cbcvebase.
CVE-2022-29526
published 2022-06-23

CVE-2022-29526: Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could…

PriorityP430medium5.3CVSS 3.1
AVNACLPRNUINSUCLINAN
EPSS
2.59%
83.4th percentile
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

Affected

31 ranges· showing 25
VendorProductVersion rangeFixed in
debiangolang-1.15
fedoraprojectfedora
fedoraprojectfedora
golang.orgx_sys>= 0 < 0.0.0-20220412211240-33da011f77ad0.0.0-20220412211240-33da011f77ad
golanggo< 1.17.101.17.10
golanggo>= 1.18.0 < 1.18.21.18.2
msrcazl3_cni_1.1.2-4
msrcazl3_containernetworking-plugins_1.6.1-4
msrcazl3_dcos-cli_1.2.0-18
msrcazl3_golang_1.22.7-1
msrcazl3_golang_1.22.7-2
msrcazl3_kata-containers-cc_3.2.0.azl5-2
msrcazl3_kata-containers_3.2.0.azl5-2
msrcazl3_keda_2.4.0-15
msrcazl3_moby-engine_20.10.25-3
msrcazl3_moby-engine_25.0.3-1
msrcazl3_multus_3.8-13
msrcazl3_multus_4.0.2-1
msrcazl3_node-problem-detector_0.8.10-18
msrcazl3_node-problem-detector_0.8.15-1
msrcazl3_prometheus-process-exporter_0.7.10-15
msrcazl3_prometheus_2.37.0-1
msrcazl3_prometheus_2.37.0-11
msrcazl3_python-tensorboard_2.16.2-6
msrcazl3_sriov-network-device-plugin_3.5.1-3

CVSS provenance

nvdv3.15.3MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv6.5MEDIUM
vendor_ubuntu6.5MEDIUM
vendor_debian5.3MEDIUM
vendor_msrc5.3MEDIUM
vendor_redhat5.3MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.