x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m

GoVulnBot commented 1 year ago

In GitHub Security Advisory GHSA-7h8m-vrxx-vr4m, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/zitadel/zitadel	2.38.3	< 2.38.3	github.com/zitadel/zitadel	2.40.5	>= 2.39.0, < 2.40.5

Cross references:

Module github.com/zitadel/zitadel appears in issue #961 NOT_IMPORTABLE
Module github.com/zitadel/zitadel appears in issue #1489 NOT_IMPORTABLE
Module github.com/zitadel/zitadel appears in issue #2107 EFFECTIVELY_PRIVATE
Module github.com/zitadel/zitadel appears in issue #2155 EFFECTIVELY_PRIVATE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/zitadel/zitadel
      versions:
        - fixed: 2.38.3
      packages:
        - package: github.com/zitadel/zitadel
    - module: github.com/zitadel/zitadel
      versions:
        - introduced: 2.39.0
          fixed: 2.40.5
      packages:
        - package: github.com/zitadel/zitadel
summary: ZITADEL race condition in lockout policy execution
cves:
    - CVE-2023-47111
ghsas:
    - GHSA-7h8m-vrxx-vr4m
references:
    - advisory: https://github.com/zitadel/zitadel/security/advisories/GHSA-7h8m-vrxx-vr4m
    - fix: https://github.com/zitadel/zitadel/commit/22e2d5599918864877e054ebe82fb834a5aa1077
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.38.3
    - web: https://github.com/zitadel/zitadel/releases/tag/v2.40.5
    - advisory: https://github.com/advisories/GHSA-7h8m-vrxx-vr4m

gopherbot commented 1 year ago

Change https://go.dev/cl/541356 mentions this issue: data/excluded: batch add 5 excluded reports

gopherbot commented 5 months ago

Change https://go.dev/cl/592763 mentions this issue: data/reports: unexclude 75 reports

golang / vulndb

x/vulndb: potential Go vuln in github.com/zitadel/zitadel: GHSA-7h8m-vrxx-vr4m #2187