data/reports/GO-2024-3102.yaml - vulndb - Git at Google

 id: GO-2024-3102
 modules:
     - module: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
       versions:
         - introduced: 0.49.0
         - fixed: 0.108.0
       vulnerable_at: 0.107.0
 summary: |-
     OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass
     Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
 cves:
     - CVE-2024-45043
 ghsas:
     - GHSA-prf6-xjxh-p698
 references:
     - advisory: https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-prf6-xjxh-p698
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45043
     - web: https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-http
     - web: https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html
     - web: https://github.com/open-telemetry/opentelemetry-collector#alpha
     - web: https://github.com/open-telemetry/opentelemetry-collector-contrib/commit/371bf6afbd7cfa3253fa1674f5444064e86ef0ac
     - web: https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34847
     - web: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/awsfirehosereceiver
     - web: https://github.com/open-telemetry/opentelemetry-collector-releases/pull/74
     - web: https://github.com/open-telemetry/opentelemetry-collector-releases/releases/tag/v0.108.0
     - web: https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol-contrib
 source:
     id: GHSA-prf6-xjxh-p698
     created: 2024-08-30T11:50:01.407659-04:00
 review_status: UNREVIEWED
	id: GO-2024-3102
	modules:
	- module: github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
	versions:
	- introduced: 0.49.0
	- fixed: 0.108.0
	vulnerable_at: 0.107.0
	summary: \|-
	OpenTelemetry Collector module AWS Firehose Receiver Authentication Bypass
	Vulnerability in github.com/open-telemetry/opentelemetry-collector-contrib/receiver/awsfirehosereceiver
	cves:
	- CVE-2024-45043
	ghsas:
	- GHSA-prf6-xjxh-p698
	references:
	- advisory: https://github.com/open-telemetry/opentelemetry-collector-contrib/security/advisories/GHSA-prf6-xjxh-p698
	- advisory: https://nvd.nist.gov/vuln/detail/CVE-2024-45043
	- web: https://docs.aws.amazon.com/firehose/latest/dev/controlling-access.html#using-iam-http
	- web: https://docs.aws.amazon.com/firehose/latest/dev/httpdeliveryrequestresponse.html
	- web: https://github.com/open-telemetry/opentelemetry-collector#alpha
	- web: https://github.com/open-telemetry/opentelemetry-collector-contrib/commit/371bf6afbd7cfa3253fa1674f5444064e86ef0ac
	- web: https://github.com/open-telemetry/opentelemetry-collector-contrib/pull/34847
	- web: https://github.com/open-telemetry/opentelemetry-collector-contrib/tree/main/receiver/awsfirehosereceiver
	- web: https://github.com/open-telemetry/opentelemetry-collector-releases/pull/74
	- web: https://github.com/open-telemetry/opentelemetry-collector-releases/releases/tag/v0.108.0
	- web: https://github.com/open-telemetry/opentelemetry-collector-releases/tree/main/distributions/otelcol-contrib
	source:
	id: GHSA-prf6-xjxh-p698
	created: 2024-08-30T11:50:01.407659-04:00
	review_status: UNREVIEWED