Unrated severityNVD Advisory· Published Feb 11, 2022· Updated Aug 3, 2024
CVE-2022-23773
CVE-2022-23773
Description
cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
38- Go/Godescription
- osv-coords36 versionspkg:bitnami/golangpkg:rpm/almalinux/delvepkg:rpm/almalinux/golangpkg:rpm/almalinux/golang-binpkg:rpm/almalinux/golang-docspkg:rpm/almalinux/golang-miscpkg:rpm/almalinux/golang-racepkg:rpm/almalinux/golang-srcpkg:rpm/almalinux/golang-testspkg:rpm/almalinux/go-toolsetpkg:rpm/opensuse/go1.16&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.16&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/go1.17&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/go1.17&distro=openSUSE%20Tumbleweedpkg:rpm/suse/go1.16&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.16&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.16&distro=SUSE%20Manager%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Enterprise%20Storage%207pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-ESPOSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20High%20Performance%20Computing%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-BCLpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%2015%20SP2-LTSSpkg:rpm/suse/go1.17&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2015%20SP2pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Proxy%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Retail%20Branch%20Server%204.1pkg:rpm/suse/go1.17&distro=SUSE%20Manager%20Server%204.1
< 1.16.14+ 35 more
- (no CPE)range: < 1.16.14
- (no CPE)range: < 1.7.2-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.17.7-1.module_el8.6.0+2736+ec10aba8
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.16.14-1.43.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
- (no CPE)range: < 1.17.7-1.20.1
Patches
Vulnerability mechanics
References
4- security.gentoo.org/glsa/202208-02mitrevendor-advisoryx_refsource_GENTOO
- groups.google.com/g/golang-announce/c/SUsQn0aSgPQmitrex_refsource_MISC
- security.netapp.com/advisory/ntap-20220225-0006/mitrex_refsource_CONFIRM
- www.oracle.com/security-alerts/cpujul2022.htmlmitrex_refsource_MISC
News mentions
0No linked articles in our index yet.