This repository was archived by the owner on Jan 7, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 89
Expand file tree
/
Copy pathazure-service-operator.advisories.yaml
More file actions
187 lines (178 loc) · 5.46 KB
/
azure-service-operator.advisories.yaml
File metadata and controls
187 lines (178 loc) · 5.46 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
schema-version: 2.0.2
package:
name: azure-service-operator
advisories:
- id: CGA-2w6q-4vw7-66mf
aliases:
- CVE-2025-22872
- GHSA-vvgc-356p-c3xw
events:
- timestamp: 2025-04-17T08:39:26Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 0a0a97f2d639772d
componentName: golang.org/x/net
componentVersion: v0.36.0
componentType: go-module
componentLocation: /usr/bin/azure-service-operator
scanner: grype
- timestamp: 2025-04-19T19:53:59Z
type: fixed
data:
fixed-version: 2.12.0-r3
- id: CGA-4f78-r7f5-j995
aliases:
- CVE-2025-47914
- GHSA-f6x5-jh6r-wrfv
events:
- timestamp: 2025-11-21T07:23:30Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 1ca3ab1e07cc4205
componentName: golang.org/x/crypto
componentVersion: v0.43.0
componentType: go-module
componentLocation: /usr/bin/aso-controller
scanner: grype
- timestamp: 2025-11-22T07:06:42Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Govulncheck found no affected symbols in the scanned Go binaries.
- id: CGA-8rhp-38h9-wjmx
aliases:
- CVE-2025-22874
- GHSA-6f52-wpx2-hvf2
events:
- timestamp: 2025-06-14T07:25:15Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 3afb70a1e1a10383
componentName: stdlib
componentVersion: go1.24.2
componentType: go-module
componentLocation: /usr/bin/aso-controller
scanner: grype
- timestamp: 2025-06-14T09:43:25Z
type: fixed
data:
fixed-version: 2.13.0-r3
- id: CGA-95pj-8wmr-m367
aliases:
- CVE-2025-58181
- GHSA-j5w8-q4qc-rx2x
events:
- timestamp: 2025-11-21T07:23:31Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 1ca3ab1e07cc4205
componentName: golang.org/x/crypto
componentVersion: v0.43.0
componentType: go-module
componentLocation: /usr/bin/aso-controller
scanner: grype
- timestamp: 2025-11-23T07:03:50Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Govulncheck found no affected symbols in the scanned Go binaries.
- id: CGA-gqm6-gxf6-vxpv
aliases:
- CVE-2025-22871
- GHSA-g9pc-8g42-g6vq
events:
- timestamp: 2025-04-10T08:47:02Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 141568069216c1f9
componentName: stdlib
componentVersion: go1.24.1
componentType: go-module
componentLocation: /usr/bin/azure-service-operator
scanner: grype
- timestamp: 2025-04-10T15:21:21Z
type: fixed
data:
fixed-version: 2.12.0-r2
- id: CGA-jc75-5f94-qrg3
aliases:
- CVE-2025-47910
- GHSA-8pjc-487g-w6p2
events:
- timestamp: 2025-09-24T10:42:49Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 587de33dd52f221b
componentName: stdlib
componentVersion: go1.25.0
componentType: go-module
componentLocation: /usr/bin/aso-controller
scanner: grype
- timestamp: 2025-09-24T17:44:34Z
type: fixed
data:
fixed-version: 2.15.0-r1
- id: CGA-p32m-m6mv-5qf3
aliases:
- CVE-2025-47907
- GHSA-j5pm-7495-qmr3
events:
- timestamp: 2025-08-10T22:45:18Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 7955a916b048b54c
componentName: stdlib
componentVersion: go1.24.5
componentType: go-module
componentLocation: /usr/bin/aso-controller
scanner: grype
- timestamp: 2025-08-11T07:16:06Z
type: true-positive-determination
data:
note: 'Govulncheck found vulnerable symbols in Go binaries at the following locations: in azure-service-operator-2.14.0-r1.apk, at usr/bin/aso-controller, usr/bin/aso-controller.'
- timestamp: 2025-08-11T16:35:46Z
type: fixed
data:
fixed-version: 2.14.0-r2
- id: CGA-rmh6-ffqq-r2r5
aliases:
- CVE-2025-4673
- GHSA-62jj-gr2r-5c34
events:
- timestamp: 2025-06-14T07:25:16Z
type: detection
data:
type: scan/v1
data:
subpackageName: azure-service-operator
componentID: 3afb70a1e1a10383
componentName: stdlib
componentVersion: go1.24.2
componentType: go-module
componentLocation: /usr/bin/aso-controller
scanner: grype
- timestamp: 2025-06-14T09:43:26Z
type: fixed
data:
fixed-version: 2.13.0-r3