CVE-2022-30636

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
GoCNA
---
---
CVEADP
---
---
CISA-ADPADP
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: 42%
Debian logo
Debian Releases
Debian Product
Codename
golang-go.crypto
bullseye
unimportant
bookworm
1:0.4.0-1
fixed
sid
1:0.25.0-1
fixed
trixie
1:0.25.0-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang
noble
dne
mantic
dne
jammy
dne
focal
dne
golang-1.10
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
xenial
not-affected
trusty
not-affected
golang-1.13
noble
dne
mantic
dne
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
golang-1.14
noble
dne
mantic
dne
jammy
dne
focal
not-affected
golang-1.16
noble
dne
mantic
dne
jammy
dne
focal
not-affected
bionic
not-affected
golang-1.17
noble
dne
mantic
dne
jammy
not-affected
focal
dne
golang-1.18
noble
dne
mantic
dne
jammy
not-affected
focal
not-affected
bionic
not-affected
xenial
not-affected
golang-1.19
noble
dne
mantic
dne
jammy
dne
focal
dne
golang-1.20
noble
dne
mantic
not-affected
jammy
not-affected
focal
not-affected
golang-1.21
noble
not-affected
mantic
not-affected
jammy
not-affected
focal
not-affected
golang-1.22
noble
not-affected
mantic
not-affected
jammy
not-affected
focal
not-affected
golang-1.6
noble
dne
mantic
dne
jammy
dne
focal
dne
xenial
not-affected
golang-1.8
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
golang-1.9
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
not-affected
References
https://go.dev/cl/408694
https://go.dev/issue/53082
https://pkg.go.dev/vuln/GO-2024-2961
https://go.dev/cl/408694
https://go.dev/issue/53082
https://pkg.go.dev/vuln/GO-2024-2961