x/vulndb: potential Go vuln in github.com/istio/istio: GHSA-6c6p-h79f-g6p4

[GoVulnBot]

In GitHub Security Advisory GHSA-6c6p-h79f-g6p4, there is a vulnerability in the following Go packages or modules:

Unit	Fixed	Vulnerable Ranges
github.com/istio/istio	1.15.3	>= 1.15.0-beta.0, < 1.15.3

See doc/triage.md for instructions on how to triage this report.

modules:
  - module: TODO
    versions:
      - introduced: 1.15.0-beta.0
        fixed: 1.15.3
    packages:
      - package: github.com/istio/istio
description: |
    ### Impact

    User can impersonate any workload identity within the service mesh if they have localhost access to the Istiod control plane.

    ### Patches
    1.15.3

    ### Workarounds
    No. If using 1.15.2 please upgrade to 1.15.3 or later.

    ### References
    None at this time.

    ### For more information
    If you have any questions or comments about this advisory, please email us at [istio-security-vulnerability-reports@googlegroups.com](mailto:istio-security-vulnerability-reports@googlegroups.com)
cves:
  - CVE-2022-39388
ghsas:
  - GHSA-6c6p-h79f-g6p4

[zpavlinovic]

Not importable. The module serves the purpose of a binary and all the packages involving fixes have not been imported by anyone.

[gopherbot]

Change https://go.dev/cl/449575 mentions this issue: data/excluded: add GO-2022-1101.yaml

[gopherbot]

Change https://go.dev/cl/451279 mentions this issue: data/excluded: delete duplicate GO-2022-1103

[gopherbot]

Change https://go.dev/cl/592835 mentions this issue: data/reports: unexclude 50 reports