CVE-2022-23773
Published Feb 11, 2022
Last updated a year ago
Overview
- Description
- cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 3.1
- Type
- Primary
- Base score
- 7.5
- Impact score
- 3.6
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 5
- Impact score
- 2.9
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:N/I:P/A:N
Weaknesses
- nvd@nist.gov
- CWE-436
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "3AC42B47-ED6E-4F64-BAFA-770B8834BB25",
"versionEndExcluding": "1.16.14"
},
{
"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "39A5AFCD-0F53-440D-B617-BB1C92B67028",
"versionEndExcluding": "1.17.7",
"versionStartIncluding": "1.17.0"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "B60CE797-9177-4705-B02D-83F5A48C5F6F"
},
{
"criteria": "cpe:2.3:a:netapp:cloud_insights_telegraf_agent:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5DAE7369-EEC5-405E-9D13-858335FDA647"
},
{
"criteria": "cpe:2.3:a:netapp:kubernetes_monitoring_operator:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F8E1764-2021-41E7-9CBE-6864313A74E2"
},
{
"criteria": "cpe:2.3:a:netapp:storagegrid:-:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8ADFF451-740F-4DBA-BD23-3881945D3E40"
}
],
"operator": "OR"
}
]
}
]