x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-qrqr-3x5j-2xw9 #2507

GoVulnBot · 2024-02-01T00:01:21Z

In GitHub Security Advisory GHSA-qrqr-3x5j-2xw9, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/moby/moby	17.06.0-ce	< 17.06.0-ce

Cross references:

Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2022-24769 #390 EFFECTIVELY_PRIVATE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-8fvr-5rqf-3wwh #638 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-v4h8-794j-g8mm #708 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-vj3f-3286-r4pf #751 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2022-36109 #985 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-vp35-85q5-9f25 #1107 NOT_IMPORTABLE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2023-28840 #1699 EFFECTIVELY_PRIVATE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2023-28841 #1700 EFFECTIVELY_PRIVATE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2023-28842 #1701 EFFECTIVELY_PRIVATE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2017-16539 #2199 LEGACY_FALSE_POSITIVE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-10892 #2207 LEGACY_FALSE_POSITIVE
CVE-2018-12608 appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-12608 #2209 LEGACY_FALSE_POSITIVE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-12608 #2209 LEGACY_FALSE_POSITIVE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2018-15664 #2212 LEGACY_FALSE_POSITIVE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2019-13139 #2236 LEGACY_FALSE_POSITIVE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2021-21284 #2316 LEGACY_FALSE_POSITIVE
Module github.com/moby/moby appears in issue x/vulndb: potential Go vuln in github.com/moby/moby: CVE-2021-21285 #2317 LEGACY_FALSE_POSITIVE

See doc/triage.md for instructions on how to triage this report.

modules:
    - module: github.com/moby/moby
      versions:
        - fixed: 17.06.0-ce
      packages:
        - package: github.com/moby/moby
summary: Docker Moby Authentication Bypass
cves:
    - CVE-2018-12608
ghsas:
    - GHSA-qrqr-3x5j-2xw9
references:
    - web: https://nvd.nist.gov/vuln/detail/CVE-2018-12608
    - report: https://github.com/moby/moby/issues/33173
    - fix: https://github.com/moby/moby/pull/33182
    - fix: https://github.com/moby/moby/commit/190c6e8cf8b893874a33d83f78307f1bed0bfbcd
    - advisory: https://github.com/advisories/GHSA-qrqr-3x5j-2xw9

The text was updated successfully, but these errors were encountered:

gopherbot · 2024-02-20T22:12:51Z

Change https://go.dev/cl/565379 mentions this issue: data/excluded: batch add 7 excluded reports

tatianab · 2024-02-20T22:52:14Z

Duplicate of #2209

timothy-king assigned tatianab Feb 7, 2024

tatianab added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Feb 20, 2024

tatianab marked this as a duplicate of #2209 Feb 20, 2024

tatianab closed this as completed Feb 20, 2024

tatianab added duplicate and removed excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. labels Feb 20, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-qrqr-3x5j-2xw9 #2507

x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-qrqr-3x5j-2xw9 #2507

GoVulnBot commented Feb 1, 2024

gopherbot commented Feb 20, 2024

tatianab commented Feb 20, 2024

x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-qrqr-3x5j-2xw9 #2507

x/vulndb: potential Go vuln in github.com/moby/moby: GHSA-qrqr-3x5j-2xw9 #2507

Comments

GoVulnBot commented Feb 1, 2024

gopherbot commented Feb 20, 2024

tatianab commented Feb 20, 2024