data/reports: regenerate 50 reports

- data/reports/GO-2024-2428.yaml - data/reports/GO-2024-2442.yaml - data/reports/GO-2024-2444.yaml - data/reports/GO-2024-2445.yaml - data/reports/GO-2024-2446.yaml - data/reports/GO-2024-2447.yaml - data/reports/GO-2024-2448.yaml - data/reports/GO-2024-2449.yaml - data/reports/GO-2024-2450.yaml - data/reports/GO-2024-2478.yaml - data/reports/GO-2024-2485.yaml - data/reports/GO-2024-2486.yaml - data/reports/GO-2024-2488.yaml - data/reports/GO-2024-2499.yaml - data/reports/GO-2024-2501.yaml - data/reports/GO-2024-2505.yaml - data/reports/GO-2024-2508.yaml - data/reports/GO-2024-2509.yaml - data/reports/GO-2024-2511.yaml - data/reports/GO-2024-2513.yaml - data/reports/GO-2024-2514.yaml - data/reports/GO-2024-2515.yaml - data/reports/GO-2024-2517.yaml - data/reports/GO-2024-2519.yaml - data/reports/GO-2024-2520.yaml - data/reports/GO-2024-2523.yaml - data/reports/GO-2024-2540.yaml - data/reports/GO-2024-2541.yaml - data/reports/GO-2024-2566.yaml - data/reports/GO-2024-2568.yaml - data/reports/GO-2024-2569.yaml - data/reports/GO-2024-2576.yaml - data/reports/GO-2024-2578.yaml - data/reports/GO-2024-2579.yaml - data/reports/GO-2024-2580.yaml - data/reports/GO-2024-2582.yaml - data/reports/GO-2024-2588.yaml - data/reports/GO-2024-2589.yaml - data/reports/GO-2024-2590.yaml - data/reports/GO-2024-2591.yaml - data/reports/GO-2024-2592.yaml - data/reports/GO-2024-2593.yaml - data/reports/GO-2024-2594.yaml - data/reports/GO-2024-2595.yaml - data/reports/GO-2024-2597.yaml - data/reports/GO-2024-2629.yaml - data/reports/GO-2024-2635.yaml - data/reports/GO-2024-2636.yaml - data/reports/GO-2024-2637.yaml - data/reports/GO-2024-2641.yaml Updates #2428 Updates #2442 Updates #2444 Updates #2445 Updates #2446 Updates #2447 Updates #2448 Updates #2449 Updates #2450 Updates #2478 Updates #2485 Updates #2486 Updates #2488 Updates #2499 Updates #2501 Updates #2505 Updates #2508 Updates #2509 Updates #2511 Updates #2513 Updates #2514 Updates #2515 Updates #2517 Updates #2519 Updates #2520 Updates #2523 Updates #2540 Updates #2541 Updates #2566 Updates #2568 Updates #2569 Updates #2576 Updates #2578 Updates #2579 Updates #2580 Updates #2582 Updates #2588 Updates #2589 Updates #2590 Updates #2591 Updates #2592 Updates #2593 Updates #2594 Updates #2595 Updates #2597 Updates #2629 Updates #2635 Updates #2636 Updates #2637 Updates #2641 Change-Id: If02ad5ae2b621addda56b45d8c84b0476a12737b Reviewed-on: https://go-review.googlesource.com/c/vulndb/+/606358 Reviewed-by: Damien Neil <dneil@google.com> Auto-Submit: Tatiana Bradley <tatianabradley@google.com> LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>
golang · Aug 19, 2024 · 08b42c7 · 08b42c7
1 parent 9c256df
commit 08b42c7
Show file tree

Hide file tree

Showing 57 changed files with 101 additions and 187 deletions.
diff --git a/data/osv/GO-2024-2442.json b/data/osv/GO-2024-2442.json
@@ -3,11 +3,12 @@
   "id": "GO-2024-2442",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "withdrawn": "2024-01-23T12:50:23Z",
   "aliases": [
     "GHSA-76cc-p55w-63g3"
   ],
-  "summary": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport",
-  "details": "Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
+  "summary": "Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport",
+  "details": "Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
   "affected": [
     {
       "package": {

diff --git a/data/osv/GO-2024-2445.json b/data/osv/GO-2024-2445.json
@@ -3,11 +3,12 @@
   "id": "GO-2024-2445",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "withdrawn": "2024-01-23T12:50:08Z",
   "aliases": [
     "GHSA-c9v7-wmwj-vf6x"
   ],
-  "summary": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport",
-  "details": "SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
+  "summary": "Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport",
+  "details": "Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
   "affected": [
     {
       "package": {

diff --git a/data/osv/GO-2024-2447.json b/data/osv/GO-2024-2447.json
@@ -3,11 +3,12 @@
   "id": "GO-2024-2447",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "withdrawn": "2024-01-23T12:50:39Z",
   "aliases": [
     "GHSA-hw4x-mcx5-9q36"
   ],
-  "summary": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport",
-  "details": "Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
+  "summary": "Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport",
+  "details": "Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low privileged users in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
   "affected": [
     {
       "package": {

diff --git a/data/osv/GO-2024-2449.json b/data/osv/GO-2024-2449.json
@@ -3,11 +3,12 @@
   "id": "GO-2024-2449",
   "modified": "0001-01-01T00:00:00Z",
   "published": "0001-01-01T00:00:00Z",
+  "withdrawn": "2024-01-23T12:49:53Z",
   "aliases": [
     "GHSA-vfxf-76hv-v4w4"
   ],
-  "summary": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport",
-  "details": "User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
+  "summary": "Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport",
+  "details": "Withdrawn Advisory: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/gravitational/teleport before v12.4.31, from v13.0.0 before v13.4.13, from v14.0.0 before v14.2.4.",
   "affected": [
     {
       "package": {

diff --git a/data/osv/GO-2024-2568.json b/data/osv/GO-2024-2568.json
@@ -20,7 +20,7 @@
           "type": "SEMVER",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.14.0"
             },
             {
               "fixed": "1.14.7"

diff --git a/data/osv/GO-2024-2569.json b/data/osv/GO-2024-2569.json
@@ -20,7 +20,7 @@
           "type": "SEMVER",
           "events": [
             {
-              "introduced": "0"
+              "introduced": "1.14.0"
             },
             {
               "fixed": "1.14.7"

diff --git a/data/osv/GO-2024-2635.json b/data/osv/GO-2024-2635.json
@@ -8,7 +8,7 @@
     "GHSA-r4fm-g65h-cr54"
   ],
   "summary": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server",
-  "details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server.\n\nNOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions.\n\n(If this is causing false-positive reports from vulnerability scanners, please suggest an edit to the report.)\n\nThe additional affected modules and versions are: github.com/mattermost/mattermost/server/v8 before v8.1.9.",
+  "details": "Mattermost incorrectly allows access individual posts in github.com/mattermost/mattermost-server",
   "affected": [
     {
       "package": {
@@ -79,21 +79,7 @@
           ]
         }
       ],
-      "ecosystem_specific": {
-        "custom_ranges": [
-          {
-            "type": "ECOSYSTEM",
-            "events": [
-              {
-                "introduced": "0"
-              },
-              {
-                "fixed": "8.1.9"
-              }
-            ]
-          }
-        ]
-      }
+      "ecosystem_specific": {}
     }
   ],
   "references": [

diff --git a/data/reports/GO-2024-2428.yaml b/data/reports/GO-2024-2428.yaml
@@ -11,8 +11,6 @@ cves:
     - CVE-2023-5044
 ghsas:
     - GHSA-fp9f-44c2-cw27
-unknown_aliases:
-    - BIT-nginx-ingress-controller-2023-5044
 references:
     - advisory: https://github.com/advisories/GHSA-fp9f-44c2-cw27
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-5044
@@ -22,6 +20,6 @@ references:
     - web: https://security.netapp.com/advisory/ntap-20240307-0012
 source:
     id: GHSA-fp9f-44c2-cw27
-    created: 2024-06-14T11:34:12.417676-04:00
+    created: 2024-08-16T15:55:16.958982-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2442.yaml b/data/reports/GO-2024-2442.yaml
@@ -7,13 +7,14 @@ modules:
         - introduced: 14.0.0
         - fixed: 14.2.4
       vulnerable_at: 3.2.17+incompatible
-summary: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport
+summary: 'Withdrawn Advisory: Teleport Access List owners can escalate their privileges in github.com/gravitational/teleport'
+withdrawn: "2024-01-23T12:50:23Z"
 ghsas:
     - GHSA-76cc-p55w-63g3
 references:
     - advisory: https://github.com/gravitational/teleport/security/advisories/GHSA-76cc-p55w-63g3
 source:
     id: GHSA-76cc-p55w-63g3
-    created: 2024-06-14T11:35:01.72578-04:00
+    created: 2024-08-16T15:56:08.836802-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2444.yaml b/data/reports/GO-2024-2444.yaml
@@ -1,30 +1,27 @@
 id: GO-2024-2444
 modules:
     - module: github.com/mattermost/mattermost-server
-      vulnerable_at: 9.9.0+incompatible
+      vulnerable_at: 9.11.0+incompatible
     - module: github.com/mattermost/mattermost-server/v5
       vulnerable_at: 5.39.3
     - module: github.com/mattermost/mattermost-server/v6
       vulnerable_at: 6.7.2
     - module: github.com/mattermost/mattermost/server/v8
       non_go_versions:
         - fixed: 8.1.7
-      vulnerable_at: 8.0.0-20240626184126-817e18414e41
+      vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
 summary: Mattermost allows demoted guests to change group names in github.com/mattermost/mattermost-server
 cves:
     - CVE-2023-50333
 ghsas:
     - GHSA-9w97-9rqx-8v4j
-unknown_aliases:
-    - BIT-mattermost-2023-50333
-    - CGA-28fj-7rmv-xw55
 references:
     - advisory: https://github.com/advisories/GHSA-9w97-9rqx-8v4j
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-50333
     - web: https://github.com/mattermost/mattermost/commit/61dd452fb2fcd3ac6f7b2e050f7f0a93a92d95fc
     - web: https://mattermost.com/security-updates
 source:
     id: GHSA-9w97-9rqx-8v4j
-    created: 2024-06-26T16:12:41.49358-04:00
+    created: 2024-08-16T15:57:37.961165-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2445.yaml b/data/reports/GO-2024-2445.yaml
@@ -8,7 +8,10 @@ modules:
         - introduced: 14.0.0
         - fixed: 14.2.4
       vulnerable_at: 3.2.17+incompatible
-summary: SFTP is possible on the Proxy server for any user with SFTP access in github.com/gravitational/teleport
+summary: |-
+    Withdrawn Advisory: SFTP is possible on the Proxy server for any user with SFTP
+    access in github.com/gravitational/teleport
+withdrawn: "2024-01-23T12:50:08Z"
 ghsas:
     - GHSA-c9v7-wmwj-vf6x
 references:
@@ -17,6 +20,6 @@ references:
     - fix: https://github.com/gravitational/teleport/pull/36136
 source:
     id: GHSA-c9v7-wmwj-vf6x
-    created: 2024-06-14T11:35:27.699279-04:00
+    created: 2024-08-16T15:58:42.619857-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2446.yaml b/data/reports/GO-2024-2446.yaml
@@ -1,29 +1,26 @@
 id: GO-2024-2446
 modules:
     - module: github.com/mattermost/mattermost-server
-      vulnerable_at: 9.9.0+incompatible
+      vulnerable_at: 9.11.0+incompatible
     - module: github.com/mattermost/mattermost-server/v5
       vulnerable_at: 5.39.3
     - module: github.com/mattermost/mattermost-server/v6
       vulnerable_at: 6.7.2
     - module: github.com/mattermost/mattermost/server/v8
       non_go_versions:
         - fixed: 8.1.7
-      vulnerable_at: 8.0.0-20240626184126-817e18414e41
+      vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
 summary: Mattermost Cross-site Scripting vulnerability in github.com/mattermost/mattermost-server
 cves:
     - CVE-2023-7113
 ghsas:
     - GHSA-h3gq-j7p9-x3p4
-unknown_aliases:
-    - BIT-mattermost-2023-7113
-    - CGA-pcxv-43r4-92mm
 references:
     - advisory: https://github.com/advisories/GHSA-h3gq-j7p9-x3p4
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-7113
     - web: https://mattermost.com/security-updates
 source:
     id: GHSA-h3gq-j7p9-x3p4
-    created: 2024-06-26T16:12:13.229043-04:00
+    created: 2024-08-16T15:59:00.341654-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2447.yaml b/data/reports/GO-2024-2447.yaml
@@ -9,8 +9,9 @@ modules:
         - fixed: 14.2.4
       vulnerable_at: 3.2.17+incompatible
 summary: |-
-    Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts is possible from low
-    privileged users in github.com/gravitational/teleport
+    Withdrawn Advisory: Teleport Proxy and Teleport Agents: SSRF to arbitrary hosts
+    is possible from low privileged users in github.com/gravitational/teleport
+withdrawn: "2024-01-23T12:50:39Z"
 ghsas:
     - GHSA-hw4x-mcx5-9q36
 references:
@@ -19,6 +20,6 @@ references:
     - fix: https://github.com/gravitational/teleport/pull/36127
 source:
     id: GHSA-hw4x-mcx5-9q36
-    created: 2024-06-14T11:35:35.160981-04:00
+    created: 2024-08-16T15:59:03.836685-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2448.yaml b/data/reports/GO-2024-2448.yaml
@@ -11,24 +11,21 @@ modules:
     - module: github.com/mattermost/mattermost/server/v8
       non_go_versions:
         - fixed: 8.1.7
-      vulnerable_at: 8.0.0-20240626184126-817e18414e41
+      vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
 summary: |-
     Mattermost notified all users in the channel when using WebSockets to respond
     individually in github.com/mattermost/mattermost-server
 cves:
     - CVE-2023-48732
 ghsas:
     - GHSA-q7rx-w656-fwmv
-unknown_aliases:
-    - BIT-mattermost-2023-48732
-    - CGA-jhcr-g7wj-9vq2
 references:
     - advisory: https://github.com/advisories/GHSA-q7rx-w656-fwmv
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-48732
     - web: https://github.com/mattermost/mattermost/commit/851515be222160bee0a495c0d411056b19ed4111
     - web: https://mattermost.com/security-updates
 source:
     id: GHSA-q7rx-w656-fwmv
-    created: 2024-06-26T16:10:54.767283-04:00
+    created: 2024-08-16T15:59:06.451782-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2449.yaml b/data/reports/GO-2024-2449.yaml
@@ -8,7 +8,10 @@ modules:
         - introduced: 14.0.0
         - fixed: 14.2.4
       vulnerable_at: 3.2.17+incompatible
-summary: User-provided environment values allow execution on macOS agents in github.com/gravitational/teleport
+summary: |-
+    Withdrawn Advisory: User-provided environment values allow execution on macOS
+    agents in github.com/gravitational/teleport
+withdrawn: "2024-01-23T12:49:53Z"
 ghsas:
     - GHSA-vfxf-76hv-v4w4
 references:
@@ -17,6 +20,6 @@ references:
     - fix: https://github.com/gravitational/teleport/pull/36132
 source:
     id: GHSA-vfxf-76hv-v4w4
-    created: 2024-06-14T11:35:44.744025-04:00
+    created: 2024-08-16T15:59:25.038667-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2450.yaml b/data/reports/GO-2024-2450.yaml
@@ -3,29 +3,26 @@ modules:
     - module: github.com/mattermost/mattermost-server
       non_go_versions:
         - fixed: 7.8.10
-      vulnerable_at: 9.9.0+incompatible
+      vulnerable_at: 9.11.0+incompatible
     - module: github.com/mattermost/mattermost-server/v5
       vulnerable_at: 5.39.3
     - module: github.com/mattermost/mattermost-server/v6
       vulnerable_at: 6.7.2
     - module: github.com/mattermost/mattermost/server/v8
       non_go_versions:
         - fixed: 8.1.1
-      vulnerable_at: 8.0.0-20240626184126-817e18414e41
+      vulnerable_at: 8.0.0-20240816093336-e666f7ccfc35
 summary: Mattermost viewing archived public channels permissions vulnerability in github.com/mattermost/mattermost-server
 cves:
     - CVE-2023-47858
 ghsas:
     - GHSA-w88v-pjr8-cmv2
-unknown_aliases:
-    - BIT-mattermost-2023-47858
-    - CGA-4m9j-264v-7mr3
 references:
     - advisory: https://github.com/advisories/GHSA-w88v-pjr8-cmv2
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2023-47858
     - web: https://mattermost.com/security-updates
 source:
     id: GHSA-w88v-pjr8-cmv2
-    created: 2024-06-26T16:13:37.899374-04:00
+    created: 2024-08-16T15:59:27.824124-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2478.yaml b/data/reports/GO-2024-2478.yaml
@@ -19,6 +19,6 @@ references:
     - web: https://blitiri.com.ar/p/chasquid/relnotes/#113-2023-12-24
 source:
     id: GHSA-g4x3-mfpj-f335
-    created: 2024-06-26T16:14:26.250749-04:00
+    created: 2024-08-16T16:37:28.044846-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2485.yaml b/data/reports/GO-2024-2485.yaml
@@ -10,8 +10,6 @@ cves:
     - CVE-2020-10661
 ghsas:
     - GHSA-j6vv-vv26-rh7c
-unknown_aliases:
-    - BIT-vault-2020-10661
 references:
     - advisory: https://github.com/advisories/GHSA-j6vv-vv26-rh7c
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10661
@@ -20,6 +18,6 @@ references:
     - web: https://www.hashicorp.com/blog/category/vault
 source:
     id: GHSA-j6vv-vv26-rh7c
-    created: 2024-06-14T11:37:17.728135-04:00
+    created: 2024-08-16T16:01:08.485499-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2486.yaml b/data/reports/GO-2024-2486.yaml
@@ -10,8 +10,6 @@ cves:
     - CVE-2020-10660
 ghsas:
     - GHSA-m979-w9wj-qfj9
-unknown_aliases:
-    - BIT-vault-2020-10660
 references:
     - advisory: https://github.com/advisories/GHSA-m979-w9wj-qfj9
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-10660
@@ -21,6 +19,6 @@ references:
     - web: https://www.hashicorp.com/blog/category/vault
 source:
     id: GHSA-m979-w9wj-qfj9
-    created: 2024-06-14T11:37:27.238275-04:00
+    created: 2024-08-16T16:01:23.539137-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE
diff --git a/data/reports/GO-2024-2488.yaml b/data/reports/GO-2024-2488.yaml
@@ -16,8 +16,6 @@ cves:
     - CVE-2020-16251
 ghsas:
     - GHSA-4mp7-2m29-gqxf
-unknown_aliases:
-    - BIT-vault-2020-16251
 references:
     - advisory: https://github.com/advisories/GHSA-4mp7-2m29-gqxf
     - advisory: https://nvd.nist.gov/vuln/detail/CVE-2020-16251
@@ -26,6 +24,6 @@ references:
     - web: https://www.hashicorp.com/blog/category/vault
 source:
     id: GHSA-4mp7-2m29-gqxf
-    created: 2024-06-14T11:37:32.985013-04:00
+    created: 2024-08-16T16:01:28.479046-04:00
 review_status: UNREVIEWED
 unexcluded: EFFECTIVELY_PRIVATE