x/vulndb: potential Go vuln in github.com/dapr/dashboard: CVE-2022-38817

[GoVulnBot]

CVE-2022-38817 references github.com/dapr/dashboard, which may be a Go module.

Description:
Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.

References:

• NIST: https://nvd.nist.gov/vuln/detail/CVE-2022-38817
• JSON: https://github.com/CVEProject/cvelist/tree/9288119e5ab2131a2295b4c44074db9b415b49c9/2022/38xxx/CVE-2022-38817.json
• fix: https://github.com/dapr/dashboard
• fix: Vulnerabilities exist for unauthorized access to sensitive information and application closure dapr/dashboard#222
• Imported by: https://pkg.go.dev/github.com/dapr/dashboard?tab=importedby

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: github.com/dapr/dashboard
    packages:
      - package: n/a
description: |
    Dapr Dashboard v0.1.0 through v0.10.0 is vulnerable to Incorrect Access Control that allows attackers to obtain sensitive data.
cves:
  - CVE-2022-38817
references:
  - fix: https://github.com/dapr/dashboard
  - fix: https://github.com/dapr/dashboard/issues/222

[gopherbot]

Change https://go.dev/cl/439039 mentions this issue: data/excluded: add GO-2022-1033.yaml for CVE-2022-38817

[gopherbot]

Change https://go.dev/cl/592774 mentions this issue: data/reports: unexclude 50 reports

[gopherbot]

Change https://go.dev/cl/607230 mentions this issue: data/reports: unexclude 20 reports (28)