Closed GoVulnBot closed 6 months ago
In GitHub Security Advisory GHSA-v5fm-hr72-27hx, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.
modules: - module: github.com/hashicorp/nomad versions: - introduced: 1.5.0 fixed: 1.5.7 vulnerable_at: 1.5.6 packages: - package: github.com/hashicorp/nomad - module: github.com/hashicorp/nomad versions: - introduced: 0.11.0 fixed: 1.4.11 vulnerable_at: 1.4.10 packages: - package: github.com/hashicorp/nomad summary: Nomad Search API Leaks Information About CSI Plugins cves: - CVE-2023-3300 ghsas: - GHSA-v5fm-hr72-27hx references: - web: https://nvd.nist.gov/vuln/detail/CVE-2023-3300 - web: https://discuss.hashicorp.com/t/hcsec-2023-22-nomad-search-api-leaks-information-about-csi-plugins/56272 - fix: https://github.com/hashicorp/nomad/commit/a8789d3872bbf1b1f420f28b0f7ad8532a41d5e3 - advisory: https://github.com/advisories/GHSA-v5fm-hr72-27hx
Change https://go.dev/cl/575935 mentions this issue: data/reports: add GO-2024-2671.yaml
data/reports: add GO-2024-2671.yaml
In GitHub Security Advisory GHSA-v5fm-hr72-27hx, there is a vulnerability in the following Go packages or modules:
Cross references:
See doc/triage.md for instructions on how to triage this report.