CVE-2022-29526

Опубликовано: 23 июн. 2022

Источник: nvd

CVSS3: 5.3

CVSS2: 5

EPSS Низкий

Описание

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Ссылки

https://github.com/golang/go/issues/52313
Exploit
Issue Tracking
Patch
Third Party Advisory
https://groups.google.com/g/golang-announce
Issue Tracking
Mailing List
Third Party Advisory
https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://security.gentoo.org/glsa/202208-02
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0001/
Third Party Advisory
https://github.com/golang/go/issues/52313
Exploit
Issue Tracking
Patch
Third Party Advisory
https://groups.google.com/g/golang-announce
Issue Tracking
Mailing List
Third Party Advisory
https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
Mailing List
Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Q6GE5EQGE4L2KRVGW4T75QVIYAXCLO5X/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RQXU752ALW53OJAF5MG3WMR5CCZVLWW6/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/Z55VUVGO7E5PJFXIOVAY373NZRHBNCI5/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZY2SLWOQR4ZURQ7UBRZ7JIX6H6F5JHJR/
https://security.gentoo.org/glsa/202208-02
Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0001/
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

Одновременно

Одно из

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия до 1.17.10 (исключая)

cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*

Версия от 1.18.0 (включая) до 1.18.2 (исключая)

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Конфигурация 3

cpe:2.3:a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*

EPSS

Процентиль: 36%

0.00149

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-269

Связанные уязвимости

CVE-2022-29526

CVSS3: 5.3

ubuntu

почти 3 года назад

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

CVE-2022-29526

CVSS3: 6.2

redhat

около 3 лет назад

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

CVE-2022-29526

CVSS3: 5.3

msrc

5 месяцев назад

Описание отсутствует

CVE-2022-29526

CVSS3: 5.3

debian

почти 3 года назад

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Ass ...

SUSE-SU-2022:1862-1

suse-cvrf

около 3 лет назад

Security update for go1.17

EPSS

Процентиль: 36%

0.00149

Низкий

5.3 Medium

CVSS3

5 Medium

CVSS2

Дефекты

CWE-269