container

package

Go to main page

Versions in this module

v0

v0.0.20

Dec 8, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.19

Nov 28, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.18

Nov 20, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.17

Nov 16, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.16

Nov 15, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.15

Nov 9, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.14

Nov 6, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.13

Nov 6, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.12

Nov 5, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

v0.0.11

Nov 4, 2023 GO-2024-2582 +6 more

GO-2024-2582: Minder trusts client-provided mapping from repo name to upstream ID in github.com/stacklok/minder

GO-2024-2608: Minder access control bypass in github.com/stacklok/minder

GO-2024-2821: Denial of Service from untrusted requests in github.com/stacklok/minder

GO-2024-2864: Denial of service of Minder Server with attacker-controlled REST endpoint in github.com/stacklok/minder

GO-2024-2871: Stacklok Minder vulnerable to denial of service from maliciously crafted templates in github.com/stacklok/minder

GO-2024-2885: Denial of service of Minder Server from maliciously crafted GitHub attestations in github.com/stacklok/minder

GO-2024-2934: Minder affected by denial of service from maliciously configured Git repository in github.com/stacklok/minder

Changes in this version

+ var ErrProtoParse = errors.New("error getting bytes from proto")

+ var ErrSigValidation = errors.New("error validating signature")

+ var REGISTRY = "ghcr.io"

+ func ExtractIdentityFromCertificate(manifest containerregistry.Manifest) (string, string, error)

+ func FindSignatureTag(tags []string) string

+ func GetArtifactSignatureAndWorkflowInfo(ctx context.Context, cli provifv1.Provider, ...) (sigInfo json.RawMessage, workflowInfo json.RawMessage, err error)

+ func GetImageManifest(imageRef name.Reference, username string, token string) (containerregistry.Manifest, error)

+ func GetKeysFromVerified(verified []oci.Signature) ([]payload.SimpleContainerImage, error)

+ func GetSignatureTag(imageRef name.Reference, username string, token string) (name.Reference, error)

+ func TagsContainSignature(tags []string) bool

+ func ValidateSignature(ctx context.Context, accessToken string, package_owner string, ...) (*pb.SignatureVerification, *pb.GithubWorkflow, error)

+ func VerifyFromIdentity(ctx context.Context, imageRef string, owner string, token string, ...) (bool, bool, map[string]interface{}, error)

?	: This menu
/	: Search site
f or F	: Jump to
y or Y	: Canonical URL