CVE-2022-23773
Last modified
CVE-2022-23773 is a high-severity vulnerability rated 7.5/10 on the CVSS scale. cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.. EPSS estimates a 2.68% chance of exploitation in the next 30 days.
Description
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Golang | Go | < 1.16.14 |
| Golang | Go | >= 1.17.0, < 1.17.7 |
| Netapp | Beegfs Csi Driver | All versions |
| Netapp | Cloud Insights Telegraf Agent | All versions |
| Netapp | Kubernetes Monitoring Operator | All versions |
| Netapp | Storagegrid | All versions |
References
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQRelease Notes, Vendor Advisory
- https://security.gentoo.org/glsa/202208-02Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220225-0006/Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
- https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQRelease Notes, Vendor Advisory
- https://security.gentoo.org/glsa/202208-02Third Party Advisory
- https://security.netapp.com/advisory/ntap-20220225-0006/Third Party Advisory
- https://www.oracle.com/security-alerts/cpujul2022.htmlThird Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-23773?
How severe is CVE-2022-23773?
How do I fix CVE-2022-23773?
Are you affected by CVE-2022-23773?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST