CVE-2022-30321 - OpenCVE

go-getter up to 1.5.11 and 2.0.2 allowed arbitrary host access via go-getter path traversal, symlink processing, and command injection flaws. Fixed in 1.6.1 and 2.1.0.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Hashicorp	Go-getter
Redhat	Openshift Openstack

Configuration 1 [-]

OR	cpe:2.3:a:hashicorp:go-getter::::::::
	cpe:2.3:a:hashicorp:go-getter:2.0.2:::::::*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.10
openshift4/ose-baremetal-rhel8-operator:v4.10.0-202208182025.p0.g97ce15e.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2022:6133	2022-08-31T00:00:00Z
openshift4/ose-cluster-baremetal-operator-rhel8:v4.10.0-202208260945.p0.g23614bb.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2022:6258	2022-09-08T00:00:00Z
openshift4/ose-baremetal-machine-controllers:v4.10.0-202209301647.p0.gadff401.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2022:6805	2022-10-12T00:00:00Z
openshift4/ose-installer:v4.10.0-202210250219.p0.g1ffe666.assembly.stream	cpe:/a:redhat:openshift:4.10::el8	RHSA-2022:7211	2022-11-02T00:00:00Z
Red Hat OpenShift Container Platform 4.11
openshift4/ose-baremetal-machine-controllers:v4.11.0-202208020235.p0.ga65be86.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-baremetal-rhel8-operator:v4.11.0-202208020235.p0.g22b522c.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-cluster-baremetal-operator-rhel8:v4.11.0-202208020235.p0.g0f415d1.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:5069	2022-08-10T00:00:00Z
openshift4/ose-installer:v4.11.0-202210250857.p0.g9d1e216.assembly.stream	cpe:/a:redhat:openshift:4.11::el8	RHSA-2022:7201	2022-11-02T00:00:00Z
Red Hat OpenShift Container Platform 4.8
openshift4/ose-baremetal-rhel8-operator:v4.8.0-202208241844.p0.g5492cf5.assembly.stream	cpe:/a:redhat:openshift:4.8::el8	RHSA-2022:6308	2022-09-14T00:00:00Z
openshift4/ose-cluster-baremetal-operator-rhel8:v4.8.0-202209291426.p0.g117d47a.assembly.stream	cpe:/a:redhat:openshift:4.8::el8	RHSA-2022:6801	2022-10-13T00:00:00Z
openshift4/ose-baremetal-machine-controllers:v4.8.0-202211031007.p0.g2dabef7.assembly.stream	cpe:/a:redhat:openshift:4.8::el8	RHSA-2022:7874	2022-11-18T00:00:00Z
Red Hat OpenShift Container Platform 4.9
openshift4/ose-baremetal-rhel8-operator:v4.9.0-202208231335.p0.g4e7605b.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2022:6147	2022-08-31T00:00:00Z
openshift4/ose-cluster-baremetal-operator-rhel8:v4.9.0-202210061647.p0.g1a49892.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2022:6905	2022-10-19T00:00:00Z
openshift4/ose-baremetal-machine-controllers:v4.9.0-202210241459.p0.g41aa1f7.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2022:7216	2022-11-03T00:00:00Z
openshift4/ose-installer:v4.9.0-202212060115.p0.gf079984.assembly.stream	cpe:/a:redhat:openshift:4.9::el8	RHSA-2022:9111	2023-01-06T00:00:00Z
Red Hat OpenStack Platform 16.2
rhosp-rhel8-tech-preview/osp-director-downloader:1.2.3-3	cpe:/a:redhat:openstack:16.2::el8	RHSA-2022:5673	2022-07-20T00:00:00Z
rhosp-rhel8-tech-preview/osp-director-operator:1.2.3-3	cpe:/a:redhat:openstack:16.2::el8	RHSA-2022:5673	2022-07-20T00:00:00Z

References

Link	Providers
https://discuss.hashicorp.com
https://discuss.hashicorp.com/t/hcsec-2022-13-multiple-vulnerabilities-in-go-getter-library/39930
https://github.com/hashicorp/go-getter/releases
https://nvd.nist.gov/vuln/detail/CVE-2022-30321
https://www.cve.org/CVERecord?id=CVE-2022-30321

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-05-25T11:19:42

Updated: 2024-08-03T06:48:35.687Z

Reserved: 2022-05-07T00:00:00

Link: CVE-2022-30321

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-25T12:15:08.247

Modified: 2023-08-08T14:21:49.707

Link: CVE-2022-30321

Redhat

Severity : Important

Publid Date: 2022-05-24T00:00:00Z

Links: CVE-2022-30321 - Bugzilla

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact High

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object