advisories/blob-csi-1.26.advisories.yaml at main · wolfi-dev/advisories · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
schema-version: 2.0.2

package:
  name: blob-csi-1.26

advisories:
  - id: CGA-3394-78x8-v7wv
    aliases:
      - CVE-2025-22868
      - GHSA-3wqc-mwfx-672p
    events:
      - timestamp: 2025-04-30T20:49:02Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: 844409ef95e97744
            componentName: golang.org/x/oauth2
            componentVersion: v0.24.0
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-05-01T00:07:52Z
        type: fixed
        data:
          fixed-version: 1.26.2-r1

  - id: CGA-4x32-wf22-gv55
    aliases:
      - CVE-2025-47910
      - GHSA-8pjc-487g-w6p2
    events:
      - timestamp: 2025-09-24T11:38:22Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: 580555ca1a2553e7
            componentName: stdlib
            componentVersion: go1.25.0
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-09-24T19:41:04Z
        type: fixed
        data:
          fixed-version: 1.26.7-r3

  - id: CGA-9x26-9j9p-fpcg
    aliases:
      - CVE-2025-22874
      - GHSA-6f52-wpx2-hvf2
    events:
      - timestamp: 2025-06-14T08:44:12Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: 7d2375fd5e27ca5b
            componentName: stdlib
            componentVersion: go1.24.3
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-06-14T12:49:18Z
        type: fixed
        data:
          fixed-version: 1.26.5-r1

  - id: CGA-g552-hxf3-wv8p
    aliases:
      - CVE-2025-4563
      - GHSA-hj2p-8wj8-pfq4
    events:
      - timestamp: 2025-06-24T07:35:22Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: ea5d215df6152db9
            componentName: k8s.io/kubernetes
            componentVersion: v1.32.2
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-06-24T09:05:20Z
        type: fixed
        data:
          fixed-version: 1.26.5-r51

  - id: CGA-jfhh-xfgg-v2pg
    aliases:
      - CVE-2025-22872
      - GHSA-vvgc-356p-c3xw
    events:
      - timestamp: 2025-04-30T20:49:03Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: b6de751a295c2d91
            componentName: golang.org/x/net
            componentVersion: v0.37.0
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-05-01T02:07:47Z
        type: fixed
        data:
          fixed-version: 1.26.2-r2

  - id: CGA-p3hc-rq4g-3qpq
    aliases:
      - CVE-2025-4673
      - GHSA-62jj-gr2r-5c34
    events:
      - timestamp: 2025-06-14T08:44:13Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: 7d2375fd5e27ca5b
            componentName: stdlib
            componentVersion: go1.24.3
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-06-14T12:49:19Z
        type: fixed
        data:
          fixed-version: 1.26.5-r1

  - id: CGA-pgf6-v4gp-q4jj
    aliases:
      - CVE-2025-1767
      - GHSA-3wgm-2gw2-vh5m
    events:
      - timestamp: 2025-04-30T20:49:04Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: 667a0319e77a76b7
            componentName: k8s.io/kubernetes
            componentVersion: v1.32.2
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-05-02T20:01:39Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: This vulnerability applies to the git-repo volume provisioner, not the k8s client itself.

  - id: CGA-pqqq-5r3f-rxc9
    aliases:
      - CVE-2025-47907
      - GHSA-j5pm-7495-qmr3
    events:
      - timestamp: 2025-08-09T07:39:36Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: blob-csi-1.26
            componentID: 36131619d207a724
            componentName: stdlib
            componentVersion: go1.24.5
            componentType: go-module
            componentLocation: /usr/bin/blobfuse-proxy
            scanner: grype
      - timestamp: 2025-08-09T09:39:41Z
        type: fixed
        data:
          fixed-version: 1.26.6-r3