[GHSA-rx97-6c62-55mf] Hashicorp Nomad Incorrect Privilege Assignment vulnerability#6773
Conversation
There was a problem hiding this comment.
Pull request overview
This PR updates a GitHub security advisory for HashiCorp Nomad (GHSA-rx97-6c62-55mf) by adding missing CVE version ranges for affected Go packages.
Changes:
- Added two new affected package entries for
github.com/hashicorp/nomadwith version ranges - Updated the modification timestamp
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| { | ||
| "package": { | ||
| "ecosystem": "Go", | ||
| "name": "github.com/hashicorp/nomad" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.9.10" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| }, | ||
| { | ||
| "package": { | ||
| "ecosystem": "Go", | ||
| "name": "github.com/hashicorp/nomad" | ||
| }, | ||
| "ranges": [ | ||
| { | ||
| "type": "ECOSYSTEM", | ||
| "events": [ | ||
| { | ||
| "introduced": "0" | ||
| }, | ||
| { | ||
| "fixed": "1.8.14" | ||
| } | ||
| ] | ||
| } | ||
| ] | ||
| } |
There was a problem hiding this comment.
The two vulnerability ranges overlap and could be consolidated. Both specify 'introduced: 0' for the same package, creating redundant entries. Consider using a single range with multiple version-specific 'fixed' events, or specify distinct 'introduced' versions (e.g., '1.9.0' and '1.8.0') to clarify which release lines are affected.
github-actions
bot
changed the base branch from
main
to
dduzgun-security/advisory-improvement-6773
|
Thank you for your contribution. |
|
@JonathanLEvans Ah that's true my mistake on this one, you're right. I'll close this PR. Thanks for looking into it. |
2 participants
Updates
Comments
Missing CVE versions.