Vulnerability CVE-2022-29526

Vulnerability Name:

CVE-2022-29526 (CCN-229593)

Assigned:

2022-04-12

Published:

2022-04-12

Updated:

2022-08-19

Summary:

Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter, the Faccessat function could incorrectly report that a file is accessible.

CVSS v3 Severity:

5.3 Medium (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
4.6 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): Low Integrity (I): None Availibility (A): None

6.2 Medium (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H)
5.4 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Local Attack Complexity (AC): Low Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): None Integrity (I): None Availibility (A): High

CVSS v2 Severity:

5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

5.0 Medium (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Low Athentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): None Availibility (A): None

Vulnerability Type:

CWE-269
CWE-280

Vulnerability Consequences:

Obtain Information

References:

Source: MITRE
Type: CNA
CVE-2022-29526

Source: XF
Type: UNKNOWN
golang-cve202229526-info-disc(229593)

Source: CCN
Type: go GIT Repository
syscall: Faccessat checks wrong group #52313

Source: MISC
Type: Exploit, Issue Tracking, Patch, Third Party Advisory
https://github.com/golang/go/issues/52313

Source: MISC
Type: Issue Tracking, Mailing List, Third Party Advisory
https://groups.google.com/g/golang-announce

Source: MISC
Type: Mailing List, Third Party Advisory
https://groups.google.com/g/golang-announce/c/Y5qrqw_lWdU

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-ffe7dba2cb

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-30c5ed5625

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-ba365d3703

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2022-fae3ecee19

Source: GENTOO
Type: Third Party Advisory
GLSA-202208-02

Source: CONFIRM
Type: Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0001/

Source: CCN
Type: IBM Security Bulletin 6602583 (Event Streams)
Vulnerabilities in the Golang language affect IBM Event Streams (CVE-2022-29526)

Source: CCN
Type: IBM Security Bulletin 6607791 (Spectrum Protect Plus Container Backup and Restore for Kubernetes)
Vulnerability in Golang Go affects IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift (CVE-2022-29526)

Source: CCN
Type: IBM Security Bulletin 6611147 (MQ Operator)
IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from Golang Go, libxml2, curl, expat, libgcrypt and IBM WebSphere Application Server Liberty

Source: CCN
Type: IBM Security Bulletin 6611581 (Cloud Pak for Integration)
Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to remote access due to Go CVE-2022-29526

Source: CCN
Type: IBM Security Bulletin 6619905 (Spectrum Copy Data Management)
Vulnerabilities in Golang Go, PostgreSQL, jQuery, and Google Gson may affect IBM Spectrum Copy Data Management

Source: CCN
Type: IBM Security Bulletin 6619915 (Spectrum Protect Plus)
Vulnerabilities in Linux Kernel, OpenSSL, Golang Go, and Zlib may affect IBM Spectrum Protect Plus

Source: CCN
Type: IBM Security Bulletin 6620897 (Watson Discovery)
IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in Go

Source: CCN
Type: IBM Security Bulletin 6843071 (Db2 on Cloud Pak for Data)
Multiple vulnerabilities affect IBM Db2 on Cloud Pak for Data and Db2 Warehouse on Cloud Pak for Data

Source: CCN
Type: IBM Security Bulletin 6848295 (Cloud Pak for Business Automation)
Security vulnerability is addressed with IBM Cloud Pak for Business Automation iFixes for November 2022

Source: CCN
Type: IBM Security Bulletin 6909423 (Cloud Pak for Multicloud Management Monitoring)
IBM Cloud Pak for Multicloud Management Monitoring has applied security fixes for its use of Golang Go

Source: CCN
Type: IBM Security Bulletin 6956311 (Cloud Pak for Multicloud Management)
Multiple Vulnerabilities in Multicloud Management Security Services

Source: CCN
Type: IBM Security Bulletin 6967291 (Robotic Process Automation for Cloud Pak)
Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak.

Source: CCN
Type: IBM Security Bulletin 6980457 (Sterling Order Management)
IBM Sterling Order Management Golang Go Vulnerability

Source: CCN
Type: IBM Security Bulletin 6991619 (Edge Application Manager)
Open Source Dependency Vulnerability

Source: CCN
Type: IBM Security Bulletin 6991629 (Edge Application Manager)
Open Source Dependency Vulnerability

Source: CCN
Type: IBM Security Bulletin 7004655 (Cloud Pak for Security)
IBM Cloud Pak for Security includes components with multiple known vulnerabilities

Vulnerable Configuration:

Configuration 1:

cpe:/a:golang:go:*:*:*:*:*:*:*:* (Version < 1.17.10)

OR cpe:/a:golang:go:*:*:*:*:*:*:*:* (Version >= 1.18.0 and < 1.18.2)

AND

cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*

Configuration 2:

cpe:/o:fedoraproject:fedora:35:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Configuration 3:

cpe:/a:netapp:beegfs_csi_driver:-:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration RedHat 3:

cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

Configuration RedHat 4:

cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:golang:go:1.17.9:*:*:*:*:*:*:*

OR cpe:/a:golang:go:1.18.1:*:*:*:*:*:*:*

AND

cpe:/a:ibm:spectrum_protect_plus:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.1.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.2.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:event_streams:10.3.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:18.0.2:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:19.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:20.0.3:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.2:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:21.0.3:-:*:*:*:*:*:*

OR cpe:/a:ibm:spectrum_copy_data_management:2.2.0.0:*:*:*:*:*:*:*

OR cpe:/a:ibm:robotic_process_automation_for_cloud_pak:21.0.1:*:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_business_automation:22.0.1:-:*:*:*:*:*:*

OR cpe:/a:ibm:cloud_pak_for_security:1.10.0.0:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:com.redhat.rhsa:def:20225799	P	RHSA-2022:5799: go-toolset and golang security and bug fix update (Important)	2022-08-01
oval:com.redhat.rhsa:def:20225337	P	RHSA-2022:5337: go-toolset:rhel8 security and bug fix update (Moderate)	2022-06-30
oval:org.opensuse.security:def:3691	P	libudisks2-0-2.1.3-3.5.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3689	P	libtirpc-netconfig-1.0.1-17.13.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:499	P	Security update for go1.17 (Moderate)	2022-05-26
oval:org.opensuse.security:def:1175	P	Security update for go1.17 (Moderate)	2022-05-26
oval:org.opensuse.security:def:95321	P	Security update for go1.17 (Moderate)	2022-05-26
oval:org.opensuse.security:def:495	P	Security update for go1.18 (Moderate)	2022-05-24
oval:org.opensuse.security:def:1173	P	Security update for go1.18 (Moderate)	2022-05-24
oval:org.opensuse.security:def:95319	P	Security update for go1.18 (Moderate)	2022-05-24

BACK