forked from wolfi-dev/advisories
-
Notifications
You must be signed in to change notification settings - Fork 0
/
actions-runner-controller.advisories.yaml
268 lines (248 loc) · 6.61 KB
/
actions-runner-controller.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
schema-version: 2.0.2
package:
name: actions-runner-controller
advisories:
- id: CGA-2m48-vwwr-5rx7
aliases:
- CVE-2024-24790
- GHSA-49gw-vxvf-fc2g
events:
- timestamp: 2024-06-07T18:27:53Z
type: fixed
data:
fixed-version: 0.9.2-r1
- id: CGA-3mv4-6w43-q4mr
aliases:
- CVE-2024-34155
- GHSA-8xfx-rj4p-23jm
events:
- timestamp: 2024-09-10T07:03:13Z
type: detection
data:
type: scan/v1
data:
subpackageName: actions-runner-controller
componentID: c7a0b32f7640e957
componentName: stdlib
componentVersion: go1.22.5
componentType: go-module
componentLocation: /usr/bin/actions-metrics-server
scanner: grype
- timestamp: 2024-09-12T19:01:37Z
type: fixed
data:
fixed-version: 0.9.3-r2
- id: CGA-47wh-cp9c-5g6j
aliases:
- CVE-2023-45290
- GHSA-rr6r-cfgf-gc6h
events:
- timestamp: 2024-03-13T07:05:19Z
type: fixed
data:
fixed-version: 0.8.3-r1
- id: CGA-4cgp-mq75-fqx5
aliases:
- CVE-2024-51744
- GHSA-29wx-vh33-7x7r
events:
- timestamp: 2024-11-05T07:36:38Z
type: detection
data:
type: scan/v1
data:
subpackageName: actions-runner-controller
componentID: 5403ac979ae85091
componentName: github.com/golang-jwt/jwt/v4
componentVersion: v4.5.0
componentType: go-module
componentLocation: /usr/bin/actions-metrics-server
scanner: grype
- timestamp: 2024-11-07T07:29:00Z
type: fixed
data:
fixed-version: 0.9.3-r3
- id: CGA-4fgg-48pc-jgx7
aliases:
- CVE-2024-24791
- GHSA-hw49-2p59-3mhj
events:
- timestamp: 2024-07-04T07:04:53Z
type: fixed
data:
fixed-version: 0.9.3-r1
- id: CGA-7hh3-rfp4-w662
aliases:
- CVE-2024-6104
- GHSA-v6v8-xj6m-xwqh
events:
- timestamp: 2024-06-25T07:05:04Z
type: detection
data:
type: scan/v1
data:
subpackageName: actions-runner-controller
componentID: dc432881c7046507
componentName: github.com/hashicorp/go-retryablehttp
componentVersion: v0.7.5
componentType: go-module
componentLocation: /usr/bin/ghalistener
scanner: grype
- timestamp: 2024-06-25T09:08:23Z
type: fixed
data:
fixed-version: 0.9.2-r2
- id: CGA-85hw-w5q3-v6gw
aliases:
- CVE-2023-48795
- GHSA-45x7-px36-x8w8
events:
- timestamp: 2024-01-24T07:07:42Z
type: fixed
data:
fixed-version: 0.8.1-r1
- id: CGA-8q25-h935-vf5h
aliases:
- CVE-2023-45288
- GHSA-4v7x-pqxf-cx7m
events:
- timestamp: 2024-04-13T07:10:41Z
type: fixed
data:
fixed-version: 0.9.0-r1
- id: CGA-94gf-xwcf-j9j7
aliases:
- CVE-2023-45283
- GHSA-vvjp-q62m-2vph
events:
- timestamp: 2023-11-07T19:22:35Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows
- id: CGA-9q3j-jp56-5v2f
aliases:
- CVE-2024-24783
- GHSA-3q2c-pvp5-3cqp
events:
- timestamp: 2024-03-13T07:05:17Z
type: fixed
data:
fixed-version: 0.8.3-r1
- id: CGA-cjf2-qf38-54vf
aliases:
- CVE-2024-34156
- GHSA-crqm-pwhx-j97f
events:
- timestamp: 2024-09-10T07:03:17Z
type: detection
data:
type: scan/v1
data:
subpackageName: actions-runner-controller
componentID: c7a0b32f7640e957
componentName: stdlib
componentVersion: go1.22.5
componentType: go-module
componentLocation: /usr/bin/actions-metrics-server
scanner: grype
- timestamp: 2024-09-12T19:01:36Z
type: fixed
data:
fixed-version: 0.9.3-r2
- id: CGA-hfv5-jf5x-vrwh
aliases:
- CVE-2024-24786
- GHSA-8r3f-844c-mc37
events:
- timestamp: 2024-03-14T07:21:37Z
type: detection
data:
type: scan/v1
data:
subpackageName: actions-runner-controller
componentID: 8bf78d89e4215f78
componentName: google.golang.org/protobuf
componentVersion: v1.31.0
componentType: go-module
componentLocation: /usr/bin/manager
scanner: grype
- timestamp: 2024-03-14T15:21:06Z
type: fixed
data:
fixed-version: 0.8.3-r2
- id: CGA-mrpr-xwf5-98c5
aliases:
- CVE-2023-45284
- GHSA-rq3x-83w4-p28c
events:
- timestamp: 2023-11-07T19:22:36Z
type: false-positive-determination
data:
type: vulnerable-code-not-included-in-package
note: Only affects Windows
- id: CGA-qfhf-fgpg-f27r
aliases:
- CVE-2023-45289
- GHSA-32ch-6x54-q4h9
events:
- timestamp: 2024-03-13T07:05:18Z
type: fixed
data:
fixed-version: 0.8.3-r1
- id: CGA-r36x-vmgm-mxjf
aliases:
- CVE-2024-24784
- GHSA-fgq5-q76c-gx78
events:
- timestamp: 2024-03-13T07:05:17Z
type: fixed
data:
fixed-version: 0.8.3-r1
- id: CGA-vhfm-fjmr-pj52
aliases:
- CVE-2024-24785
- GHSA-j6m3-gc37-6r6q
events:
- timestamp: 2024-03-13T07:05:19Z
type: fixed
data:
fixed-version: 0.8.3-r1
- id: CGA-wcxq-gh5q-366f
aliases:
- CVE-2024-34158
- GHSA-j7vj-rw65-4v26
events:
- timestamp: 2024-09-10T07:03:22Z
type: detection
data:
type: scan/v1
data:
subpackageName: actions-runner-controller
componentID: c7a0b32f7640e957
componentName: stdlib
componentVersion: go1.22.5
componentType: go-module
componentLocation: /usr/bin/actions-metrics-server
scanner: grype
- timestamp: 2024-09-12T19:01:37Z
type: fixed
data:
fixed-version: 0.9.3-r2
- id: CGA-wmh8-rpp4-45r5
aliases:
- GHSA-9763-4f94-gfch
events:
- timestamp: 2024-01-24T07:07:42Z
type: fixed
data:
fixed-version: 0.8.1-r1
- id: CGA-x93h-c5h9-f86w
aliases:
- CVE-2024-24789
- GHSA-236w-p7wf-5ph8
events:
- timestamp: 2024-06-07T18:27:50Z
type: fixed
data:
fixed-version: 0.9.2-r1