cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
References
Link | Resource |
---|---|
https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ | Release Notes Vendor Advisory |
https://security.gentoo.org/glsa/202208-02 | Third Party Advisory |
https://security.netapp.com/advisory/ntap-20220225-0006/ | Third Party Advisory |
https://www.oracle.com/security-alerts/cpujul2022.html | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
08 Aug 2023, 14:22
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-436 |
09 Nov 2022, 21:50
Type | Values Removed | Values Added |
---|---|---|
References | (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory | |
References | (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory |
04 Aug 2022, 16:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Jul 2022, 18:21
Type | Values Removed | Values Added |
---|---|---|
References |
|
29 Mar 2022, 16:08
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ - Third Party Advisory | |
CPE | cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:* cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:* |
|
First Time |
Netapp kubernetes Monitoring Operator
Netapp cloud Insights Telegraf Agent Netapp Netapp storagegrid Netapp beegfs Csi Driver |
25 Feb 2022, 10:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
17 Feb 2022, 04:21
Type | Values Removed | Values Added |
---|---|---|
References | (MISC) https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ - Release Notes, Vendor Advisory | |
CVSS |
v2 : v3 : |
v2 : 5.0
v3 : 7.5 |
CWE | CWE-863 | |
CPE | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* | |
First Time |
Golang go
Golang |
11 Feb 2022, 01:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-02-11 01:15
Updated : 2023-12-10 14:22
NVD link : CVE-2022-23773
Mitre link : CVE-2022-23773
CVE.ORG link : CVE-2022-23773
JSON object : View
Products Affected
golang
- go
netapp
- beegfs_csi_driver
- storagegrid
- kubernetes_monitoring_operator
- cloud_insights_telegraf_agent
CWE
CWE-436
Interpretation Conflict