diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml index 0837849..ecfc188 100644 --- a/.github/workflows/build_test.yml +++ b/.github/workflows/build_test.yml @@ -23,7 +23,7 @@ jobs: - name: Setup Go uses: actions/setup-go@0a12ed9d6a96ab950c8f026ed9f722fe0da7ef32 # v5 with: - go-version: '1.22' + go-version: '1.23' - name: Install dependencies run: go mod download - name: Verify dependencies diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index f9bd97c..64ca4eb 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -8,8 +8,8 @@ on: - "v1.[0-9]+.[0-9]+" env: - GO_VERSION: 1.22 - GO_RELEASER_VERSION: v1.25.1 + GO_VERSION: 1.23 + GO_RELEASER_VERSION: v1.26.2 permissions: {} diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index 7e53bc4..6815afc 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -12,7 +12,7 @@ Before you start contributing, please make sure to read and abide by our [Code o To contribute to Poutine, you'll need the following: -- [Go toolchain v1.22](https://golang.org/dl/) or higher. +- [Go toolchain v1.23](https://golang.org/dl/) or higher. ### Contributing Process diff --git a/Dockerfile b/Dockerfile index a0e54f7..519971d 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,5 +1,5 @@ ARG GIT=cgr.dev/chainguard/git:latest@sha256:06119871a608d163eac2daddd0745582e457a29ee8402bd351c13f294ede30e1 -ARG GORELEASER=ghcr.io/goreleaser/goreleaser:v2.0.1@sha256:c1d6c5a07be6d0f7472461e2ec578beaa4a51c12bb03a8e34d3e73730b4aa32a +ARG GORELEASER=ghcr.io/goreleaser/goreleaser:v2.3.1@sha256:6835c0b61b746bf4b2e036e262d3c5c32029ebb079eb42911bffa84b1b5c8008 FROM ${GORELEASER} as goreleaser WORKDIR /app diff --git a/README.md b/README.md index 49ecfe2..ee2a135 100644 --- a/README.md +++ b/README.md @@ -119,7 +119,7 @@ See [.poutine.sample.yml](.poutine.sample.yml) for an example configuration file ## Building from source -Building `poutine` requires Go 1.22. +Building `poutine` requires Go 1.23. ```bash git clone https://github.com/boostsecurityio/poutine.git diff --git a/dagger/go.mod b/dagger/go.mod index 0ee5557..0a563ef 100644 --- a/dagger/go.mod +++ b/dagger/go.mod @@ -1,3 +1,3 @@ module dagger/poutine -go 1.22.3 +go 1.23.0 diff --git a/go.mod b/go.mod index 518b155..c0be31d 100644 --- a/go.mod +++ b/go.mod @@ -1,22 +1,22 @@ module github.com/boostsecurityio/poutine -go 1.22.0 +go 1.23.0 require ( github.com/gofri/go-github-ratelimit v1.1.0 github.com/google/go-github/v59 v59.0.0 github.com/hashicorp/go-version v1.7.0 github.com/olekukonko/tablewriter v0.0.5 - github.com/open-policy-agent/opa v0.68.0 + github.com/open-policy-agent/opa v0.69.0 github.com/owenrumney/go-sarif/v2 v2.3.3 github.com/package-url/packageurl-go v0.1.3 github.com/rs/zerolog v1.33.0 - github.com/schollz/progressbar/v3 v3.15.0 + github.com/schollz/progressbar/v3 v3.16.1 github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7 github.com/spf13/cobra v1.8.1 github.com/spf13/viper v1.19.0 github.com/stretchr/testify v1.9.0 - github.com/xanzy/go-gitlab v0.109.0 + github.com/xanzy/go-gitlab v0.110.0 golang.org/x/oauth2 v0.23.0 golang.org/x/sync v0.8.0 gopkg.in/yaml.v3 v3.0.1 @@ -24,7 +24,7 @@ require ( require ( github.com/OneOfOne/xxhash v1.2.8 // indirect - github.com/agnivade/levenshtein v1.1.1 // indirect + github.com/agnivade/levenshtein v1.2.0 // indirect github.com/beorn7/perks v1.0.1 // indirect github.com/cespare/xxhash/v2 v2.3.0 // indirect github.com/davecgh/go-spew v1.1.2-0.20180830191138-d8f796af33cc // indirect @@ -49,9 +49,9 @@ require ( github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 // indirect github.com/pelletier/go-toml/v2 v2.2.3 // indirect github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 // indirect - github.com/prometheus/client_golang v1.20.3 // indirect + github.com/prometheus/client_golang v1.20.4 // indirect github.com/prometheus/client_model v0.6.1 // indirect - github.com/prometheus/common v0.59.1 // indirect + github.com/prometheus/common v0.60.0 // indirect github.com/prometheus/procfs v0.15.1 // indirect github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 // indirect github.com/rivo/uniseg v0.4.7 // indirect @@ -73,11 +73,11 @@ require ( go.opentelemetry.io/otel/sdk v1.30.0 // indirect go.opentelemetry.io/otel/trace v1.30.0 // indirect go.uber.org/multierr v1.11.0 // indirect - golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 // indirect - golang.org/x/sys v0.25.0 // indirect - golang.org/x/term v0.24.0 // indirect - golang.org/x/text v0.18.0 // indirect - golang.org/x/time v0.6.0 // indirect + golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 // indirect + golang.org/x/sys v0.26.0 // indirect + golang.org/x/term v0.25.0 // indirect + golang.org/x/text v0.19.0 // indirect + golang.org/x/time v0.7.0 // indirect google.golang.org/protobuf v1.34.2 // indirect gopkg.in/ini.v1 v1.67.0 // indirect gopkg.in/yaml.v2 v2.4.0 // indirect diff --git a/go.sum b/go.sum index 2e8630b..69f55f1 100644 --- a/go.sum +++ b/go.sum @@ -1,7 +1,7 @@ github.com/OneOfOne/xxhash v1.2.8 h1:31czK/TI9sNkxIKfaUfGlU47BAxQ0ztGgd9vPyqimf8= github.com/OneOfOne/xxhash v1.2.8/go.mod h1:eZbhyaAYD41SGSSsnmcpxVoRiQ/MPUTjUdIIOT9Um7Q= -github.com/agnivade/levenshtein v1.1.1 h1:QY8M92nrzkmr798gCo3kmMyqXFzdQVpxLlGPRBij0P8= -github.com/agnivade/levenshtein v1.1.1/go.mod h1:veldBMzWxcCG2ZvUTKD2kJNRdCk5hVbJomOvKkmgYbo= +github.com/agnivade/levenshtein v1.2.0 h1:U9L4IOT0Y3i0TIlUIDJ7rVUziKi/zPbrJGaFrtYH3SY= +github.com/agnivade/levenshtein v1.2.0/go.mod h1:QVVI16kDrtSuwcpd0p1+xMC6Z/VfhtCyDIjcwga4/DU= github.com/apparentlymart/go-textseg/v13 v13.0.0/go.mod h1:ZK2fH7c4NqDTLtiYLvIkEghdlcqw7yxLeM89kiTRPUo= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0 h1:jfIu9sQUG6Ig+0+Ap1h4unLjW6YQJpKZVmUzxsD4E/Q= github.com/arbovm/levenshtein v0.0.0-20160628152529-48b4e1c0c4d0/go.mod h1:t2tdKJDJF9BV14lnkjHmOQgcvEKgtqs5a1N3LNdJhGE= @@ -15,6 +15,8 @@ github.com/cespare/xxhash v1.1.0 h1:a6HrQnmkObjyL+Gs60czilIUGqrzKutQD6XZog3p+ko= github.com/cespare/xxhash v1.1.0/go.mod h1:XrSqR1VqqWfGrhpAt58auRo0WTKS1nRRg3ghfAqPWnc= github.com/cespare/xxhash/v2 v2.3.0 h1:UL815xU9SqsFlibzuggzjXhog7bL6oX9BbNZnL2UFvs= github.com/cespare/xxhash/v2 v2.3.0/go.mod h1:VGX0DQ3Q6kWi7AoAeZDth3/j3BFtOZR5XLFGgcrjCOs= +github.com/chengxilo/virtualterm v1.0.4 h1:Z6IpERbRVlfB8WkOmtbHiDbBANU7cimRIof7mk9/PwM= +github.com/chengxilo/virtualterm v1.0.4/go.mod h1:DyxxBZz/x1iqJjFxTFcr6/x+jSpqN0iwWCOK1q10rlY= github.com/coreos/go-systemd/v22 v22.5.0/go.mod h1:Y58oyj3AT4RCenI/lSvhwexgC+NSVTIJ3seZv2GcEnc= github.com/cpuguy83/go-md2man/v2 v2.0.4/go.mod h1:tgQtvFlXSQOSOSIRvRPT7W67SCa46tRHOmNcaadrF8o= github.com/davecgh/go-spew v1.1.0/go.mod h1:J7Y8YcW2NihsgmVo/mv3lAwl/skON4iLHjSsI+c5H38= @@ -25,8 +27,8 @@ github.com/dgraph-io/badger/v3 v3.2103.5 h1:ylPa6qzbjYRQMU6jokoj4wzcaweHylt//CH0 github.com/dgraph-io/badger/v3 v3.2103.5/go.mod h1:4MPiseMeDQ3FNCYwRbbcBOGJLf5jsE0PPFzRiKjtcdw= github.com/dgraph-io/ristretto v0.1.1 h1:6CWw5tJNgpegArSHpNHJKldNeq03FQCwYvfMVWajOK8= github.com/dgraph-io/ristretto v0.1.1/go.mod h1:S1GPSBCYCIhmVNfcth17y2zZtQT6wzkzgwUve0VDWWA= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48 h1:fRzb/w+pyskVMQ+UbP35JkH8yB7MYb4q/qhBarqZE6g= -github.com/dgryski/trifles v0.0.0-20200323201526-dd97f9abfb48/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= +github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54 h1:SG7nF6SRlWhcT7cNTs5R6Hk4V2lcmLz2NsG2VnInyNo= +github.com/dgryski/trifles v0.0.0-20230903005119-f50d829f2e54/go.mod h1:if7Fbed8SFyPtHLHbg49SI7NAdJiC5WIA09pe59rfAA= github.com/dustin/go-humanize v1.0.0 h1:VSnTsYCnlFHaM2/igO1h6X3HA71jcobQuxemgkq4zYo= github.com/dustin/go-humanize v1.0.0/go.mod h1:HtrtbFcZ19U5GC7JDqmcUSB87Iq5E25KnS6fMYU6eOk= github.com/fatih/color v1.16.0 h1:zmkK9Ngbjj+K0yRhTVONQh1p/HknKYSlNT+vZCzyokM= @@ -55,8 +57,8 @@ github.com/gofri/go-github-ratelimit v1.1.0 h1:ijQ2bcv5pjZXNil5FiwglCg8wc9s8EgjT github.com/gofri/go-github-ratelimit v1.1.0/go.mod h1:OnCi5gV+hAG/LMR7llGhU7yHt44se9sYgKPnafoL7RY= github.com/gogo/protobuf v1.3.2 h1:Ov1cvc58UF3b5XjBnZv7+opcTcQFZebYjWzi34vdm4Q= github.com/gogo/protobuf v1.3.2/go.mod h1:P1XiOD3dCwIKUDQYPy72D8LYyHL2YPYrpS2s69NZV8Q= -github.com/golang/glog v1.2.1 h1:OptwRhECazUx5ix5TTWC3EZhsZEHWcYWY4FQHTIubm4= -github.com/golang/glog v1.2.1/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= +github.com/golang/glog v1.2.2 h1:1+mZ9upx1Dh6FmUTFR1naJ77miKiXgALjWOZ3NVFPmY= +github.com/golang/glog v1.2.2/go.mod h1:6AhwSGph0fcJtXVM/PEHPqZlFeoLxhs7/t5UDAwmO+w= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da h1:oI5xCqsCo564l8iNU+DwB5epxmsaqB+rhGL0m5jtYqE= github.com/golang/groupcache v0.0.0-20210331224755-41bb18bfe9da/go.mod h1:cIg4eruTrX1D+g88fzRXU5OdNfaM+9IcxsU14FzY7Hc= github.com/golang/protobuf v1.3.1/go.mod h1:6lQm79b+lXiMfvg/cZm0SGofjICqVBUtrP5yJMmIC1U= @@ -94,7 +96,6 @@ github.com/hashicorp/hcl v1.0.0 h1:0Anlzjpi4vEasTeNFn2mLJgTSwt0+6sfsiTG8qcWGx4= github.com/hashicorp/hcl v1.0.0/go.mod h1:E5yfLk+7swimpb2L/Alb/PJmXilQ/rhwaUYs4T20WEQ= github.com/inconshreveable/mousetrap v1.1.0 h1:wN+x4NVGpMsO7ErUn/mUI3vEoE6Jt13X2s0bqwp9tc8= github.com/inconshreveable/mousetrap v1.1.0/go.mod h1:vpF70FUmC8bwa3OWnCshd2FqLfsEA9PFc4w1p2J65bw= -github.com/k0kubun/go-ansi v0.0.0-20180517002512-3bf9e2903213/go.mod h1:vNUNkEQ1e29fT/6vq2aBdFsgNPmy8qMdSay1npru+Sw= github.com/klauspost/compress v1.17.9 h1:6KIumPrER1LHsvBVuDa0r5xaG0Es51mhhB9BQB2qeMA= github.com/klauspost/compress v1.17.9/go.mod h1:Di0epgTjJY877eYKx5yC51cX2A2Vl2ibi7bDH9ttBbw= github.com/kr/pretty v0.1.0/go.mod h1:dAy3ld7l9f0ibDNOQOHHMYYIIbhfbHSm3C4ZsoJORNo= @@ -125,8 +126,8 @@ github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822 h1:C3w9PqII01/Oq github.com/munnerz/goautoneg v0.0.0-20191010083416-a7dc8b61c822/go.mod h1:+n7T8mK8HuQTcFwEeznm/DIxMOiR9yIdICNftLE1DvQ= github.com/olekukonko/tablewriter v0.0.5 h1:P2Ga83D34wi1o9J6Wh1mRuqd4mF/x/lgBS7N7AbDhec= github.com/olekukonko/tablewriter v0.0.5/go.mod h1:hPp6KlRPjbx+hW8ykQs1w3UBbZlj6HuIJcUGPhkA7kY= -github.com/open-policy-agent/opa v0.68.0 h1:Jl3U2vXRjwk7JrHmS19U3HZO5qxQRinQbJ2eCJYSqJQ= -github.com/open-policy-agent/opa v0.68.0/go.mod h1:5E5SvaPwTpwt2WM177I9Z3eT7qUpmOGjk1ZdHs+TZ4w= +github.com/open-policy-agent/opa v0.69.0 h1:s2igLw2Z6IvGWGuXSfugWkVultDMsM9pXiDuMp7ckWw= +github.com/open-policy-agent/opa v0.69.0/go.mod h1:+qyXJGkpEJ6kpB1kGo8JSwHtVXbTdsGdQYPWWNYNj+4= github.com/owenrumney/go-sarif v1.1.1/go.mod h1:dNDiPlF04ESR/6fHlPyq7gHKmrM0sHUvAGjsoh8ZH0U= github.com/owenrumney/go-sarif/v2 v2.3.3 h1:ubWDJcF5i3L/EIOER+ZyQ03IfplbSU1BLOE26uKQIIU= github.com/owenrumney/go-sarif/v2 v2.3.3/go.mod h1:MSqMMx9WqlBSY7pXoOZWgEsVB4FDNfhcaXDA1j6Sr+w= @@ -139,12 +140,12 @@ github.com/pkg/errors v0.9.1/go.mod h1:bwawxfHBFNV+L2hUp1rHADufV3IMtnDRdf1r5NINE github.com/pmezard/go-difflib v1.0.0/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2 h1:Jamvg5psRIccs7FGNTlIRMkT8wgtp5eCXdBlqhYGL6U= github.com/pmezard/go-difflib v1.0.1-0.20181226105442-5d4384ee4fb2/go.mod h1:iKH77koFhYxTK1pcRnkKkqfTogsbg7gZNVY4sRDYZ/4= -github.com/prometheus/client_golang v1.20.3 h1:oPksm4K8B+Vt35tUhw6GbSNSgVlVSBH0qELP/7u83l4= -github.com/prometheus/client_golang v1.20.3/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= +github.com/prometheus/client_golang v1.20.4 h1:Tgh3Yr67PaOv/uTqloMsCEdeuFTatm5zIq5+qNN23vI= +github.com/prometheus/client_golang v1.20.4/go.mod h1:PIEt8X02hGcP8JWbeHyeZ53Y/jReSnHgO035n//V5WE= github.com/prometheus/client_model v0.6.1 h1:ZKSh/rekM+n3CeS952MLRAdFwIKqeY8b62p8ais2e9E= github.com/prometheus/client_model v0.6.1/go.mod h1:OrxVMOVHjw3lKMa8+x6HeMGkHMQyHDk9E3jmP2AmGiY= -github.com/prometheus/common v0.59.1 h1:LXb1quJHWm1P6wq/U824uxYi4Sg0oGvNeUm1z5dJoX0= -github.com/prometheus/common v0.59.1/go.mod h1:GpWM7dewqmVYcd7SmRaiWVe9SSqjf0UrwnYnpEZNuT0= +github.com/prometheus/common v0.60.0 h1:+V9PAREWNvJMAuJ1x1BaWl9dewMW4YrHZQbx0sJNllA= +github.com/prometheus/common v0.60.0/go.mod h1:h0LYf1R1deLSKtD4Vdg8gy4RuOvENW2J/h19V5NADQw= github.com/prometheus/procfs v0.15.1 h1:YagwOFzUgYfKKHX6Dr+sHT7km/hxC76UB0learggepc= github.com/prometheus/procfs v0.15.1/go.mod h1:fB45yRUv8NstnjriLhBQLuOUt+WW4BsoGhij/e3PBqk= github.com/rcrowley/go-metrics v0.0.0-20201227073835-cf1acfcdf475 h1:N/ElC8H3+5XpJzTSTfLsJV/mx9Q9g7kxmchpfZyxgzM= @@ -162,8 +163,8 @@ github.com/sagikazarmark/locafero v0.6.0 h1:ON7AQg37yzcRPU69mt7gwhFEBwxI6P9T4Qu3 github.com/sagikazarmark/locafero v0.6.0/go.mod h1:77OmuIc6VTraTXKXIs/uvUxKGUXjE1GbemJYHqdNjX0= github.com/sagikazarmark/slog-shim v0.1.0 h1:diDBnUNK9N/354PgrxMywXnAwEr1QZcOr6gto+ugjYE= github.com/sagikazarmark/slog-shim v0.1.0/go.mod h1:SrcSrq8aKtyuqEI1uvTDTK1arOWRIczQRv+GVI1AkeQ= -github.com/schollz/progressbar/v3 v3.15.0 h1:cNZmcNiVyea6oofBTg80ZhVXxf3wG/JoAhqCCwopkQo= -github.com/schollz/progressbar/v3 v3.15.0/go.mod h1:ncBdc++eweU0dQoeZJ3loXoAc+bjaallHRIm8pVVeQM= +github.com/schollz/progressbar/v3 v3.16.1 h1:RnF1neWZFzLCoGx8yp1yF7SDl4AzNDI5y4I0aUJRrZQ= +github.com/schollz/progressbar/v3 v3.16.1/go.mod h1:I2ILR76gz5VXqYMIY/LdLecvMHDPVcQm3W/MSKi1TME= github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7 h1:cYCy18SHPKRkvclm+pWm1Lk4YrREb4IOIb/YdFO0p2M= github.com/shurcooL/githubv4 v0.0.0-20240727222349-48295856cce7/go.mod h1:zqMwyHmnN/eDOZOdiTohqIUKUrTFX62PNlu7IJdu0q8= github.com/shurcooL/graphql v0.0.0-20230722043721-ed46e5a46466 h1:17JxqqJY66GmZVHkmAsGEkcIu0oCe3AM420QDgGwZx0= @@ -183,7 +184,6 @@ github.com/spf13/pflag v1.0.5/go.mod h1:McXfInJRrz4CZXVZOBLb0bTZqETkiAhM9Iw0y3An github.com/spf13/viper v1.19.0 h1:RWq5SEjt8o25SROyN3z2OrDB9l7RPd3lwTWU8EcEdcI= github.com/spf13/viper v1.19.0/go.mod h1:GQUN9bilAbhU/jgc1bKs99f/suXKeUMct8Adx5+Ntkg= github.com/stretchr/objx v0.1.0/go.mod h1:HFkY916IF+rwdDfMAkV7OtwuqBVzrE8GR6GFx+wExME= -github.com/stretchr/testify v1.3.0/go.mod h1:M5WIy9Dh21IEIfnGCwXGc5bZfKNJtfHm1UVUgZn+9EI= github.com/stretchr/testify v1.7.0/go.mod h1:6Fq8oRcR53rry900zMqJjRRixrwX3KX962/h/Wwjteg= github.com/stretchr/testify v1.9.0 h1:HtqpIVDClZ4nwg75+f6Lvsy/wHu+3BoSGCbBAcpTsTg= github.com/stretchr/testify v1.9.0/go.mod h1:r2ic/lqez/lEtzL7wO/rwa5dbSLXVDPFyf8C91i36aY= @@ -193,8 +193,8 @@ github.com/tchap/go-patricia/v2 v2.3.1 h1:6rQp39lgIYZ+MHmdEq4xzuk1t7OdC35z/xm0BG github.com/tchap/go-patricia/v2 v2.3.1/go.mod h1:VZRHKAb53DLaG+nA9EaYYiaEx6YztwDlLElMsnSHD4k= github.com/vmihailenco/msgpack/v4 v4.3.12/go.mod h1:gborTTJjAo/GWTqqRjrLCn9pgNN+NXzzngzBKDPIqw4= github.com/vmihailenco/tagparser v0.1.1/go.mod h1:OeAg3pn3UbLjkWt+rN9oFYB6u/cQgqMEUPoW2WPyhdI= -github.com/xanzy/go-gitlab v0.109.0 h1:RcRme5w8VpLXTSTTMZdVoQWY37qTJWg+gwdQl4aAttE= -github.com/xanzy/go-gitlab v0.109.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= +github.com/xanzy/go-gitlab v0.110.0 h1:hsFIFp01v/0D0sdUXoZfRk6CROzZbHQplk6NzKSFKhc= +github.com/xanzy/go-gitlab v0.110.0/go.mod h1:wKNKh3GkYDMOsGmnfuX+ITCmDuSDWFO0G+C4AygL9RY= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb h1:zGWFAtiMcyryUHoUjUJX0/lt1H2+i2Ka2n+D3DImSNo= github.com/xeipuuv/gojsonpointer v0.0.0-20190905194746-02993c407bfb/go.mod h1:N2zxlSyiKSe5eX1tZViRH5QA0qijqEDrYZiPEAiq3wU= github.com/xeipuuv/gojsonreference v0.0.0-20180127040603-bd5ef7bd5415 h1:EzJWgHovont7NscjpAxXsDA8S8BMYve8Y5+7cuRE7R0= @@ -223,14 +223,14 @@ go.opentelemetry.io/proto/otlp v1.3.1/go.mod h1:0X1WI4de4ZsLrrJNLAQbFeLCm3T7yBkR go.uber.org/multierr v1.11.0 h1:blXXJkSxSSfBVBlC76pxqeO+LN3aDfLQo+309xJstO0= go.uber.org/multierr v1.11.0/go.mod h1:20+QtiLqy0Nd6FdQB9TLXag12DsQkrbs3htMFfDN80Y= golang.org/x/crypto v0.0.0-20190308221718-c2843e01d9a2/go.mod h1:djNgcEr1/C05ACkg1iLfiJU5Ep61QUkGW8qpdssI0+w= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0 h1:e66Fs6Z+fZTbFBAxKfP3PALWBtpfqks2bwGcexMxgtk= -golang.org/x/exp v0.0.0-20240909161429-701f63a606c0/go.mod h1:2TbTHSBQa924w8M6Xs1QcRcFwyucIwBGpK1p2f1YFFY= +golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6 h1:1wqE9dj9NpSm04INVsJhhEUzhuDVjbcyKH91sVyPATw= +golang.org/x/exp v0.0.0-20241004190924-225e2abe05e6/go.mod h1:NQtJDoLvd6faHhE7m4T/1IY708gDefGGjR/iUW8yQQ8= golang.org/x/mod v0.21.0 h1:vvrHzRwRfVKSiLrG+d4FMl/Qi4ukBCE6kZlTUkDYRT0= golang.org/x/mod v0.21.0/go.mod h1:6SkKJ3Xj0I0BrPOZoBy3bdMptDDU9oJrpohJ3eWZ1fY= golang.org/x/net v0.0.0-20190603091049-60506f45cf65/go.mod h1:HSz+uSET+XFnRR8LxR5pz3Of3rY3CfYBVs4xY44aLks= golang.org/x/net v0.0.0-20200301022130-244492dfa37a/go.mod h1:z5CRVTTTmAJ677TzLLGU+0bjPO0LkuOLi4/5GtJWs/s= -golang.org/x/net v0.28.0 h1:a9JDOJc5GMUJ0+UDqmLT86WiEy7iWyIhz8gz8E4e5hE= -golang.org/x/net v0.28.0/go.mod h1:yqtgsTWOOnlGLG9GFRrK3++bGOUEkNBoHZc8MEDWPNg= +golang.org/x/net v0.29.0 h1:5ORfpBpCs4HzDYoodCDBbwHzdR5UrLBZ3sOnUJmFoHo= +golang.org/x/net v0.29.0/go.mod h1:gLkgy8jTGERgjzMic6DS9+SP0ajcu6Xu3Orq/SpETg0= golang.org/x/oauth2 v0.23.0 h1:PbgcYx2W7i4LvjJWEbf0ngHV6qJYr86PkAV3bXdLEbs= golang.org/x/oauth2 v0.23.0/go.mod h1:XYTD2NtWslqkgxebSiOHnXEap4TF09sJSc7H1sXbhtI= golang.org/x/sync v0.8.0 h1:3NFvSEYkUoMifnESzZl15y791HH1qU2xm6eCJU5ZPXQ= @@ -240,29 +240,29 @@ golang.org/x/sys v0.0.0-20220715151400-c0bba94af5f8/go.mod h1:oPkhp1MJrh7nUepCBc golang.org/x/sys v0.0.0-20220811171246-fbc7d0a398ab/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.6.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= golang.org/x/sys v0.12.0/go.mod h1:oPkhp1MJrh7nUepCBck5+mAzfO9JrbApNNgaTdGDITg= -golang.org/x/sys v0.25.0 h1:r+8e+loiHxRqhXVl6ML1nO3l1+oFoWbnlu2Ehimmi34= -golang.org/x/sys v0.25.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= -golang.org/x/term v0.24.0 h1:Mh5cbb+Zk2hqqXNO7S1iTjEphVL+jb8ZWaqh/g+JWkM= -golang.org/x/term v0.24.0/go.mod h1:lOBK/LVxemqiMij05LGJ0tzNr8xlmwBRJ81PX6wVLH8= +golang.org/x/sys v0.26.0 h1:KHjCJyddX0LoSTb3J+vWpupP9p0oznkqVk/IfjymZbo= +golang.org/x/sys v0.26.0/go.mod h1:/VUhepiaJMQUp4+oa/7Zr1D23ma6VTLIYjOOTFZPUcA= +golang.org/x/term v0.25.0 h1:WtHI/ltw4NvSUig5KARz9h521QvRC8RmF/cuYqifU24= +golang.org/x/term v0.25.0/go.mod h1:RPyXicDX+6vLxogjjRxjgD2TKtmAO6NZBsBRfrOLu7M= golang.org/x/text v0.3.0/go.mod h1:NqM8EUOU14njkJ3fqMW+pc6Ldnwhi/IjpwHt7yyuwOQ= golang.org/x/text v0.3.2/go.mod h1:bEr9sfX3Q8Zfm5fL9x+3itogRgK3+ptLWKqgva+5dAk= golang.org/x/text v0.3.5/go.mod h1:5Zoc/QRtKVWzQhOtBMvqHzDpF6irO9z98xDceosuGiQ= -golang.org/x/text v0.18.0 h1:XvMDiNzPAl0jr17s6W9lcaIhGUfUORdGCNsuLmPG224= -golang.org/x/text v0.18.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= -golang.org/x/time v0.6.0 h1:eTDhh4ZXt5Qf0augr54TN6suAUudPcawVZeIAPU7D4U= -golang.org/x/time v0.6.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= +golang.org/x/text v0.19.0 h1:kTxAhCbGbxhK0IwgSKiMO5awPoDQ0RpfiVYBfK860YM= +golang.org/x/text v0.19.0/go.mod h1:BuEKDfySbSR4drPmRPG/7iBdf8hvFMuRexcpahXilzY= +golang.org/x/time v0.7.0 h1:ntUhktv3OPE6TgYxXWv9vKvUSJyIFJlyohwbkEwPrKQ= +golang.org/x/time v0.7.0/go.mod h1:3BpzKBy/shNhVucY/MWOyx10tF3SFh9QdLuxbVysPQM= golang.org/x/tools v0.0.0-20180917221912-90fa682c2a6e/go.mod h1:n7NCudcB/nEzxVGmLbDWY5pfWTLqBcC2KZ6jyYvM4mQ= -golang.org/x/tools v0.25.0 h1:oFU9pkj/iJgs+0DT+VMHrx+oBKs/LJMV+Uvg78sl+fE= -golang.org/x/tools v0.25.0/go.mod h1:/vtpO8WL1N9cQC3FN5zPqb//fRXskFHbLKk4OW1Q7rg= +golang.org/x/tools v0.26.0 h1:v/60pFQmzmT9ExmjDv2gGIfi3OqfKoEP6I5+umXlbnQ= +golang.org/x/tools v0.26.0/go.mod h1:TPVVj70c7JJ3WCazhD8OdXcZg/og+b9+tH/KxylGwH0= golang.org/x/xerrors v0.0.0-20191204190536-9bdfabe68543/go.mod h1:I/5z698sn9Ka8TeJc9MKroUUfqBBauWjQqLJ2OPfmY0= google.golang.org/appengine v1.6.5/go.mod h1:8WjMMxjGQR8xUklV/ARdw2HLXBOI7O7uCIDZVag1xfc= google.golang.org/genproto v0.0.0-20240213162025-012b6fc9bca9 h1:9+tzLLstTlPTRyJTh+ah5wIMsBW5c4tQwGTN3thOW9Y= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094 h1:0+ozOGcrp+Y8Aq8TLNN2Aliibms5LEzsq99ZZmAGYm0= -google.golang.org/genproto/googleapis/api v0.0.0-20240701130421-f6361c86f094/go.mod h1:fJ/e3If/Q67Mj99hin0hMhiNyCRmt6BQ2aWIJshUSJw= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094 h1:BwIjyKYGsK9dMCBOorzRri8MQwmi7mT9rGHsCEinZkA= -google.golang.org/genproto/googleapis/rpc v0.0.0-20240701130421-f6361c86f094/go.mod h1:Ue6ibwXGpU+dqIcODieyLOcgj7z8+IcskoNIgZxtrFY= -google.golang.org/grpc v1.66.0 h1:DibZuoBznOxbDQxRINckZcUvnCEvrW9pcWIE2yF9r1c= -google.golang.org/grpc v1.66.0/go.mod h1:s3/l6xSSCURdVfAnL+TqCNMyTDAGN6+lZeVxnZR128Y= +google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142 h1:wKguEg1hsxI2/L3hUYrpo1RVi48K+uTyzKqprwLXsb8= +google.golang.org/genproto/googleapis/api v0.0.0-20240814211410-ddb44dafa142/go.mod h1:d6be+8HhtEtucleCbxpPW9PA9XwISACu8nvpPqF0BVo= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142 h1:e7S5W7MGGLaSu8j3YjdezkZ+m1/Nm0uRVRMEMGk26Xs= +google.golang.org/genproto/googleapis/rpc v0.0.0-20240814211410-ddb44dafa142/go.mod h1:UqMtugtsSgubUsoxbuAoiCXvqvErP7Gf0so0mK9tHxU= +google.golang.org/grpc v1.67.0 h1:IdH9y6PF5MPSdAntIcpjQ+tXO41pcQsfZV2RxtQgVcw= +google.golang.org/grpc v1.67.0/go.mod h1:1gLDyUQU7CTLJI90u3nXZ9ekeghjeM7pTDZlqFNg2AA= google.golang.org/protobuf v1.34.2 h1:6xV6lTsCfpGD21XK49h7MhtcApnLqkfYgPcdHftf6hg= google.golang.org/protobuf v1.34.2/go.mod h1:qYOHts0dSfpeUzUFpOMr/WGzszTmLH+DiWniOlNbLDw= gopkg.in/check.v1 v0.0.0-20161208181325-20d25e280405/go.mod h1:Co6ibVJAznAaIkqp8huTwlJQCZ016jof/cbN4VW5Yz0= diff --git a/opa/rego/external/build_platform.rego b/opa/rego/external/build_platform.rego index f6244d5..52d6eb3 100644 --- a/opa/rego/external/build_platform.rego +++ b/opa/rego/external/build_platform.rego @@ -669,6 +669,46 @@ advisories = { ], "vulnerable_commit_shas": [], }, + "CVE-2024-8263": { + "osv_id": "CVE-2024-8263", + "published": "2024-09-23T20:12:51.005Z", + "aliases": [], + "summary": "An improper privilege management vulnerability allowed arbitrary workflows to be committed using an improperly scoped PAT through the use of nested tags. This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [{ + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:H/UI:N/VC:N/VI:L/VA:N/SC:L/SI:H/SA:N", + }], + "cwe_ids": ["CWE-269"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [ + "<=3.14.0", + "<=3.13.3", + "<=3.12.8", + "<=3.11.14", + "<=3.10.16", + ], + "vulnerable_commit_shas": [], + }, + "CVE-2024-8770": { + "osv_id": "CVE-2024-8770", + "published": "2024-09-23T20:09:01.746Z", + "aliases": [], + "summary": "A Cross-Site Scripting (XSS) vulnerability was identified in the repository transfer feature of GitHub Enterprise Server, which allows attackers to steal sensitive user information via social engineering.\u00a0This vulnerability affected all versions of GitHub Enterprise Server and was fixed in version 3.10.17, 3.11.15, 3.12.9, 3.13.4, and 3.14.1.\u00a0This vulnerability was reported via the GitHub Bug Bounty program.", + "severity": [{ + "type": "CVSS_V4", + "score": "CVSS:4.0/AV:N/AC:L/AT:P/PR:L/UI:A/VC:H/VI:L/VA:N/SC:L/SI:N/SA:N", + }], + "cwe_ids": ["CWE-79"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [ + "<=3.14.0", + "<=3.13.3", + "<=3.12.8", + "<=3.11.14", + "<=3.10.16", + ], + "vulnerable_commit_shas": [], + }, }, "gitlab": { "CVE-2020-13261": { @@ -8234,7 +8274,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=10.0,<16.1.5", @@ -8252,7 +8292,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": [""], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.2.4, <15.10.8", @@ -8378,7 +8418,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", }], - "cwe_ids": [""], + "cwe_ids": ["CWE-113"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.9, <15.10.8", @@ -8432,7 +8472,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.2,<16.0.8", @@ -8504,7 +8544,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": [""], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=8.3, <15.10.8", @@ -8522,7 +8562,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-282"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.2.8", @@ -8663,7 +8703,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-209"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.9,<16.0.8", @@ -8699,7 +8739,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-138"], + "cwe_ids": ["CWE-601"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=4.1,<16.1.5", @@ -8717,7 +8757,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [">=3.0.29,<4.0.5"], "vulnerable_commit_shas": [], @@ -8748,7 +8788,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-262"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.2,<16.1.5", @@ -8854,7 +8894,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": [""], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.7, <15.10.8", @@ -8890,7 +8930,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-359"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.7,<15.11.10", @@ -8980,7 +9020,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-262"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.0.8", @@ -8998,7 +9038,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-345"], + "cwe_ids": ["CWE-347"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.2,<16.5.6", @@ -9159,7 +9199,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-99"], + "cwe_ids": ["CWE-116"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=7.14,<15.11.10", @@ -9191,7 +9231,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-285"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.8,<16.2.8", @@ -9244,7 +9284,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:N/I:H/A:N", }], - "cwe_ids": [""], + "cwe_ids": ["CWE-266"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=14.1, <15.10.8", @@ -9262,7 +9302,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.7,<15.11.10", @@ -9298,7 +9338,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.1,<15.11.10", @@ -9330,7 +9370,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.0,<16.0.6", @@ -9347,7 +9387,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-286"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.11,<16.2.8", @@ -9365,7 +9405,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.11,<16.1.5", @@ -9383,7 +9423,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.11,<16.1.5", @@ -9401,7 +9441,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=10.3,<16.3.6", @@ -9419,7 +9459,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-209"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.0,<16.0.6", @@ -9454,7 +9494,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=8.14,<16.0.8", @@ -9490,7 +9530,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.6,<16.3.6", @@ -9526,7 +9566,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.2,<16.2.8", @@ -9544,7 +9584,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=10.3,<15.11.10", @@ -9553,6 +9593,20 @@ advisories = { ], "vulnerable_commit_shas": [], }, + "CVE-2023-3441": { + "osv_id": "CVE-2023-3441", + "published": "2024-10-01T09:47:16.444Z", + "aliases": [], + "summary": "An issue has been discovered in GitLab EE/CE affecting all versions starting from 8.0 before 16.4. The product did not sufficiently warn about security implications of granting merge rights to protected branches.", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N", + }], + "cwe_ids": ["CWE-213"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [">=8.0,<16.4"], + "vulnerable_commit_shas": [], + }, "CVE-2023-3443": { "osv_id": "CVE-2023-3443", "published": "2023-12-01T07:02:33.126Z", @@ -9562,7 +9616,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.1,<16.4.3", @@ -9580,7 +9634,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:N", }], - "cwe_ids": ["CWE-99"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.3,<15.11.10", @@ -9598,7 +9652,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:H", }], - "cwe_ids": ["CWE-840"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.8,<15.11.11", @@ -9634,7 +9688,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.7.6", @@ -9652,7 +9706,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=8.17,<16.4.4", @@ -9670,7 +9724,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-20"], + "cwe_ids": ["CWE-1287"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.1,<16.1.3", @@ -9687,7 +9741,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-1287"], "vulnerable_versions": [], "vulnerable_version_ranges": [ "<=16.4.3", @@ -9705,7 +9759,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-20"], + "cwe_ids": ["CWE-1287"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.3,<16.2.8", @@ -9723,7 +9777,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N", }], - "cwe_ids": ["CWE-269"], + "cwe_ids": ["CWE-286"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.0,<16.4.4", @@ -9741,7 +9795,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.3,<16.3.6", @@ -9759,7 +9813,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N", }], - "cwe_ids": ["CWE-840"], + "cwe_ids": ["CWE-286"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.2.8", @@ -9795,7 +9849,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-20"], + "cwe_ids": ["CWE-1287"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.2.8", @@ -9813,7 +9867,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-345"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.2,<16.2.8", @@ -9831,7 +9885,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-74"], + "cwe_ids": ["CWE-601"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.2,<16.2.8", @@ -9849,7 +9903,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-862"], + "cwe_ids": ["CWE-286"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.12,<16.0.8", @@ -9867,7 +9921,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.3,<16.4.3", @@ -9902,7 +9956,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.2,<16.4.3", @@ -9920,7 +9974,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=10.6,<16.2.8", @@ -9938,7 +9992,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-532"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=14.3,<16.0.8", @@ -9956,7 +10010,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=9.3,<16.0.8", @@ -9974,7 +10028,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=14.1,<16.0.8", @@ -9992,7 +10046,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-367"], + "cwe_ids": ["CWE-708"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.9,<16.0.8", @@ -10010,7 +10064,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [">=15.11,<16.2.2"], "vulnerable_commit_shas": [], @@ -10024,7 +10078,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-425"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.2,<16.2.5", @@ -10041,7 +10095,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=9.2,<16.4.3", @@ -10059,7 +10113,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.8,<16.1.5", @@ -10077,7 +10131,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.3,<16.2.8", @@ -10095,7 +10149,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-138"], + "cwe_ids": ["CWE-1287"], "vulnerable_versions": [], "vulnerable_version_ranges": [">=0,<16.2.0"], "vulnerable_commit_shas": [], @@ -10109,7 +10163,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.2,<16.2.8", @@ -10127,7 +10181,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=10.6,<16.1.5", @@ -10145,7 +10199,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.2,<16.1.5", @@ -10163,7 +10217,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=8.13,<16.4.3", @@ -10181,7 +10235,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=14.7,<16.3.6", @@ -10199,7 +10253,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.3,<16.5.6", @@ -10217,7 +10271,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.0,<16.7.6", @@ -10235,7 +10289,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=10.5,<16.4.3", @@ -10253,7 +10307,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.12,<16.2.7", @@ -10270,7 +10324,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-285"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=9.3,<16.4.4", @@ -10288,7 +10342,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.12,<16.2.8", @@ -10306,7 +10360,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ "<=16.2.7", @@ -10324,7 +10378,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-250"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.4,<16.4.1", @@ -10360,7 +10414,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-16"], + "cwe_ids": ["CWE-1395"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=9.5.0,<16.2.8", @@ -10414,7 +10468,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.6.6", @@ -10432,7 +10486,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-835"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.2,<16.3.6", @@ -10450,7 +10504,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-200"], + "cwe_ids": ["CWE-201"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.0,<16.3.6", @@ -10486,7 +10540,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-20"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.9,<16.3.6", @@ -10504,7 +10558,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:U/C:H/I:N/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.2,<16.4.3", @@ -10594,7 +10648,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L", }], - "cwe_ids": ["CWE-269"], + "cwe_ids": ["CWE-266"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.5,<16.7.6", @@ -10612,7 +10666,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.7.7,<16.8.6", @@ -10630,7 +10684,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.10.6", @@ -10648,7 +10702,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N", }], - "cwe_ids": ["CWE-285"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.4.3,<16.4.4", @@ -10666,7 +10720,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.8.6", @@ -10702,7 +10756,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.9,<16.9.7", @@ -10720,7 +10774,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [">=16.11,<16.11.2"], "vulnerable_commit_shas": [], @@ -10734,7 +10788,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.3,<16.7.6", @@ -10752,7 +10806,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.4,<16.6.7", @@ -10765,12 +10819,12 @@ advisories = { "osv_id": "CVE-2023-6955", "published": "2024-01-12T13:56:31.881Z", "aliases": [], - "summary": "An improper access control vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.", + "summary": "A missing authorization check vulnerability exists in GitLab Remote Development affecting all versions prior to 16.5.6, 16.6 prior to 16.6.4 and 16.7 prior to 16.7.2. This condition allows an attacker to create a workspace in one group that is associated with an agent from another group.", "severity": [{ "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:H/I:L/A:N", }], - "cwe_ids": ["CWE-863"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.5.6", @@ -10828,7 +10882,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-863"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.3,<16.7.7", @@ -10883,7 +10937,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-841"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.1,<16.7.6", @@ -10901,7 +10955,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-285"], + "cwe_ids": ["CWE-425"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=14.0,<16.6.6", @@ -10919,7 +10973,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-285"], + "cwe_ids": ["CWE-425"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.9,<16.9.1", @@ -10937,7 +10991,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.3.3,<16.6.7", @@ -10955,7 +11009,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-269"], + "cwe_ids": ["CWE-268"], "vulnerable_versions": [], "vulnerable_version_ranges": [">=16.8,<16.8.2"], "vulnerable_commit_shas": [], @@ -10969,7 +11023,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-863"], + "cwe_ids": ["CWE-268"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.8,<16.8.4", @@ -10986,7 +11040,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", }], - "cwe_ids": ["CWE-287"], + "cwe_ids": ["CWE-290"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0.0,<16.9.6", @@ -11054,7 +11108,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:H/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-288"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=16.1,<16.7.6", @@ -11108,7 +11162,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-409"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=13.2.4,<16.10.6", @@ -11216,7 +11270,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.11,<16.9.7", @@ -11234,7 +11288,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0.0,<16.9.7", @@ -11288,7 +11342,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.8.5", @@ -11306,7 +11360,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-1333"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=12.5,<16.9.6", @@ -11324,7 +11378,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=0,<16.10.6", @@ -11521,7 +11575,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:N", }], - "cwe_ids": ["CWE-287"], + "cwe_ids": ["CWE-302"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=7.8,<16.9.6", @@ -11530,6 +11584,24 @@ advisories = { ], "vulnerable_commit_shas": [], }, + "CVE-2024-4099": { + "osv_id": "CVE-2024-4099", + "published": "2024-09-26T23:02:15.810Z", + "aliases": [], + "summary": "An issue has been discovered in GitLab EE affecting all versions starting from 16.0 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. An AI feature was found to read unsanitized content in a way that could have allowed an attacker to hide prompt injection.", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:L/A:N", + }], + "cwe_ids": ["CWE-116"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [ + ">=16.0,<17.2.8", + ">=17.3,<17.3.4", + ">=17.4,<17.4.1", + ], + "vulnerable_commit_shas": [], + }, "CVE-2024-4201": { "osv_id": "CVE-2024-4201", "published": "2024-06-12T23:01:56.967Z", @@ -11584,6 +11656,24 @@ advisories = { ], "vulnerable_commit_shas": [], }, + "CVE-2024-4278": { + "osv_id": "CVE-2024-4278", + "published": "2024-09-26T06:30:59.796Z", + "aliases": [], + "summary": "An information disclosure issue has been discovered in GitLab EE affecting all versions starting from 16.5 prior to 17.2.8, from 17.3 prior to 17.3.4, and from 17.4 prior to 17.4.1. A maintainer could obtain a Dependency Proxy password by editing a certain Dependency Proxy setting.", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:L/I:L/A:N", + }], + "cwe_ids": ["CWE-821"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [ + ">=16.5,<17.2.8", + ">=17.3,<17.3.4", + ">=17.4,<17.4.1", + ], + "vulnerable_commit_shas": [], + }, "CVE-2024-4283": { "osv_id": "CVE-2024-4283", "published": "2024-09-16T21:34:08.579Z", @@ -11629,7 +11719,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", }], - "cwe_ids": ["CWE-400"], + "cwe_ids": ["CWE-770"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=15.4,<16.9.7", @@ -11826,7 +11916,7 @@ advisories = { "type": "CVSS_V3", "score": "CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", }], - "cwe_ids": ["CWE-284"], + "cwe_ids": ["CWE-862"], "vulnerable_versions": [], "vulnerable_version_ranges": [ ">=11.11,<16.10.6", @@ -12372,5 +12462,23 @@ advisories = { ], "vulnerable_commit_shas": [], }, + "CVE-2024-8974": { + "osv_id": "CVE-2024-8974", + "published": "2024-09-26T23:02:00.153Z", + "aliases": [], + "summary": "Information disclosure in Gitlab EE/CE affecting all versions from 15.6 prior to 17.2.8, 17.3 prior to 17.3.4, and 17.4 prior to 17.4.1 in specific conditions it was possible to disclose to an unauthorised user the path of a private project.\"", + "severity": [{ + "type": "CVSS_V3", + "score": "CVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N", + }], + "cwe_ids": ["CWE-684"], + "vulnerable_versions": [], + "vulnerable_version_ranges": [ + ">=15.6,<17.2.8", + ">=17.3,<17.3.4", + ">=17.4,<17.4.1", + ], + "vulnerable_commit_shas": [], + }, }, }