[GHSA-r5hg-349q-mg2q] Buildkite Elastic CI for AWS time-of-check-time-of-use race condition vulnerability

[leifdreizler]

Updates

• Affected products

Comments Based on the info from the NVD site linked in the GHSA "versions prior to 6.7.1 and 5.22.5" are affected. The table at the bottom of the NVD site also implies that it should be versions >= 6.0.0, < 6.7.1

I made the same suggestion for https://github.com/github/advisory-database/pull/3265

[darakian]

I think we have this one listed like this because the artifact only has versions tagged as 6.x.y published https://pkg.go.dev/github.com/buildkite/elastic-ci-stack-for-aws/v6?tab=versions based on the naming convention I would expect https://pkg.go.dev/github.com/buildkite/elastic-ci-stack-for-aws/v5 for versions tagged as 5.x.y, but no such versions seem to have been published.

[taladrane]

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

[taladrane]

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.

[taladrane]

👋 This pull request has been marked as stale because it has been open with no activity. You can: comment on the issue or remove the stale label to hold stale off for a while, add the Keep label to hold stale off permanently, or do nothing. If you do nothing this pull request will be closed eventually by the stale bot. Please see CONTRIBUTING.md for more policy details.