Bug 2118605 (CVE-2022-30580)
Summary: | CVE-2022-30580 golang: os/exec: Code injection in Cmd.Start | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
Status: | CLOSED NOTABUG | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | abishop, agerstmayr, alakatos, amackenz, amasferr, amctagga, amurdaca, ansmith, aoconnor, apevec, asm, bbaude, bbuckingham, bcl, bcoca, bcourt, bdettelb, bkundu, bniver, bodavis, btotty, chazlett, chousekn, cmeyers, cnv-qe-bugs, davidn, dbenoit, debarshir, deparker, dwalsh, dwd, dwhatley, dymurray, eduardo.ramalho, eglynn, ehelms, emachado, etamir, fdeutsch, flucifre, gblomqui, gmeno, gparvin, grafana-maint, hchiramm, ibolton, jaharrin, jburrell, jcajka, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jkurik, jligon, jmatthew, jmontleo, jmulligan, jnovy, jobarker, joelsmith, jpadman, jramanat, jsherril, jwendell, jwon, krathod, lball, lemenkov, lhh, lsm5, lzap, mabashia, madam, matzew, maxwell, mbenjamin, mboddu, mburns, mcressma, mgarciac, mhackett, mheon, mhulan, mkudlej, mmagr, mmccune, mnewsome, mokumar, mwringe, myarboro, nathans, nbecker, nboldt, njean, nmoumoul, nobody, notting, ocs-bugs, opohorel, orabin, osapryki, osbuilders, oskutka, ovanders, pahickey, pcreech, pehunt, periklis, pjindal, ploffay, pthomas, rcernich, rchan, relrod, rhcos-sst, rhos-maint, rhs-bugs, rhuss, rpetrell, rrajasek, rsroka, saroy, scorneli, sdoran, sgott, sipoyare, slucidi, smcdonal, sostapov, spower, sseago, stcannon, sttts, tjochec, tkral, tkuratom, tstellar, tsweeney, twalsh, umohnani, vereddy, vkareh, vrothber, whayutin |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: |
A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | 2022-08-19 16:53:32 UTC | Type: | --- |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | |||
Bug Blocks: | 2117836 |
Description
Avinash Hanwate
2022-08-16 09:11:23 UTC
only affects windows. closing main task as not a bug. |