Home

CVE-2022-23773

Description

cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
EPSS Score
Exploitation Probability
0.118

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update delve-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update delve-debugsource-1.7.2-1.module+el8.6.0+12972+ebab5911.x86_64.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update go-toolset-1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update golang-1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update golang-bin-1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update golang-docs-1.17.7-1.module+el8.6.0+14297+32a15e19.noarch.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update golang-misc-1.17.7-1.module+el8.6.0+14297+32a15e19.noarch.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update golang-race-1.17.7-1.module+el8.6.0+14297+32a15e19.x86_64.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update golang-src-1.17.7-1.module+el8.6.0+14297+32a15e19.noarch.rpmLinux
(RHSA-2022:1819) go-toolset:rhel8 security and bug fix update golang-tests-1.17.7-1.module+el8.6.0+14297+32a15e19.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-bin-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-docs-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-misc-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-race-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-shared-1.19.3-2.amzn2023.0.2.x86_64.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-src-1.19.3-2.amzn2023.0.2.noarch.rpmLinux
golang Security Update (ALAS2023-2023-048) golang-tests-1.19.3-2.amzn2023.0.2.noarch.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234