GHSA-92wq-q9pq-gw47

Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2023/05/GHSA-92wq-q9pq-gw47/GHSA-92wq-q9pq-gw47.json
Aliases
  • CVE-2023-31135
Published
2023-05-17T17:07:40Z
Modified
2023-05-25T19:07:49Z
Details

Impact

Existing Dgraph audit logs are vulnerable to brute force attacks due to nonce collisions. All audit logs generated by versions of Dgraph <v23.0.0 are affected.

Patches

This issue was patched in https://github.com/dgraph-io/dgraph/pull/8323. Dgraph users should upgrade to v23.0.0.

Workarounds

Store existing audit logs in a secure location. For extra security, encrypt using a tool like gpg.

References

See https://github.com/dgraph-io/dgraph/pull/8323 for more context on the vulnerability.

References

Affected packages

Go / github.com/dgraph-io/dgraph

github.com/dgraph-io/dgraph

Affected ranges

Type
SEMVER
Events
Introduced
0
Fixed
23.0.0

Affected versions