Skip to content

x/vulndb: potential Go vuln in github.com/apache/trafficcontrol: GHSA-wp47-9r3h-xfgq #585

New issue
New issue
Closed
Closed
x/vulndb: potential Go vuln in github.com/apache/trafficcontrol: GHSA-wp47-9r3h-xfgq#585
Assignees
zpavlinovic
Labels
excluded: NOT_IMPORTABLEThis vulnerability only exists in a binary and is not importable.
@julieqiu

Description

@julieqiu
julieqiu
opened on Aug 1, 2022

In GitHub Security Advisory GHSA-wp47-9r3h-xfgq, there is a vulnerability in the following Go packages or modules:

Unit Fixed Vulnerable Ranges
github.com/apache/trafficcontrol 5.1.6 < 5.1.6

See doc/triage.md for instructions on how to triage this report.

packages:
  - package: github.com/apache/trafficcontrol
    versions:
      - fixed: 5.1.6
  - package: github.com/apache/trafficcontrol
    versions:
      - introduced: 6.0.0
        fixed: 6.1.0
description: In Apache Traffic Control Traffic Ops prior to 6.1.0 or 5.1.6, an unprivileged
    user who can reach Traffic Ops over HTTPS can send a specially-crafted POST request
    to /user/login/oauth to scan a port of a server that Traffic Ops can reach.
published: 2022-02-07T00:00:23Z
last_modified: 2022-02-15T00:18:47Z
cves:
  - CVE-2022-23206
ghsas:
  - GHSA-wp47-9r3h-xfgq
links:
    context:
      - https://github.com/advisories/GHSA-wp47-9r3h-xfgq

Metadata

Metadata

Assignees

Labels

excluded: NOT_IMPORTABLEThis vulnerability only exists in a binary and is not importable.

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions