cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

References

groups.google.com/g/golang-announce/c/SUsQn0aSgPQ

security.gentoo.org/glsa/202208-02

security.netapp.com/advisory/ntap-20220225-0006/

www.oracle.com/security-alerts/cpujul2022.html

cve 1

nessus 38

ubuntucve 1

ibm 24

githubexploit 2

osv 7

veracode 1

debiancve 1

cbl_mariner 2

redhatcve 1

alpinelinux 1

nvd 1

prion 1

openvas 10

suse 2

altlinux 1

redhat 15

amazon 5

freebsd 1

mageia 1

photon 8

oraclelinux 2

almalinux 1

rocky 1

gentoo 1

oracle 1

cve

CVE-2022-23773

2022-02-11 01:15:07

nessus

CBL Mariner 2.0 Security Update: python-tensorboard / golang (CVE-2022-23773)

2024-08-30 00:00:00

openSUSE 15 Security Update : go1.16 (openSUSE-SU-2022:0724-1)

2022-03-05 00:00:00

FreeBSD : go -- multiple vulnerabilities (096ab080-907c-11ec-bb14-002324b2fba8)

2022-02-18 00:00:00

ubuntucve

CVE-2022-23773

2022-02-11 00:00:00

ibm

Security Bulletin: IBM DataPower Operator affected by flaw in Go (CVE-2022-23773)

2022-06-20 16:34:59

Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23773

2022-04-08 14:47:55

Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to incorrect access control in Golang Go (CVE-2022-23773)

2023-01-12 21:59:00

githubexploit

Exploit for Interpretation Conflict in Golang Go

2023-03-19 10:08:47

Exploit for Interpretation Conflict in Golang Go

2023-03-19 10:08:47

osv

CVE-2022-23773

2022-02-11 01:15:07

BIT-golang-2022-23773

2024-03-06 11:02:41

Incorrect access control in the go command in cmd/go/internal/modfetch

2022-08-01 22:20:42

veracode

Improper Access Control

2022-02-14 12:23:51

debiancve

CVE-2022-23773

2022-02-11 01:15:07

cbl_mariner

CVE-2022-23773 affecting package golang 1.16.12-1

2022-02-25 01:45:48

CVE-2022-23773 affecting package golang for versions less than 1.17.8-1

2022-04-26 19:57:46

redhatcve

CVE-2022-23773

2022-02-11 14:03:04

alpinelinux

CVE-2022-23773

2022-02-11 01:15:07

nvd

CVE-2022-23773

2022-02-11 01:15:07

prion

Design/Logic Flaw

2022-02-11 01:15:00

openvas

Huawei EulerOS: Security Advisory for golang (EulerOS-SA-2022-1890)

2022-06-17 00:00:00

SUSE: Security Advisory (SUSE-SU-2022:0724-1)

2022-03-05 00:00:00

Mageia: Security Advisory (MGASA-2022-0091)

2022-03-08 00:00:00

suse

Security update for go1.16 (important)

2022-03-04 00:00:00

Security update for go1.17 (important)

2022-03-04 00:00:00

altlinux

Security fix for the ALT Linux 10 package golang version 1.17.7-alt1

2022-02-11 00:00:00

redhat

(RHSA-2022:4860) Moderate: Release of OpenShift Serverless Client kn 1.22.1

2022-06-01 09:10:05

(RHSA-2022:6094) Moderate: OpenShift Container Platform 4.10.28 packages and security update

2022-08-23 18:05:37

(RHSA-2022:5875) Moderate: OpenShift Container Platform 4.10.26 security update

2022-08-09 02:26:20

amazon

Medium: golang

2023-02-15 00:23:00

Important: golang

2022-04-25 03:47:00

Important: golang

2022-07-06 03:11:00

freebsd

go -- multiple vulnerabilities

2022-02-10 00:00:00

mageia

Updated golang packages fix security vulnerability

2022-03-08 02:10:22

photon

Critical Photon OS Security Update - PHSA-2022-0159

2022-03-02 00:00:00

Critical Photon OS Security Update - PHSA-2022-0364

2022-02-22 00:00:00

Critical Photon OS Security Update - PHSA-2022-4.0-0159

2022-03-07 00:00:00

oraclelinux

go-toolset:ol8addon security update

2022-06-08 00:00:00

go-toolset:ol8 security and bug fix update

2022-05-17 00:00:00

almalinux

Moderate: go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

rocky

go-toolset:rhel8 security and bug fix update

2022-05-10 06:29:31

gentoo

Go: Multiple Vulnerabilities

2022-08-04 00:00:00

oracle

Oracle Critical Patch Update Advisory - July 2022

2022-07-19 00:00:00

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

8.5

Confidence

High

EPSS

0.001

Percentile

36.2%

JSON

Related for CVELIST:CVE-2022-23773