profile
viewpoint
Brian Ketelsen bketelsen @Microsoft Corporation Tampa, FL http://www.brianketelsen.com

bketelsen/buffet 9

OpenTracing middleware for Buffalo

bketelsen/blog 4

karax based SPA blog. Very WIP, learning project, do not emulate

asw101/hello-hugo-actions 2

Sample repo for "Use GitHub Actions to a publish a static site with hugo and azcopy" at https://aaronmsft.com/posts/github-actions-static-site/ (live at: https://190800actions.z13.web.core.windows.net/)

bketelsen/bml 2

The BML Markup Language

bketelsen/brianketelsen 2

Brian Ketelsen homepage

arschles/gifm-site 1

The Go in 5 Minutes Website

bketelsen/acrtasks 1

Demonstration of Azure Container Registry Build Tasks

bketelsen/alpine-linux-build 1

Docker image of Alpine Linux with many compilers needed to build code that's meant to run on Alpine Linux.

bketelsen/backlog 1

Fork of uber-go/zap with fluent interface added for less annoyance

startedwilldoescode/nat

started time in 12 hours

startedBhupesh-V/dotman

started time in a day

startedicexin/eggos

started time in 3 days

startedhjdhjd/homebridge-unifi-protect

started time in 4 days

startedplanety/prologue

started time in 6 days

startedlukeed/cfw

started time in 9 days

startedlukeed/freshie

started time in 9 days

startedtemporalio/temporal

started time in 9 days

startedsecond-state/SSVM

started time in 11 days

push eventbketelsen/gcdiscord

Brian Ketelsen

commit sha 92cefcf9aa02830c536db263648ea65581b93abe

Create README.md

view details

push time in 18 days

push eventbketelsen/gcdiscord

Brian Ketelsen

commit sha 2464258209450699b7b0d57545aedeaae36f10a6

First commit

view details

push time in 18 days

create barnchbketelsen/gcdiscord

branch : main

created branch time in 18 days

created repositorybketelsen/gcdiscord

Discord Bot for Gophercon

created time in 18 days

push eventbketelsen/newsapper

Brian Ketelsen

commit sha 124e7512465e1518252b9f39c433dac05f265fd3

fix build

view details

push time in 25 days

push eventbketelsen/newsapper

Azure Static Web Apps

commit sha 5752b6e75c1e33a34fc0ce6fb771d53747bbd691

ci: add Azure Static Web Apps workflow file on-behalf-of: @Azure opensource@microsoft.com

view details

push time in 25 days

create barnchbketelsen/newsapper

branch : main

created branch time in 25 days

created repositorybketelsen/newsapper

created time in 25 days

push eventbketelsen/eleven

Brian Ketelsen

commit sha c39443e98c4e8f63a367735fec78bcee8d68bef6

rename

view details

Brian Ketelsen

commit sha f6276790e21aee780d7586f8ecd11291029683ef

wip

view details

push time in a month

PR closed zentures/surgemq

make surgemq build

simple PR to get the surge MQ server building and running.

+2 -1

0 comment

2 changed files

bketelsen

pr closed time in a month

PR closed miekg/skydns2

K8s master

change kubernetes client to use k8s api at master after breaking kubernetes API change

+3261 -697

1 comment

21 changed files

bketelsen

pr closed time in a month

PR closed crosbymichael/skydock

Support proxy requests via SRV records

Here's an outline of a way to support adding and removing containers from a running hipache instance. It isn't implemented yet, but presented here as a discussion topic. Let me know what you think about the approach, whether this fits in SkyDock proper, whether it should be implemented as a plugin somewhere, or whether I should just keep it in a fork.

The ultimate goal is to allow you to add new containers directly to hipache by simply starting containers. The container's name will be used as the public URL in hipache.

What about containers we don't want added to hipache? My url naming convention won't help there.

+38 -0

65 comments

3 changed files

bketelsen

pr closed time in a month

startedstarship/starship

started time in a month

startedtoadjaune/pulseaudio-config

started time in a month

startedknausj85/knausj_talon

started time in a month

startedpateketrueke/svql

started time in a month

startedAlexxNB/svelte-chota

started time in a month

startedmhatvan/markushatvan.com

started time in a month

startedcloudflare/workers-docs-engine

started time in a month

startedblushft/go-diagrams

started time in a month

push eventbketelsen/eleven

Brian Ketelsen

commit sha 8541a0ee2cac16890db7e11a5d164d0a036afdfe

more

view details

push time in a month

push eventbketelsen/eleven

Brian Ketelsen

commit sha 2c87a484844f24fa688bdf91ab1e87d9cb8a8b40

adding more types

view details

push time in a month

push eventbketelsen/eleven

Brian Ketelsen

commit sha 0a1728bea52ae19f9f8dfec897ad744c5e383f35

adding more types

view details

push time in a month

push eventbketelsen/eleven

Azure Static Web Apps

commit sha d3c0f805d3eac04907d34868b152da7bbb92076d

ci: add Azure Static Web Apps workflow file on-behalf-of: @Azure opensource@microsoft.com

view details

push time in a month

create barnchbketelsen/eleven

branch : master

created branch time in a month

created repositorybketelsen/eleven

This one goes to eleven

created time in a month

create barnchbketelsen/overlays

branch : master

created branch time in a month

created repositorybketelsen/overlays

created time in a month

push eventbketelsen/storyblog

Brian Ketelsen

commit sha 9dd3be554d41381bbbddae58f70b6f14f984ef88

note on ifconfig

view details

push time in a month

startedottomatica/docable-notebooks

started time in a month

startedf-secure-foundry/tamago-example

started time in a month

startedsaanuregh/hola

started time in a month

startederikstmartin/rtmp-switcher

started time in a month

starteddwot/obs-autopilot

started time in a month

issue openedRicardoEPRodrigues/Linux-Magic-Trackpad-2-Driver

[Not a bug] Thank you!

Just wanted to drop by and say "thanks!" this fixed my problems and nothing else worked. You rock for sharing it.

created time in a month

startedlambda-fairy/maud

started time in a month

startednkantar/sus

started time in a month

push eventgopheracademy/gopheracademy-web

Brian Ketelsen

commit sha 982088b65bd48d3f73bf104e4393eb2cf429f7d6

Update gophercon-2020-agenda.md

view details

push time in a month

push eventgopheracademy/gopheracademy-web

Brian Ketelsen

commit sha f6852b187e0a33f03277e40661443f04b2cd2add

typo

view details

push time in a month

push eventgopheracademy/gopheracademy-web

Brian Ketelsen

commit sha 74c820b71f3b0ed31894eff4c53470ece5d52c66

Update gophercon-2020-agenda.md

view details

push time in a month

push eventgopheracademy/gopheracademy-web

Brian Ketelsen

commit sha a2ade5ce47896aff7622bc985c43abc1d9fc9a9d

2020 agenda

view details

Brian Ketelsen

commit sha 4e2a7b414851922a5e6c072491844ef23370ce6d

Merge branch 'master' of github.com:gopheracademy/gopheracademy-web

view details

push time in a month

startedmaterial-shell/material-shell

started time in a month

startedneutraltone/awesome-stock-resources

started time in 2 months

push eventbketelsen/storyblog

Brian Ketelsen

commit sha b68d06d180ad4afe7aa02da76b2805f4fd4705f1

releqme

view details

push time in 2 months

push eventbketelsen/dockerfiles

Christian

commit sha 3ae06c10806704edc03a6c892cbe4a66001ab0d6

tor-browser stable 6.0.5 (#190)

view details

Christian

commit sha a51966aee06d416d040709ff751058a0423e282c

tor-messenger 0.2.0b2 (#191)

view details

Jess Frazelle

commit sha 42eb6dc97005655fdaafa4bd1f1d6c1e7d8cb84a

fix consul Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 62d42fc70a91ada677b9da8c67864a1d5d7a1bc7

fix ricochet Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha bd0aab93cded49771a92232fc704e9fa19e0804c

update versions Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 222971e11eef89de173ab5855baa978044e4b38b

update to stretch Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 102da0ff3349f23ec6039669b696d2502cfa35e1

update base images Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 38fb6ec21286b5b0886f0060a884c56e9d877a98

cleanup Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 0c2e49733ee8eaffb5cd2005aac84ca49d0e1e86

cleanup Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha c4ff0cf58c03cd454bfad46c8618378a44490b87

cleanup maintainers Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Christian

commit sha 55adf5bc1450364a8f4537260bd4550096b1770d

Fix atom (#193)

view details

Jess Frazelle

commit sha 14dfd14c962cd64ca82e79a1da92218db92e7ffc

fix wireshark Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 23b8c747a8b030532ec0b137e0efbc57feee186e

fix fingerprints Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 39e618c3cb5268fa1208490d37d17c1636e2dc40

fixes Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha aab90b457e428d22a3868e02068783972d8c4d7d

update script Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 4d28fafe1edab77e4873f6fb734b75156a754afd

cleanup Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha b8715338ba718cf0da9858b6dd0c5e2bad91fad1

add clean-registry image Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 7a631df11110344bf2698977a30d7bef950546be

telize jessie Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 543e5400100359ff0db2b7dbebb7464815adb4b5

update; Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

Jess Frazelle

commit sha 5b94937a1c1a4c09532cef64263b2b549cbd708b

add commit-watcher; Signed-off-by: Jess Frazelle <me@jessfraz.com>

view details

push time in 2 months

fork bketelsen/dotfiles-1

My dotfiles. Buyer beware ;)

fork in 2 months

startedtailscale/depaware

started time in 2 months

startedlukeed/svelte-ssr-worker

started time in 2 months

startedbravetools/bravetools

started time in 2 months

push eventbketelsen/dots

Brian Ketelsen

commit sha 85df3088d49ddcc9f1370cf9c6f34dda540a0a58

get onedrive squared

view details

push time in 2 months

issue commenttinygo-org/bluetooth

windows: finish adding needed interfaces to act as central

@deadprogram let me poke around and see if there's anyone

deadprogram

comment created time in 2 months

push eventbketelsen/dots

Brian Ketelsen

commit sha 2088dcff23eee67bc492101f623b4a3c8f1d1bc7

fix services not being overwritten; fix synergy

view details

push time in 2 months

startedflareact/flareact-site

started time in 2 months

fork bketelsen/flareact-template

Template for Flareact projects

fork in 2 months

push eventbketelsen/dots

Brian Ketelsen

commit sha cff90acd4f5bd0eca760650a0d751a265c7cb3a5

wsl changes

view details

push time in 2 months

push eventbketelsen/dots

Brian Ketelsen

commit sha 1336ec59c9111a9b98e4e348693e32e91b4bac89

updated most everything...

view details

push time in 2 months

startedlovesegfault/nix-config

started time in 2 months

startedthedodd/trunk

started time in 2 months

startedbottlerocket-os/bottlerocket

started time in 2 months

create barnchbketelsen/aks-training

branch : master

created branch time in 2 months

created repositorybketelsen/aks-training

AKS Training

created time in 2 months

startedyuezk/GlobalProtect-openconnect

started time in 2 months

push eventbketelsen/storyblog

Brian Ketelsen

commit sha 2924980cfad9419a85081b3912000c53d9e16421

reorder things

view details

push time in 2 months

push eventgopheracademy/gopheracademy-web

chewxy

commit sha 65c941dbd9d92936ce13745c984b2535cbb865fd

added scratch for package and apis

view details

chewxy

commit sha b06509e47e22b5cf951855d79eecf3093d53fbd8

Added more

view details

chewxy

commit sha 3d66917c8262f20e1a983080e2cf99a8949f254b

More content

view details

chewxy

commit sha ae7ee13b4d92da27de6c7a2bf1206a30d2eade6e

added more content

view details

chewxy

commit sha 2112bdb39d4fef40af8b2c6b41e5fe3abb1492ae

More content. Switching to editasyougo mode

view details

chewxy

commit sha 000839b23ccab18d07d72678cd2035cf4b9f3898

more stuff

view details

chewxy

commit sha 98febca430c1cf26131bab8870f5f6d24f4987c5

Even more stuff

view details

chewxy

commit sha 004b3d135ec079eab703838e9ef6b1d940da0e1f

Deleted the opening. Wrote a smaller opening

view details

chewxy

commit sha 572ae51f79bb64a42fea48bf5db1fbeab1127059

Added More. Article is done for now. Edit mode

view details

chewxy

commit sha f8a5d8ec14b604a47fdb69f629bb9ffffeb231e8

Removed wrongly staged file

view details

chewxy

commit sha f877f1da4fb871279c6b090744230728812113cb

Updated article, addressing the comments; added links to the code that produces the graph

view details

chewxy

commit sha 68a0b4af7c4f6085f66b03308495d5eca7d04c65

aspell take the wheel

view details

Brian Ketelsen

commit sha 2732e2372a300904d6ca967bc1c8c958c7ce2a54

Merge pull request #349 from chewxy/master Dec 18 Advent Article

view details

push time in 2 months

push eventbketelsen/storyblog

Brian Ketelsen

commit sha 820c15d83288741ae877f5d5da13828ed22f70ea

lpt

view details

push time in 2 months

push eventbketelsen/storyblog

Brian Ketelsen

commit sha 367e1cfc5ec638420b85e4498658ab96508dd658

azvm list

view details

push time in 2 months

startedAzure/terraform-azurerm-compute

started time in 2 months

push eventbketelsen/storyblog

Brian Ketelsen

commit sha de3e2278d1659a439b0a1db1b754c3b37b2f8b90

lpt

view details

push time in 2 months

startedwebpro/reveal-md

started time in 2 months

startedvinayak-mehta/present

started time in 2 months

startedcorvideon/mousemacs

started time in 2 months

push eventbketelsen/slides

Brian Ketelsen

commit sha 9aa1214938e429344fdbb4256d8702db9f9cc5b4

Updated with embedded assets, remove cloning. Add serve command

view details

push time in 2 months

created tagbketelsen/crypt

tagv0.0.3

Store and retrieve encrypted configs from etcd or consul

created time in 2 months

release bketelsen/crypt

v0.0.3

released time in 2 months

issue closedbketelsen/crypt

[CVE-2020-15114, CVE-2020-15136, CVE-2020-15115] Vulnerabilities in the etcd package < v.3.3.23 or < 3.4.10

Please update the etcd to package to v3.3.23, there is a vulnerability:

go list -json -m all | nancy

Vulnerable Packages

[1/1]	pkg:golang/github.com/coreos/etcd@3.3.13
3 known vulnerabilities affecting installed version 
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ [CVE-2020-15114] In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP prox...                                                         ┃
┣━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Description        ┃ In etcd before versions 3.3.23 and 3.4.10, the etcd gateway is a simple TCP                                                             ┃
┃                    ┃ proxy to allow for basic service discovery and access. However, it is                                                                   ┃
┃                    ┃ possible to include the gateway address as an endpoint. This results in a                                                               ┃
┃                    ┃ denial of service, since the endpoint can become stuck in a loop of                                                                     ┃
┃                    ┃ requesting itself until there are no more available file descriptors to                                                                 ┃
┃                    ┃ accept connections on the gateway.                                                                                                      ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ OSS Index ID       ┃ bba60acb-c7b5-4621-af69-f4085a8301d0                                                                                                    ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Score         ┃ 7.7/10 (High)                                                                                                                           ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Vector        ┃ CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H                                                                                            ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Link for more info ┃ https://ossindex.sonatype.org/vuln/bba60acb-c7b5-4621-af69-f4085a8301d0?component-type=golang&component-name=github.com%2Fcoreos%2Fetcd ┃
┗━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ [CVE-2020-15136] In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is only ap...                                                         ┃
┣━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Description        ┃ In ectd before versions 3.4.10 and 3.3.23, gateway TLS authentication is                                                                ┃
┃                    ┃ only applied to endpoints detected in DNS SRV records. When starting a                                                                  ┃
┃                    ┃ gateway, TLS authentication will only be attempted on endpoints identified                                                              ┃
┃                    ┃ in DNS SRV records for a given domain, which occurs in the                                                                              ┃
┃                    ┃ discoverEndpoints function. No authentication is performed against                                                                      ┃
┃                    ┃ endpoints provided in the --endpoints flag. This has been fixed in versions                                                             ┃
┃                    ┃ 3.4.10 and 3.3.23 with improved documentation and deprecation of the                                                                    ┃
┃                    ┃ functionality.                                                                                                                          ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ OSS Index ID       ┃ d373dc3f-aa88-483b-b501-20fe5382cc80                                                                                                    ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Score         ┃ 6.5/10 (Medium)                                                                                                                         ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Vector        ┃ CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:L/A:N                                                                                            ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Link for more info ┃ https://ossindex.sonatype.org/vuln/d373dc3f-aa88-483b-b501-20fe5382cc80?component-type=golang&component-name=github.com%2Fcoreos%2Fetcd ┃
┗━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ [CVE-2020-15115] etcd before versions 3.3.23 and 3.4.10 does not perform any password length vali...                                                         ┃
┣━━━━━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Description        ┃ etcd before versions 3.3.23 and 3.4.10 does not perform any password length                                                             ┃
┃                    ┃ validation, which allows for very short passwords, such as those with a                                                                 ┃
┃                    ┃ length of one. This may allow an attacker to guess or brute-force users'                                                                ┃
┃                    ┃ passwords with little computational effort.                                                                                             ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ OSS Index ID       ┃ 5def94e5-b89c-4a94-b9c6-ae0e120784c2                                                                                                    ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Score         ┃ 5.8/10 (Medium)                                                                                                                         ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ CVSS Vector        ┃ CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:N/A:N                                                                                            ┃
┣━━━━━━━━━━━━━━━━━━━━╋━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┫
┃ Link for more info ┃ https://ossindex.sonatype.org/vuln/5def94e5-b89c-4a94-b9c6-ae0e120784c2?component-type=golang&component-name=github.com%2Fcoreos%2Fetcd ┃
┗━━━━━━━━━━━━━━━━━━━━┻━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┛
┏━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Summary                      ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━┳━━━━┫
┃ Audited Dependencies    ┃ 94 ┃
┣━━━━━━━━━━━━━━━━━━━━━━━━━╋━━━━┫
┃ Vulnerable Dependencies ┃ 1  ┃

closed time in 2 months

SVilgelm

issue commentbketelsen/crypt

[CVE-2020-15114, CVE-2020-15136, CVE-2020-15115] Vulnerabilities in the etcd package < v.3.3.23 or < 3.4.10

Thanks for the report and the patch, this is merged.

SVilgelm

comment created time in 2 months

push eventbketelsen/crypt

Dan Rollo

commit sha c716fa1863b8095e65081bb65fc74ad116566ac7

fix vulnerability: CVE-2020-15114 in etcd v3.3.13+incompatible

view details

Brian Ketelsen

commit sha 50dbdc1d2c6e9630ebcfd38e4aac5ce0dbf1d8e8

Merge pull request #10 from bhamail/fix_vuln_etcd fix vulnerability: CVE-2020-15114 in etcd v3.3.13+incompatible

view details

push time in 2 months

PR merged bketelsen/crypt

fix vulnerability: CVE-2020-15114 in etcd v3.3.13+incompatible

We're using Viper in nancy, and Viper uses crypt.

During a recent CI build, nancy discovered a vulnerability in the crypt transitive dependency. This PR updates the dependency version to use a newly released update of etcd. This transitive dep is pulled in by github.com/bketelsen/crypt.

Fixes Issue #9

+2 -1

2 comments

2 changed files

bhamail

pr closed time in 2 months

push eventbketelsen/slides

Brian Ketelsen

commit sha a9e42e07d192198d10fc9a1a7e4dab034aa7bd5b

update go

view details

push time in 2 months

startedblindFS/vim-taskwarrior

started time in 2 months

startedmikecao/umami

started time in 2 months

startedxacrimon/dashmap

started time in 2 months

startedballista-compute/ballista

started time in 2 months

push eventbketelsen/first

Brian Ketelsen

commit sha 6ed4cfae80633c05243dd000417237131dc76d3f

second

view details

push time in 2 months

create barnchbketelsen/first

branch : master

created branch time in 2 months

created repositorybketelsen/first

first m30 service

created time in 2 months

more