Main Vulnerability Database Exploits ID:8371 - Exploit for Incorrect authorization in Go programming language - CVE-2022-23773

ID:8371 - Exploit for Incorrect authorization in Go programming language - CVE-2022-23773

Published: September 18, 2022

Vulnerability identifier: #VU62037

Vulnerability risk: Low

CVE-ID: CVE-2022-23773

CWE-ID: CWE-863

Exploitation vector: Remote access

Vulnerable software:
Go programming language

Link to public exploit:

https://github.com/danbudris/CVE-2022-23773-repro-target

Vulnerability description

The vulnerability allows a remote attacker to bypass implemented security restrictions.

The vulnerability exists within cmd/go, which can misinterpret branch names that falsely appear to be version tags. This can lead to a situation where an attacker can bypass implemented security restrictions and perform restricted actions, e.g. create tags when access was granted to create branches only.

Remediation

Install updates from vendor's website.

ID:8371 - Exploit for Incorrect authorization in Go programming language - CVE-2022-23773

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human