EUVD-2022-28709

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Go versions prior to 1.16.14 and 1.17.7 misinterpret branch names affecting access control.

Reporter	Title	Published	Views	Family All 166
IBM Security Bulletins	Security Bulletin: Potential module resolution error in DataPower Operator	17 Jun 202221:14	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Cloud Pak for Data is vulnerable to a variety of issues due to 3rd party software	27 Sep 202417:52	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Security Vulnerabilities may affect IBM Robotic Process Automation for Cloud Pak	25 Aug 202202:03	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Security Guardium Insights is affected by multiple vulnerabilities	8 Apr 202220:24	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in Golang Go affect Cloud Pak System	21 Mar 202323:07	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Celery, Golang Go, and Python affect IBM Spectrum Protect Plus Container Backup and Restore for Kubernetes and Red Hat OpenShift	12 Mar 202203:21	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in Linux Kernel, OpenSSL, Golang Go, and Zlib may affect IBM Spectrum Protect Plus	17 Sep 202206:09	–	ibm
IBM Security Bulletins	Security Bulletin: IBM Watson Speech Services Cartridge for IBM Cloud Pak for Data is vulnerable to incorrect access control in Golang Go (CVE-2022-23773)	12 Jan 202321:59	–	ibm
IBM Security Bulletins	Security Bulletin: Operations Dashboard is vulnerable to Go CVE-2022-23773	8 Apr 202214:47	–	ibm
IBM Security Bulletins	Security Bulletin: Platform Navigator and Automation Assets in IBM Cloud Pak for Integration are vulnerable to attack under error due to Go CVE-2022-23773	5 May 202214:40	–	ibm

[
  {
    "enisaIdVendor": [
      {
        "id": "1f684a5d-b07e-36ec-a66e-20d75e5bad6b",
        "vendor": {
          "name": "n/a"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "e337eb95-287e-3981-8229-bc5795f50e12",
        "product": {
          "name": "n/a"
        },
        "product_version": "n/a"
      }
    ]
  }
]

Source	Link
suse	www.suse.com/security/cve/CVE-2022-23773.html
advisories	www.advisories.mageia.org/CVE-2022-23773.html
linux	www.linux.oracle.com/cve/CVE-2022-23773.html
access	www.access.redhat.com/errata/RHSA-2022:1819
access	www.access.redhat.com/errata/RHSA-2022:4860
access	www.access.redhat.com/errata/RHSA-2022:4863
access	www.access.redhat.com/errata/RHSA-2022:5004
access	www.access.redhat.com/errata/RHSA-2022:5068
access	www.access.redhat.com/errata/RHSA-2022:5875
access	www.access.redhat.com/errata/RHSA-2022:5729

03 Oct 2025 20:07Current

8.5High risk

Vulners AI Score8.5

CVSS 3.17.5

CVSS 25

EPSS0.00118

go versions 1.16.14 1.17.7 access control branch name misinterpretation