CVE-2022-23773

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*

History

08 Aug 2023, 14:22

Type Values Removed Values Added
CWE CWE-863 CWE-436

09 Nov 2022, 21:50

Type Values Removed Values Added
References (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - (N/A) https://www.oracle.com/security-alerts/cpujul2022.html - Third Party Advisory
References (GENTOO) https://security.gentoo.org/glsa/202208-02 - (GENTOO) https://security.gentoo.org/glsa/202208-02 - Third Party Advisory

04 Aug 2022, 16:15

Type Values Removed Values Added
References
  • (GENTOO) https://security.gentoo.org/glsa/202208-02 -

25 Jul 2022, 18:21

Type Values Removed Values Added
References
  • (N/A) https://www.oracle.com/security-alerts/cpujul2022.html -

29 Mar 2022, 16:08

Type Values Removed Values Added
References (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ - (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ - Third Party Advisory
CPE cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*
cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*
First Time Netapp kubernetes Monitoring Operator
Netapp cloud Insights Telegraf Agent
Netapp
Netapp storagegrid
Netapp beegfs Csi Driver

25 Feb 2022, 10:15

Type Values Removed Values Added
References
  • (CONFIRM) https://security.netapp.com/advisory/ntap-20220225-0006/ -

17 Feb 2022, 04:21

Type Values Removed Values Added
References (MISC) https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ - (MISC) https://groups.google.com/g/golang-announce/c/SUsQn0aSgPQ - Release Notes, Vendor Advisory
CVSS v2 : unknown
v3 : unknown
v2 : 5.0
v3 : 7.5
CWE CWE-863
CPE cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*
First Time Golang go
Golang

11 Feb 2022, 01:15

Type Values Removed Values Added
New CVE

Information

Published : 2022-02-11 01:15

Updated : 2023-12-10 14:22


NVD link : CVE-2022-23773

Mitre link : CVE-2022-23773

CVE.ORG link : CVE-2022-23773


JSON object : View

Products Affected

golang

  • go

netapp

  • beegfs_csi_driver
  • storagegrid
  • kubernetes_monitoring_operator
  • cloud_insights_telegraf_agent
CWE
CWE-436

Interpretation Conflict