x/vulndb: potential Go vuln in github.com/sipcapture/homer-app: CVE-2022-22845

GoVulnBot commented 2 years ago

In CVE-2022-22845, the reference URL github.com/sipcapture/homer-app (and possibly others) refers to something in Go.

Commit: https://github.com/sipcapture/homer-app/commit/7f92f3afc8b0380c14af3d0fc1c365318a2d1591

module: github.com/sipcapture/homer-app
package: n/a
description: |
    QXIP SIPCAPTURE homer-app before 1.4.28 for HOMER 7.x has the same 167f0db2-f83e-4baa-9736-d56064a5b415 JWT secret key across different customers' installations.
cves:
  - CVE-2022-22845
links:
    commit: https://github.com/sipcapture/homer-app/commit/7f92f3afc8b0380c14af3d0fc1c365318a2d1591
    context:
      - http://sipcapture.org
      - https://github.com/sipcapture/homer
      - https://github.com/sipcapture/homer-app/compare/1.4.27...1.4.28

See doc/triage.md for instructions on how to triage this report.

neild commented 2 years ago

Vulnerability in tool.

gopherbot commented 4 months ago

Change https://go.dev/cl/592766 mentions this issue: data/reports: unexclude 50 reports

golang / vulndb

x/vulndb: potential Go vuln in github.com/sipcapture/homer-app: CVE-2022-22845 #301