CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.2%
Go before 1.8.7, Go 1.9.x before 1.9.4, and Go 1.10 pre-releases before Go 1.10rc2 allow “go get” remote command execution during source code build, by leveraging the gcc or clang plugin feature, because -fplugin= and -plugin= arguments were not blocked.
Vendor | Product | Version | CPE |
---|---|---|---|
golang | go | * | cpe:2.3:a:golang:go:*:*:*:*:*:*:*:* |
golang | go | 1.9 | cpe:2.3:a:golang:go:1.9:*:*:*:*:*:*:* |
golang | go | 1.9.1 | cpe:2.3:a:golang:go:1.9.1:*:*:*:*:*:*:* |
golang | go | 1.9.2 | cpe:2.3:a:golang:go:1.9.2:*:*:*:*:*:*:* |
golang | go | 1.9.3 | cpe:2.3:a:golang:go:1.9.3:*:*:*:*:*:*:* |
golang | go | 1.10 | cpe:2.3:a:golang:go:1.10:beta1:*:*:*:*:*:* |
golang | go | 1.10 | cpe:2.3:a:golang:go:1.10:beta2:*:*:*:*:*:* |
golang | go | 1.10 | cpe:2.3:a:golang:go:1.10:rc1:*:*:*:*:*:* |
debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
redhat | enterprise_linux_server | 7.0 | cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* |
access.redhat.com/errata/RHSA-2018:0878
access.redhat.com/errata/RHSA-2018:1304
github.com/golang/go/issues/23672
github.com/KINGSABRI/CVE-in-Ruby/tree/master/CVE-2018-6574
groups.google.com/forum/#%21topic/golang-nuts/Gbhh1NxAjMU
groups.google.com/forum/#%21topic/golang-nuts/sprOaQ5m3Dk
www.debian.org/security/2019/dsa-4380
More
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
90.2%