GO-2022-1043

See a problem?
Please try reporting it to the source first.

Source

https://pkg.go.dev/vuln/GO-2022-1043

Import Source

https://vuln.go.dev/ID/GO-2022-1043.json

JSON Data

https://api.test.osv.dev/v1/vulns/GO-2022-1043

Aliases

Published

2022-10-31T17:09:13Z

Modified

2024-05-20T16:03:47Z

Summary

Hardcoded hashed password in github.com/flyteorg/flyteadmin

Details

Default authorization server's configuration settings contain a known hardcoded hashed password.

Users who enable auth but do not override this setting may unknowingly allow public traffic in by way of this default password with attackers effectively impersonating propeller.

Database specific

{
    "review_status": "REVIEWED",
    "url": "https://pkg.go.dev/vuln/GO-2022-1043"
}

References

Affected packages

Go / github.com/flyteorg/flyteadmin

Package

Name: github.com/flyteorg/flyteadmin; View open source insights on deps.dev
Purl: pkg:golang/github.com/flyteorg/flyteadmin

Affected ranges

Type: SEMVER
Events: Introduced

1.0.0

Fixed

1.1.44

Ecosystem specific

{
    "imports": [
        {
            "path": "github.com/flyteorg/flyteadmin/auth/config"
        }
    ]
}