Merge branch 'main' into main

docs/advisories/20240422001-HashiCorp-Vulnerability-in-go-getter-Library.md

@@ -0,0 +1,21 @@
+# HashiCorp Vulnerability in go-getter Library - 20240422001
+
+## Overview
+
+HashiCorp has released a security advisory to address a vulnerability within its widely used go-getter library. The vulnerability could allow attackers to inject malicious code during Git operations, potentially leading to the compromise of systems using the affected library.
+
+## What is vulnerable?
+
+| CVE                                                             | Severity     | CVSS | Product(s) Affected                                                                                                  |
+| --------------------------------------------------------------- | ------------ | ---- | -------------------------------------------------------------------------------------------------------------------- |
+| [CVE-2024-3817](https://nvd.nist.gov/vuln/detail/CVE-2024-3817) | **Critical** | 9.8  | HashiCorp Shared library - go-getter version 1.5.9 through 1.7.3 for 64 bit, 32 bit, x86, ARM, MacOS, Windows, Linux |
+
+## Recommendation
+
+The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe  (refer [Patch Management](../guidelines/patch-management.md)):
+
+## Additional References
+
+- [HashiCorp’s go-getter library vulnerability(nvd.nist.gov)](https://nvd.nist.gov/vuln/detail/CVE-2024-3817)
+- [HashiCorp go-getter Vulnerable to Argument Injection When Fetching Remote Default Git Branches (hashicorp.com)](https://discuss.hashicorp.com/t/hcsec-2024-09-hashicorp-go-getter-vulnerable-to-argument-injection-when-fetching-remote-default-git-branches/66040)
+- [HashiCorp’s go-getter library (tenable.com)](https://www.tenable.com/cve/CVE-2024-3817)