x/vulndb: potential Go vuln in github.com/dapr/dashboard: CVE-2022-38817 #1033

GoVulnBot · 2022-10-03T14:01:22Z

CVE-2022-38817 references github.com/dapr/dashboard, which may be a Go module.

Description:
Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.

References:

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/dapr/dashboard
    packages:
      - package: n/a
description: |
    Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.
cves:
  - CVE-2022-38817
references:
  - fix: https://github.com/dapr/dashboard
  - fix: https://github.com/dapr/dashboard/issues/222

The text was updated successfully, but these errors were encountered:

gopherbot · 2022-10-05T21:16:08Z

Change https://go.dev/cl/439039 mentions this issue: data/excluded: add GO-2022-1033.yaml for CVE-2022-38817

tatianab added the NeedsTriage label Oct 3, 2022

neild added the excluded: EFFECTIVELY_PRIVATE This vulnerability exists in a package can be imported, but isn't meant to be outside that module. label Oct 5, 2022

tatianab removed the NeedsTriage label Oct 5, 2022

gopherbot closed this as completed in 8b946c1 Oct 6, 2022

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

x/vulndb: potential Go vuln in github.com/dapr/dashboard: CVE-2022-38817 #1033

x/vulndb: potential Go vuln in github.com/dapr/dashboard: CVE-2022-38817 #1033

GoVulnBot commented Oct 3, 2022

gopherbot commented Oct 5, 2022

x/vulndb: potential Go vuln in github.com/dapr/dashboard: CVE-2022-38817 #1033

x/vulndb: potential Go vuln in github.com/dapr/dashboard: CVE-2022-38817 #1033

Comments

GoVulnBot commented Oct 3, 2022

gopherbot commented Oct 5, 2022