-review_status: UNREVIEWED
+ created: 2025-01-29T09:42:10.825233-05:00
+review_status: REVIEWED
