cmd/go in Go before 1.16.14 and 1.17.x before 1.17.7 can misinterpret branch names that falsely appear to be version tags. This can lead to incorrect access control if an actor is supposed to be able to create branches but not tags.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-02-11T00:16:08

Updated: 2024-08-03T03:51:45.976Z

Reserved: 2022-01-20T00:00:00

Link: CVE-2022-23773

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Analyzed

Published: 2022-02-11T01:15:07.707

Modified: 2023-08-08T14:22:24.967

Link: CVE-2022-23773

cve-icon Redhat

Severity : Moderate

Publid Date: 2022-02-11T00:00:00Z

Links: CVE-2022-23773 - Bugzilla