cert-manager-1.12.advisories.yaml

schema-version: 2.0.2

package:
  name: cert-manager-1.12

advisories:
  - id: CVE-2020-8552
    aliases:
      - GHSA-82hx-w2r5-c2wq
    events:
      - timestamp: 2023-09-19T16:40:58Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Go vulndb has marked this code NOT_IMPORTABLE.

  - id: CVE-2023-45142
    aliases:
      - GHSA-rcjv-mgp8-qvmr
    events:
      - timestamp: 2023-10-19T12:35:06Z
        type: fixed
        data:
          fixed-version: 1.12.5-r4

  - id: CVE-2023-45283
    aliases:
      - GHSA-vvjp-q62m-2vph
    events:
      - timestamp: 2023-11-07T19:24:01Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-45284
    aliases:
      - GHSA-rq3x-83w4-p28c
    events:
      - timestamp: 2023-11-07T19:24:02Z
        type: false-positive-determination
        data:
          type: vulnerable-code-not-included-in-package
          note: Only affects Windows

  - id: CVE-2023-47108
    aliases:
      - GHSA-8pgv-569h-w5rw
    events:
      - timestamp: 2023-11-17T11:20:51Z
        type: fixed
        data:
          fixed-version: 1.12.6-r1

  - id: CVE-2023-48795
    aliases:
      - GHSA-45x7-px36-x8w8
    events:
      - timestamp: 2023-12-19T16:58:13Z
        type: fixed
        data:
          fixed-version: 1.12.7-r2

  - id: CVE-2024-25620
    aliases:
      - GHSA-v53g-5gjp-272r
    events:
      - timestamp: 2024-02-16T08:37:21Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cmctl-1.12
            componentID: 0f22db49e45981a5
            componentName: helm.sh/helm/v3
            componentVersion: v3.12.0
            componentType: go-module
            componentLocation: /usr/bin/cmctl
            scanner: grype

  - id: GHSA-7ww5-4wqc-m92c
    events:
      - timestamp: 2024-01-12T07:23:32Z
        type: detection
        data:
          type: scan/v1
          data:
            subpackageName: cmctl-1.12
            componentID: 88e1fd4d413b10c6
            componentName: github.com/containerd/containerd
            componentVersion: v1.7.6
            componentType: go-module
            componentLocation: /usr/bin/cmctl
            scanner: grype
      - timestamp: 2024-01-25T07:06:11Z
        type: fixed
        data:
          fixed-version: 1.12.7-r3

  - id: GHSA-jq35-85cj-fj4p
    events:
      - timestamp: 2023-11-17T11:21:48Z
        type: fixed
        data:
          fixed-version: 1.12.6-r1