x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2022-29947 #440

GoVulnBot · 2022-04-29T22:01:05Z

CVE-2022-29947 references github.com/woodpecker-ci/woodpecker, which may be a Go module.

Description:
Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.

Links:

See doc/triage.md for instructions on how to triage this report.

module: github.com/woodpecker-ci/woodpecker
package: n/a
description: |
    Woodpecker before 0.15.1 allows XSS via build logs because web/src/components/repo/build/BuildLog.vue lacks escaping.
cves:
  - CVE-2022-29947
links:
    pr: https://github.com/woodpecker-ci/woodpecker/pull/879
    context:
      - https://github.com/woodpecker-ci/woodpecker/releases/tag/v0.15.1

The text was updated successfully, but these errors were encountered:

neild · 2022-06-14T23:59:34Z

Vulnerability in tool.

gopherbot · 2024-06-14T19:54:55Z

Change https://go.dev/cl/592767 mentions this issue: data/reports: unexclude 50 reports

gopherbot · 2024-08-20T19:41:25Z

Change https://go.dev/cl/607218 mentions this issue: data/reports: unexclude 20 reports (16)

- data/reports/GO-2022-0407.yaml - data/reports/GO-2022-0410.yaml - data/reports/GO-2022-0413.yaml - data/reports/GO-2022-0416.yaml - data/reports/GO-2022-0418.yaml - data/reports/GO-2022-0424.yaml - data/reports/GO-2022-0426.yaml - data/reports/GO-2022-0429.yaml - data/reports/GO-2022-0440.yaml - data/reports/GO-2022-0442.yaml - data/reports/GO-2022-0447.yaml - data/reports/GO-2022-0448.yaml - data/reports/GO-2022-0449.yaml - data/reports/GO-2022-0450.yaml - data/reports/GO-2022-0451.yaml - data/reports/GO-2022-0452.yaml - data/reports/GO-2022-0453.yaml - data/reports/GO-2022-0454.yaml - data/reports/GO-2022-0455.yaml - data/reports/GO-2022-0456.yaml Updates #407 Updates #410 Updates #413 Updates #416 Updates #418 Updates #424 Updates #426 Updates #429 Updates #440 Updates #442 Updates #447 Updates #448 Updates #449 Updates #450 Updates #451 Updates #452 Updates #453 Updates #454 Updates #455 Updates #456 Change-Id: I206c09343a83edd1fd9f1a37410a59391d904c6d Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/607218 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>

neild closed this as completed Jun 14, 2022

neild added the NotGoVuln label Jun 14, 2022

neild added excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. and removed NotGoVuln labels Aug 11, 2022

GoVulnBot mentioned this issue Aug 16, 2023

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2023-40034 #2014

Closed

This was referenced Jul 19, 2024

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2024-41121 #3000

Closed

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2024-41122 #3001

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2022-29947 #440

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2022-29947 #440

GoVulnBot commented Apr 29, 2022

neild commented Jun 14, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2022-29947 #440

x/vulndb: potential Go vuln in github.com/woodpecker-ci/woodpecker: CVE-2022-29947 #440

Comments

GoVulnBot commented Apr 29, 2022

neild commented Jun 14, 2022

gopherbot commented Jun 14, 2024

gopherbot commented Aug 20, 2024