Bug 2118605 (CVE-2022-30580)
| Summary: | CVE-2022-30580 golang: os/exec: Code injection in Cmd.Start | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Avinash Hanwate <ahanwate> |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | abishop, agerstmayr, akostadi, alakatos, amackenz, amasferr, amctagga, amurdaca, anjoseph, ansmith, anthomas, aoconnor, apevec, asm, bbaude, bbuckingham, bcl, bcoca, bcourt, bdettelb, bkundu, bniver, bodavis, btotty, chazlett, chousekn, cmeyers, cnv-qe-bugs, crizzo, davidn, dbenoit, debarshir, deparker, dhanak, dmayorov, doconnor, drosa, dschmidt, dsimansk, dwalsh, dwd, dwhatley, dymurray, eduardo.ramalho, eglynn, ehelms, emachado, etamir, fdeutsch, flucifre, gblomqui, ggainey, gmeno, gparvin, grafana-maint, groman, hchiramm, ibolton, jaharrin, jburrell, jcajka, jcammara, jcantril, jchui, jeder, jhardy, jjoyce, jkurik, jlanda, jligon, jlledo, jmatthew, jmontleo, jmulligan, jnovy, jobarker, joelsmith, jpadman, jpasqual, jprabhak, jpretori, jramanat, jschluet, jsherril, juwatts, jwendell, jwon, kbempah, kingland, krathod, kshier, lball, lchilton, lemenkov, lhh, lsm5, lzap, mabashia, madam, manissin, matzew, maxwell, mbenjamin, mboddu, mburns, mcressma, mgarciac, mhackett, mheon, mhulan, mkudlej, mmagr, mmccune, mnewsome, mnovotny, mokumar, mwringe, myarboro, nathans, nbecker, nboldt, njean, nmoumoul, nobody, notting, ocs-bugs, opohorel, orabin, oramraz, osapryki, osbuilders, oskutka, osousa, ovanders, pahickey, pantinor, pcreech, pehunt, periklis, pgaikwad, pjindal, ploffay, pthomas, rcernich, rchan, relrod, rhaigner, rhcos-sst, rhel-process-autobot, rhos-maint, rhs-bugs, rhuss, rjohnson, rpetrell, rrajasek, rsroka, saroy, sausingh, scorneli, sdawley, sdoran, sfeifer, sgott, simaishi, sipoyare, slucidi, smallamp, smcdonal, smullick, solenoci, sostapov, spower, sseago, stcannon, stirabos, sttts, teagle, thason, tjochec, tkral, tkuratom, tmalecek, tsedmik, tstellar, tsweeney, twalsh, umohnani, vereddy, vkarehfa, vkareh, vrothber, watson-tool-maintainers, whayutin, wtam, yguenane |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in the os/exec golang package. This issue occurs when invoking different Cmd methods and the Cmd.Path is unset. This could lead to a command injection, allowing an attacker to execute any binaries in the working directory.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-08-19 16:53:32 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | |||
| Bug Blocks: | 2117836 | ||
|
Description
Avinash Hanwate
2022-08-16 09:11:23 UTC
only affects windows. closing main task as not a bug. |