CVE-2022-23773 – toolchain

Package

Manager: go
Name: toolchain
Vulnerable Version: >=0 <1.16.14

Severity

Level: Low

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00062 pctl0.19623

Details

Incorrect access control in the go command in cmd/go/internal/modfetch Incorrect access control is possible in the go command. The go command can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is authorized to create branches but not tags.

Metadata

Created: 2022-08-01T22:20:42Z
Modified: 2024-05-20T16:03:47Z
Source: https://osv-vulnerabilities
CWE IDs: N/A
Alternative ID: N/A
Finding: F039
Auto approve: 1