-
Notifications
You must be signed in to change notification settings - Fork 72
/
Copy pathamazon-cloudwatch-agent.advisories.yaml
202 lines (192 loc) · 6 KB
/
amazon-cloudwatch-agent.advisories.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
schema-version: 2.0.2
package:
name: amazon-cloudwatch-agent
advisories:
- id: CGA-5f9f-j38c-wq3r
aliases:
- CVE-2025-29786
- GHSA-93mq-9ffx-83m2
events:
- timestamp: 2025-03-18T07:04:14Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: be37647b3f4b6de9
componentName: github.com/expr-lang/expr
componentVersion: v1.16.9
componentType: go-module
componentLocation: /usr/bin/config-translator
scanner: grype
- timestamp: 2025-03-18T15:36:38Z
type: fixed
data:
fixed-version: 1.300053.1-r1
- id: CGA-5w3f-rxj7-hxfm
aliases:
- CVE-2019-3826
- GHSA-3m87-5598-2v4f
events:
- timestamp: 2025-03-04T07:05:22Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: 3bfeef576760f228
componentName: github.com/prometheus/prometheus
componentVersion: v0.54.1
componentType: go-module
componentLocation: /usr/bin/config-translator
scanner: grype
- timestamp: 2025-03-04T17:57:41Z
type: false-positive-determination
data:
type: component-vulnerability-mismatch
note: Prometheus ships a Go (Golang) library with a versioning scheme that follows the 0.x format. However, the Prometheus application itself uses a versioning scheme based on 1.x, 2.x, etc. The vulnerability identified in CVE-2019-3826 is specifically associated with the Prometheus application, not the Golang library.
- id: CGA-6xxp-833c-vv88
aliases:
- CVE-2025-22868
events:
- timestamp: 2025-03-06T06:40:02Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: 99121fe8f3c77776
componentName: golang.org/x/oauth2
componentVersion: v0.24.0
componentType: go-module
componentLocation: /usr/bin/config-downloader
scanner: grype
- timestamp: 2025-03-13T11:35:11Z
type: fixed
data:
fixed-version: 1.300053.0-r7
- id: CGA-9gxf-mw59-grhv
aliases:
- CVE-2025-22866
- GHSA-3whm-j4xm-rv8x
events:
- timestamp: 2025-02-08T14:38:32Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: 5f78f1007b53ed12
componentName: stdlib
componentVersion: go1.23.5
componentType: go-module
componentLocation: /usr/bin/config-downloader
scanner: grype
- timestamp: 2025-02-09T02:24:08Z
type: fixed
data:
fixed-version: 1.300052.0-r1
- id: CGA-f2p4-6w58-4rv3
aliases:
- CVE-2025-22869
events:
- timestamp: 2025-03-06T06:40:04Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: 6a00858ace949211
componentName: golang.org/x/crypto
componentVersion: v0.31.0
componentType: go-module
componentLocation: /usr/bin/config-translator
scanner: grype
- timestamp: 2025-03-21T01:26:21Z
type: fixed
data:
fixed-version: 1.300054.0-r1
- id: CGA-jj8p-qgp7-mrrc
aliases:
- CVE-2025-22870
- GHSA-qxp5-gwg8-xv66
events:
- timestamp: 2025-03-13T11:37:02Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: 40cd017507933780
componentName: golang.org/x/net
componentVersion: v0.33.0
componentType: go-module
componentLocation: /usr/bin/amazon-cloudwatch-agent-config-wizard
scanner: grype
- timestamp: 2025-03-21T01:26:22Z
type: fixed
data:
fixed-version: 1.300054.0-r1
- id: CGA-qhhp-9rmp-vcgm
aliases:
- CVE-2024-45338
- GHSA-w32m-9786-jp63
events:
- timestamp: 2024-12-19T15:02:27Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: 22dc7878634bc546
componentName: golang.org/x/net
componentVersion: v0.27.0
componentType: go-module
componentLocation: /usr/bin/amazon-cloudwatch-agent
scanner: grype
- timestamp: 2024-12-20T04:01:53Z
type: fixed
data:
fixed-version: 1.300051.0-r2
- id: CGA-rhxq-3f3m-cqvq
aliases:
- CVE-2024-45337
- GHSA-v778-237x-gjrc
events:
- timestamp: 2024-12-12T07:23:03Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: c104ced249589a09
componentName: golang.org/x/crypto
componentVersion: v0.25.0
componentType: go-module
componentLocation: /usr/bin/amazon-cloudwatch-agent
scanner: grype
- timestamp: 2024-12-12T16:19:14Z
type: fixed
data:
fixed-version: 1.300051.0-r1
- id: CGA-rm34-7545-94rw
aliases:
- CVE-2025-30204
- GHSA-mh63-6h87-95cp
events:
- timestamp: 2025-03-22T07:18:51Z
type: detection
data:
type: scan/v1
data:
subpackageName: amazon-cloudwatch-agent
componentID: 2549aa356711a839
componentName: github.com/golang-jwt/jwt/v5
componentVersion: v5.2.1
componentType: go-module
componentLocation: /usr/bin/config-translator
scanner: grype
- timestamp: 2025-03-22T09:06:48Z
type: fixed
data:
fixed-version: 1.300054.0-r2