Incorrect Privilege Assignment in Go Language Earlier Versions
CVE-2022-29526

5.3MEDIUM

Key Information:

Vendor

Golang

Status
Go
Vendor
CVE Published:
23 June 2022

What is CVE-2022-29526?

A vulnerability has been identified in the Go programming language that affects versions prior to 1.17.10 and 1.18.x before 1.18.2. This issue arises when the Faccessat function is called with a non-zero flags parameter, leading to a misreporting of file accessibility. As a result, the system may incorrectly allow access to files, creating potential security risks. Developers are advised to upgrade to the latest stable versions to mitigate this risk and ensure secure file handling.

References

https://groups.google.com/g/golang-announce
x_refsource_MISC
https://github.com/golang/go/issues/52313
x_refsource_MISC
https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU
x_refsource_MISC

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
None
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.