Lucene search
GoCVELIST:CVE-2022-30636HistoryJul 02, 2024 - 7:51 p.m.
CVE-2022-30636 Limited directory traversal vulnerability on Windows in golang.org/x/crypto
2024-07-0219:51:46
Go
www.cve.org
1
cve-2022-30636
vulnerability
directory traversal
windows
golang.org/x/crypto
http-01
path.base
dircache
EPSS
0
Percentile
15.8%
httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/…..\asd becomes …..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix.
CNA Affected
[
{
"vendor": "golang.org/x/crypto",
"product": "golang.org/x/crypto/acme/autocert",
"collectionURL": "https://pkg.go.dev",
"packageName": "golang.org/x/crypto/acme/autocert",
"versions": [
{
"version": "0",
"lessThan": "0.0.0-20220525230936-793ad666bf5e",
"status": "affected",
"versionType": "semver"
}
],
"platforms": [
"windows"
],
"programRoutines": [
{
"name": "DirCache.Get"
},
{
"name": "DirCache.Put"
},
{
"name": "DirCache.Delete"
},
{
"name": "HostWhitelist"
},
{
"name": "Manager.GetCertificate"
},
{
"name": "Manager.Listener"
},
{
"name": "NewListener"
},
{
"name": "listener.Accept"
},
{
"name": "listener.Close"
}
],
"defaultStatus": "unaffected"
}
]Related
debiancve
debiancve
CVE-2022-30636
2024-07-02 20:15:05
ubuntucve
ubuntucve
CVE-2022-30636
2024-07-02 00:00:00
osv
osv
Limited directory traversal vulnerability on Windows in golang.org/x/crypto
2024-07-02 19:27:52
CVE-2022-30636
2024-07-02 20:15:05
vulnrichment
vulnrichment
nvd
nvd
CVE-2022-30636
2024-07-02 20:15:05
cve
cve
CVE-2022-30636
2024-07-02 20:15:05
