High severity7.5NVD Advisory· Published Feb 11, 2022· Updated Jun 17, 2026
CVE-2022-23773
CVE-2022-23773
Description
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
37- Go/Godescription
- osv-coords36 versionspkg:bitnami/golangpkg:rpm/almalinux/delvepkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.16&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Server%204.1
< 1.16.14+ 35 more
- (no CPE)range: < 1.16.14
- (no CPE)range: < 1.7.2-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
Patches
Vulnerability mechanics
References
4- groups.google.com/g/golang-announce/c/SUsQn0aSgPQnvdRelease NotesVendor Advisory
- security.gentoo.org/glsa/202208-02nvdThird Party Advisory
- security.netapp.com/advisory/ntap-20220225-0006/nvdThird Party Advisory
- www.oracle.com/security-alerts/cpujul2022.htmlnvdThird Party Advisory
News mentions
0No linked articles in our index yet.