This repository was archived by the owner on Jan 7, 2026. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 89
Expand file tree
/
Copy pathazuredisk-csi-1.31.advisories.yaml
More file actions
236 lines (223 loc) · 6.56 KB
/
azuredisk-csi-1.31.advisories.yaml
File metadata and controls
236 lines (223 loc) · 6.56 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
schema-version: 2.0.2
package:
name: azuredisk-csi-1.31
advisories:
- id: CGA-39mf-cxfm-8jm4
aliases:
- CVE-2025-22869
events:
- timestamp: 2025-03-06T08:40:22Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 2c35e958966daa7e
componentName: golang.org/x/crypto
componentVersion: v0.33.0
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2025-03-12T00:08:57Z
type: fixed
data:
fixed-version: 1.31.5-r0
- id: CGA-52q6-rp99-g282
aliases:
- CVE-2024-45338
- GHSA-w32m-9786-jp63
events:
- timestamp: 2024-12-19T18:35:20Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 2371aae620e97aac
componentName: golang.org/x/net
componentVersion: v0.31.0
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2024-12-20T11:24:28Z
type: fixed
data:
fixed-version: 1.31.1-r2
- id: CGA-6xv9-w497-mrrr
aliases:
- CVE-2025-22868
events:
- timestamp: 2025-03-06T08:40:19Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 43bf0e724a7da8b3
componentName: golang.org/x/oauth2
componentVersion: v0.24.0
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2025-03-12T21:09:12Z
type: fixed
data:
fixed-version: 1.31.5-r1
- id: CGA-7pp9-w933-vxgj
aliases:
- CVE-2024-51744
- GHSA-29wx-vh33-7x7r
events:
- timestamp: 2024-11-05T07:18:42Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31-compat
componentID: 6bb641c4b965cb56
componentName: github.com/golang-jwt/jwt/v4
componentVersion: v4.5.0
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2024-11-07T09:10:44Z
type: fixed
data:
fixed-version: 1.31.0-r3
- id: CGA-9q5r-g32c-5pxh
aliases:
- CVE-2024-45336
- GHSA-7wrw-r4p8-38rx
events:
- timestamp: 2025-01-31T07:29:15Z
type: fixed
data:
fixed-version: 1.31.2-r1
- id: CGA-fphv-m68j-457j
aliases:
- CVE-2025-1767
- GHSA-3wgm-2gw2-vh5m
events:
- timestamp: 2025-03-15T07:07:59Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 02ad89e2b47c23c2
componentName: k8s.io/kubernetes
componentVersion: v1.31.6
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2025-03-18T01:32:23Z
type: pending-upstream-fix
data:
note: 'The k8s.io CVE affecting this package is currently in the triage stage upstream, PR on the issue can be found here: https://github.com/kubernetes/kubernetes/issues/130786'
- timestamp: 2025-04-06T22:30:00Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: This vulnerability applies to the git-repo volume provisioner, not the k8s client itself.
- id: CGA-hcjv-vr4m-rwhf
aliases:
- CVE-2024-45341
- GHSA-3f6r-qh9c-x6mm
events:
- timestamp: 2025-01-31T07:29:17Z
type: fixed
data:
fixed-version: 1.31.2-r1
- id: CGA-m3xj-72mw-5r55
aliases:
- CVE-2025-0426
- GHSA-jgfp-53c3-624w
events:
- timestamp: 2025-02-14T10:24:57Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 124f3ac14eb5ac1c
componentName: k8s.io/kubernetes
componentVersion: v1.31.2
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2025-02-14T11:17:50Z
type: fixed
data:
fixed-version: 1.31.3-r1
- id: CGA-p8w9-w8gq-xjp4
aliases:
- CVE-2025-22866
- GHSA-3whm-j4xm-rv8x
events:
- timestamp: 2025-02-08T07:26:59Z
type: fixed
data:
fixed-version: 1.31.3-r0
- id: CGA-v6hh-5hv7-x5rm
aliases:
- CVE-2025-30204
- GHSA-mh63-6h87-95cp
events:
- timestamp: 2025-03-22T08:09:03Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 7d10e6573672a280
componentName: github.com/golang-jwt/jwt/v4
componentVersion: v4.5.1
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2025-03-24T07:56:26Z
type: fixed
data:
fixed-version: 1.31.5-r2
- id: CGA-w5qq-94m2-qmh9
aliases:
- CVE-2024-45337
- GHSA-v778-237x-gjrc
events:
- timestamp: 2024-12-12T15:17:09Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 32130bebefd71c27
componentName: golang.org/x/crypto
componentVersion: v0.29.0
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2024-12-13T06:26:14Z
type: fixed
data:
fixed-version: 1.31.1-r1
- id: CGA-w8f8-2p67-45vj
aliases:
- CVE-2025-22872
- GHSA-vvgc-356p-c3xw
events:
- timestamp: 2025-04-17T07:20:30Z
type: detection
data:
type: scan/v1
data:
subpackageName: azuredisk-csi-1.31
componentID: 3ec26c123c35d8ce
componentName: golang.org/x/net
componentVersion: v0.37.0
componentType: go-module
componentLocation: /usr/bin/azurediskplugin
scanner: grype
- timestamp: 2025-04-17T09:32:57Z
type: fixed
data:
fixed-version: 1.31.7-r1