Описание
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
A flaw was found in the syscall.Faccessat function when calling a process by checking the group. This flaw allows an attacker to check the process group permissions rather than a member of the file's group, affecting system availability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| OpenShift Developer Tools and Services | jenkins-operator-container | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-grafana | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-operator | Will not fix | ||
| OpenShift Service Mesh 2.0 | servicemesh-prometheus | Will not fix | ||
| OpenShift Service Mesh 2.1 | servicemesh-proxy | Not affected | ||
| Red Hat 3scale API Management Platform 2 | 3scale-apicast-operator-bundle-container | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/multicluster-operators-subscription-rhel8 | Affected | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | rhacm2/rcm-controller-rhel8 | Will not fix | ||
| Red Hat Advanced Cluster Management for Kubernetes 2 | thanos-contain | Affected | ||
| Red Hat Ansible Automation Platform 2 | receptor | Affected |
Показывать по
Дополнительная информация
Статус:
6.2 Medium
CVSS3
Связанные уязвимости
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Ass ...
6.2 Medium
CVSS3