Vulnerability Report: GO-2022-1100
- CVE-2022-39395, GHSA-2w78-ffv6-p46w, and 2 more
- Affects: github.com/go-vela/server, github.com/go-vela/worker
- Published: Aug 21, 2024
- Unreviewed
Vela Insecure Defaults in github.com/go-vela/server
For detailed information about this vulnerability, visit https://github.com/go-vela/server/security/advisories/GHSA-5m7g-pj8w-7593, https://github.com/go-vela/ui/security/advisories/GHSA-xf39-98m2-889v, https://github.com/go-vela/worker/security/advisories/GHSA-2w78-ffv6-p46w, or https://nvd.nist.gov/vuln/detail/CVE-2022-39395.
Affected Modules
-
PathGo Versions
-
before v0.16.0
-
before v0.16.0
Aliases
References
- https://github.com/go-vela/server/security/advisories/GHSA-5m7g-pj8w-7593
- https://github.com/go-vela/ui/security/advisories/GHSA-xf39-98m2-889v
- https://github.com/go-vela/worker/security/advisories/GHSA-2w78-ffv6-p46w
- https://nvd.nist.gov/vuln/detail/CVE-2022-39395
- https://github.com/go-vela/server/commit/05558ee99d70f7d6f83bed7c8f78ac0b35fa26f4
- https://docs.docker.com/engine/security/#docker-daemon-attack-surface
- https://github.com/go-vela/server/releases/tag/v0.16.0
- https://github.com/go-vela/ui/releases/tag/v0.17.0
- https://github.com/go-vela/worker/releases/tag/v0.16.0
- https://go-vela.github.io/docs/installation/server/reference/#vela_repo_allowlist
- https://go-vela.github.io/docs/installation/worker/reference/#vela_runtime_privileged_images
- https://vuln.go.dev/ID/GO-2022-1100.json
Feedback
This report is unreviewed. It was automatically generated from a third-party source and its details have not been verified by the Go team.
See anything missing or incorrect?
Suggest an edit to this report.