msrc_cve-2022-29526
Vulnerability from csaf_microsoft
Published
2022-06-02 00:00
Modified
2025-05-27 00:00
Summary
Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible.
Notes
Additional Resources
To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer
The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29526 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-29526.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible.",
"tracking": {
"current_release_date": "2025-05-27T00:00:00.000Z",
"generator": {
"date": "2025-10-19T23:35:56.750Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-29526",
"initial_release_date": "2022-06-02T00:00:00.000Z",
"revision_history": [
{
"date": "2023-11-08T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
},
{
"date": "2024-01-24T00:00:00.000Z",
"legacy_version": "1.1",
"number": "2",
"summary": "Added nmi to CBL-Mariner 2.0\nAdded sriov-network-device-plugin to CBL-Mariner 2.0"
},
{
"date": "2024-04-11T00:00:00.000Z",
"legacy_version": "1.2",
"number": "3",
"summary": "Added cri-o to CBL-Mariner 2.0"
},
{
"date": "2024-06-30T07:00:00.000Z",
"legacy_version": "1.3",
"number": "4",
"summary": "Information published."
},
{
"date": "2024-08-09T00:00:00.000Z",
"legacy_version": "1.4",
"number": "5",
"summary": "Information published."
},
{
"date": "2024-08-29T00:00:00.000Z",
"legacy_version": "1.5",
"number": "6",
"summary": "Information published."
},
{
"date": "2024-08-30T00:00:00.000Z",
"legacy_version": "1.6",
"number": "7",
"summary": "Information published."
},
{
"date": "2024-08-31T00:00:00.000Z",
"legacy_version": "1.7",
"number": "8",
"summary": "Information published."
},
{
"date": "2024-09-01T00:00:00.000Z",
"legacy_version": "1.8",
"number": "9",
"summary": "Information published."
},
{
"date": "2024-09-02T00:00:00.000Z",
"legacy_version": "1.9",
"number": "10",
"summary": "Information published."
},
{
"date": "2024-09-03T00:00:00.000Z",
"legacy_version": "2",
"number": "11",
"summary": "Information published."
},
{
"date": "2024-09-05T00:00:00.000Z",
"legacy_version": "2.1",
"number": "12",
"summary": "Information published."
},
{
"date": "2024-09-06T00:00:00.000Z",
"legacy_version": "2.2",
"number": "13",
"summary": "Information published."
},
{
"date": "2024-09-07T00:00:00.000Z",
"legacy_version": "2.3",
"number": "14",
"summary": "Information published."
},
{
"date": "2024-09-08T00:00:00.000Z",
"legacy_version": "2.4",
"number": "15",
"summary": "Information published."
},
{
"date": "2024-09-11T00:00:00.000Z",
"legacy_version": "2.5",
"number": "16",
"summary": "Information published."
},
{
"date": "2024-10-05T00:00:00.000Z",
"legacy_version": "2.6",
"number": "17",
"summary": "Information published."
},
{
"date": "2024-10-16T00:00:00.000Z",
"legacy_version": "2.7",
"number": "18",
"summary": "Added prometheus to CBL-Mariner 2.0\nAdded azcopy to CBL-Mariner 2.0\nAdded kata-containers to CBL-Mariner 2.0\nAdded kata-containers-cc to CBL-Mariner 2.0\nAdded moby-engine to CBL-Mariner 2.0\nAdded cri-o to CBL-Mariner 2.0\nAdded git-lfs to CBL-Mariner 2.0\nAdded node-problem-detector to CBL-Mariner 2.0\nAdded nmi to CBL-Mariner 2.0\nAdded sriov-network-device-plugin to CBL-Mariner 2.0\nAdded kured to CBL-Mariner 2.0\nAdded golang to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded prometheus-process-exporter to Azure Linux 3.0\nAdded keda to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded moby-engine to Azure Linux 3.0\nAdded prometheus to Azure Linux 3.0\nAdded sriov-network-device-plugin to Azure Linux 3.0"
},
{
"date": "2025-01-30T00:00:00.000Z",
"legacy_version": "2.8",
"number": "19",
"summary": "Added cni to Azure Linux 3.0\nAdded golang to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded prometheus-process-exporter to Azure Linux 3.0\nAdded keda to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded moby-engine to Azure Linux 3.0\nAdded prometheus to Azure Linux 3.0\nAdded sriov-network-device-plugin to Azure Linux 3.0\nAdded prometheus to CBL-Mariner 2.0\nAdded azcopy to CBL-Mariner 2.0\nAdded kata-containers to CBL-Mariner 2.0\nAdded kata-containers-cc to CBL-Mariner 2.0\nAdded moby-engine to CBL-Mariner 2.0\nAdded cri-o to CBL-Mariner 2.0\nAdded git-lfs to CBL-Mariner 2.0\nAdded node-problem-detector to CBL-Mariner 2.0\nAdded nmi to CBL-Mariner 2.0\nAdded sriov-network-device-plugin to CBL-Mariner 2.0\nAdded kured to CBL-Mariner 2.0"
},
{
"date": "2025-05-15T00:00:00.000Z",
"legacy_version": "2.9",
"number": "20",
"summary": "Added containernetworking-plugins to Azure Linux 3.0\nAdded cni to Azure Linux 3.0\nAdded golang to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded prometheus-process-exporter to Azure Linux 3.0\nAdded keda to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded moby-engine to Azure Linux 3.0\nAdded prometheus to Azure Linux 3.0\nAdded sriov-network-device-plugin to Azure Linux 3.0\nAdded prometheus to CBL-Mariner 2.0\nAdded azcopy to CBL-Mariner 2.0\nAdded kata-containers to CBL-Mariner 2.0\nAdded kata-containers-cc to CBL-Mariner 2.0\nAdded moby-engine to CBL-Mariner 2.0\nAdded cri-o to CBL-Mariner 2.0\nAdded git-lfs to CBL-Mariner 2.0\nAdded node-problem-detector to CBL-Mariner 2.0\nAdded nmi to CBL-Mariner 2.0\nAdded sriov-network-device-plugin to CBL-Mariner 2.0\nAdded kured to CBL-Mariner 2.0"
},
{
"date": "2025-05-27T00:00:00.000Z",
"legacy_version": "3",
"number": "21",
"summary": "Added kata-containers to Azure Linux 3.0\nAdded kata-containers-cc to Azure Linux 3.0\nAdded containernetworking-plugins to Azure Linux 3.0\nAdded cni to Azure Linux 3.0\nAdded golang to Azure Linux 3.0\nAdded multus to Azure Linux 3.0\nAdded prometheus-process-exporter to Azure Linux 3.0\nAdded keda to Azure Linux 3.0\nAdded node-problem-detector to Azure Linux 3.0\nAdded moby-engine to Azure Linux 3.0\nAdded prometheus to Azure Linux 3.0\nAdded sriov-network-device-plugin to Azure Linux 3.0\nAdded prometheus to CBL-Mariner 2.0\nAdded azcopy to CBL-Mariner 2.0\nAdded kata-containers to CBL-Mariner 2.0\nAdded kata-containers-cc to CBL-Mariner 2.0\nAdded moby-engine to CBL-Mariner 2.0\nAdded cri-o to CBL-Mariner 2.0\nAdded git-lfs to CBL-Mariner 2.0\nAdded node-problem-detector to CBL-Mariner 2.0\nAdded nmi to CBL-Mariner 2.0\nAdded sriov-network-device-plugin to CBL-Mariner 2.0\nAdded kured to CBL-Mariner 2.0"
}
],
"status": "final",
"version": "21"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
},
{
"category": "product_version",
"name": "3.0",
"product": {
"name": "Azure Linux 3.0",
"product_id": "17084"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 prometheus 2.37.0-15",
"product": {
"name": "\u003ccbl2 prometheus 2.37.0-15",
"product_id": "3"
}
},
{
"category": "product_version",
"name": "cbl2 prometheus 2.37.0-15",
"product": {
"name": "cbl2 prometheus 2.37.0-15",
"product_id": "20327"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 prometheus 2.37.0-11",
"product": {
"name": "\u003cazl3 prometheus 2.37.0-11",
"product_id": "17"
}
},
{
"category": "product_version",
"name": "azl3 prometheus 2.37.0-11",
"product": {
"name": "azl3 prometheus 2.37.0-11",
"product_id": "20094"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 prometheus 2.37.0-1",
"product": {
"name": "\u003cazl3 prometheus 2.37.0-1",
"product_id": "45"
}
},
{
"category": "product_version",
"name": "azl3 prometheus 2.37.0-1",
"product": {
"name": "azl3 prometheus 2.37.0-1",
"product_id": "18821"
}
}
],
"category": "product_name",
"name": "prometheus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 multus 3.8-13",
"product": {
"name": "\u003cazl3 multus 3.8-13",
"product_id": "19"
}
},
{
"category": "product_version",
"name": "azl3 multus 3.8-13",
"product": {
"name": "azl3 multus 3.8-13",
"product_id": "20086"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 multus 4.0.2-1",
"product": {
"name": "\u003cazl3 multus 4.0.2-1",
"product_id": "43"
}
},
{
"category": "product_version",
"name": "azl3 multus 4.0.2-1",
"product": {
"name": "azl3 multus 4.0.2-1",
"product_id": "18823"
}
}
],
"category": "product_name",
"name": "multus"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 node-problem-detector 0.8.10-18",
"product": {
"name": "\u003cazl3 node-problem-detector 0.8.10-18",
"product_id": "5"
}
},
{
"category": "product_version",
"name": "azl3 node-problem-detector 0.8.10-18",
"product": {
"name": "azl3 node-problem-detector 0.8.10-18",
"product_id": "20307"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 node-problem-detector 0.8.15-1",
"product": {
"name": "\u003cazl3 node-problem-detector 0.8.15-1",
"product_id": "44"
}
},
{
"category": "product_version",
"name": "azl3 node-problem-detector 0.8.15-1",
"product": {
"name": "azl3 node-problem-detector 0.8.15-1",
"product_id": "18822"
}
}
],
"category": "product_name",
"name": "node-problem-detector"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 sriov-network-device-plugin 3.5.1-3",
"product": {
"name": "\u003cazl3 sriov-network-device-plugin 3.5.1-3",
"product_id": "15"
}
},
{
"category": "product_version",
"name": "azl3 sriov-network-device-plugin 3.5.1-3",
"product": {
"name": "azl3 sriov-network-device-plugin 3.5.1-3",
"product_id": "20235"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 sriov-network-device-plugin 3.7.0-1",
"product": {
"name": "\u003cazl3 sriov-network-device-plugin 3.7.0-1",
"product_id": "47"
}
},
{
"category": "product_version",
"name": "azl3 sriov-network-device-plugin 3.7.0-1",
"product": {
"name": "azl3 sriov-network-device-plugin 3.7.0-1",
"product_id": "18528"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 sriov-network-device-plugin 3.5.1-3",
"product": {
"name": "\u003ccbl2 sriov-network-device-plugin 3.5.1-3",
"product_id": "4"
}
},
{
"category": "product_version",
"name": "cbl2 sriov-network-device-plugin 3.5.1-3",
"product": {
"name": "cbl2 sriov-network-device-plugin 3.5.1-3",
"product_id": "20308"
}
}
],
"category": "product_name",
"name": "sriov-network-device-plugin"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.17.13-2",
"product": {
"name": "\u003ccbl2 golang 1.17.13-2",
"product_id": "33"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.17.13-2",
"product": {
"name": "cbl2 golang 1.17.13-2",
"product_id": "19778"
}
},
{
"category": "product_version_range",
"name": "\u003ccbl2 golang 1.18.8-7",
"product": {
"name": "\u003ccbl2 golang 1.18.8-7",
"product_id": "31"
}
},
{
"category": "product_version",
"name": "cbl2 golang 1.18.8-7",
"product": {
"name": "cbl2 golang 1.18.8-7",
"product_id": "19785"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.22.7-1",
"product": {
"name": "\u003cazl3 golang 1.22.7-1",
"product_id": "14"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.22.7-1",
"product": {
"name": "azl3 golang 1.22.7-1",
"product_id": "20239"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 golang 1.22.7-2",
"product": {
"name": "\u003cazl3 golang 1.22.7-2",
"product_id": "48"
}
},
{
"category": "product_version",
"name": "azl3 golang 1.22.7-2",
"product": {
"name": "azl3 golang 1.22.7-2",
"product_id": "18139"
}
}
],
"category": "product_name",
"name": "golang"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 containernetworking-plugins 1.6.1-4",
"product": {
"name": "\u003cazl3 containernetworking-plugins 1.6.1-4",
"product_id": "46"
}
},
{
"category": "product_version",
"name": "azl3 containernetworking-plugins 1.6.1-4",
"product": {
"name": "azl3 containernetworking-plugins 1.6.1-4",
"product_id": "18820"
}
}
],
"category": "product_name",
"name": "containernetworking-plugins"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 cni 1.1.2-4",
"product": {
"name": "\u003cazl3 cni 1.1.2-4",
"product_id": "53"
}
},
{
"category": "product_version",
"name": "azl3 cni 1.1.2-4",
"product": {
"name": "azl3 cni 1.1.2-4",
"product_id": "17505"
}
},
{
"category": "product_version_range",
"name": "cbl2 cni 1.0.1-18",
"product": {
"name": "cbl2 cni 1.0.1-18",
"product_id": "2"
}
}
],
"category": "product_name",
"name": "cni"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003cazl3 moby-engine 25.0.3-1",
"product": {
"name": "\u003cazl3 moby-engine 25.0.3-1",
"product_id": "50"
}
},
{
"category": "product_version",
"name": "azl3 moby-engine 25.0.3-1",
"product": {
"name": "azl3 moby-engine 25.0.3-1",
"product_id": "17814"
}
},
{
"category": "product_version_range",
"name": "\u003cazl3 moby-engine 20.10.25-3",
"product": {
"name": "\u003cazl3 moby-engine 20.10.25-3",
"product_id": "49"
}
},
{
"category": "product_version",
"name": "azl3 moby-engine 20.10.25-3",
"product": {
"name": "azl3 moby-engine 20.10.25-3",
"product_id": "17964"
}
}
],
"category": "product_name",
"name": "moby-engine"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 nmi 1.8.7-15",
"product": {
"name": "\u003ccbl2 nmi 1.8.7-15",
"product_id": "9"
}
},
{
"category": "product_version",
"name": "cbl2 nmi 1.8.7-15",
"product": {
"name": "cbl2 nmi 1.8.7-15",
"product_id": "20297"
}
}
],
"category": "product_name",
"name": "nmi"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 cri-o 1.22.3-14",
"product": {
"name": "\u003ccbl2 cri-o 1.22.3-14",
"product_id": "34"
}
},
{
"category": "product_version",
"name": "cbl2 cri-o 1.22.3-14",
"product": {
"name": "cbl2 cri-o 1.22.3-14",
"product_id": "19777"
}
}
],
"category": "product_name",
"name": "cri-o"
},
{
"category": "product_name",
"name": "cbl2 azcopy 10.15.0-15",
"product": {
"name": "cbl2 azcopy 10.15.0-15",
"product_id": "16"
}
},
{
"category": "product_name",
"name": "cbl2 cf-cli 8.4.0-24",
"product": {
"name": "cbl2 cf-cli 8.4.0-24",
"product_id": "21"
}
},
{
"category": "product_name",
"name": "cbl2 containerized-data-importer 1.55.0-23",
"product": {
"name": "cbl2 containerized-data-importer 1.55.0-23",
"product_id": "27"
}
},
{
"category": "product_name",
"name": "cbl2 flannel 0.14.0-25",
"product": {
"name": "cbl2 flannel 0.14.0-25",
"product_id": "12"
}
},
{
"category": "product_name",
"name": "cbl2 git-lfs 3.1.4-17",
"product": {
"name": "cbl2 git-lfs 3.1.4-17",
"product_id": "11"
}
},
{
"category": "product_name",
"name": "cbl2 kata-containers 3.2.0.azl2-6",
"product": {
"name": "cbl2 kata-containers 3.2.0.azl2-6",
"product_id": "39"
}
},
{
"category": "product_name",
"name": "cbl2 keda 2.4.0-29",
"product": {
"name": "cbl2 keda 2.4.0-29",
"product_id": "25"
}
},
{
"category": "product_name",
"name": "cbl2 libcontainers-common 20210626-7",
"product": {
"name": "cbl2 libcontainers-common 20210626-7",
"product_id": "29"
}
},
{
"category": "product_name",
"name": "cbl2 local-path-provisioner 0.0.21-18",
"product": {
"name": "cbl2 local-path-provisioner 0.0.21-18",
"product_id": "10"
}
},
{
"category": "product_name",
"name": "cbl2 moby-buildx 0.7.1-24",
"product": {
"name": "cbl2 moby-buildx 0.7.1-24",
"product_id": "32"
}
},
{
"category": "product_name",
"name": "cbl2 prometheus-node-exporter 1.3.1-26",
"product": {
"name": "cbl2 prometheus-node-exporter 1.3.1-26",
"product_id": "7"
}
},
{
"category": "product_name",
"name": "azl3 dcos-cli 1.2.0-18",
"product": {
"name": "azl3 dcos-cli 1.2.0-18",
"product_id": "52"
}
},
{
"category": "product_name",
"name": "azl3 kata-containers-cc 3.2.0.azl5-2",
"product": {
"name": "azl3 kata-containers-cc 3.2.0.azl5-2",
"product_id": "28"
}
},
{
"category": "product_name",
"name": "azl3 keda 2.4.0-15",
"product": {
"name": "azl3 keda 2.4.0-15",
"product_id": "22"
}
},
{
"category": "product_name",
"name": "azl3 prometheus-process-exporter 0.7.10-15",
"product": {
"name": "azl3 prometheus-process-exporter 0.7.10-15",
"product_id": "18"
}
},
{
"category": "product_name",
"name": "cbl2 tensorflow 2.11.1-2",
"product": {
"name": "cbl2 tensorflow 2.11.1-2",
"product_id": "42"
}
},
{
"category": "product_name",
"name": "azl3 python-tensorboard 2.16.2-6",
"product": {
"name": "azl3 python-tensorboard 2.16.2-6",
"product_id": "41"
}
},
{
"category": "product_name",
"name": "cbl2 application-gateway-kubernetes-ingress 1.4.0-25",
"product": {
"name": "cbl2 application-gateway-kubernetes-ingress 1.4.0-25",
"product_id": "36"
}
},
{
"category": "product_name",
"name": "cbl2 csi-driver-lvm 0.4.1-17",
"product": {
"name": "cbl2 csi-driver-lvm 0.4.1-17",
"product_id": "13"
}
},
{
"category": "product_name",
"name": "cbl2 dcos-cli 1.2.0-21",
"product": {
"name": "cbl2 dcos-cli 1.2.0-21",
"product_id": "26"
}
},
{
"category": "product_name",
"name": "cbl2 golang 1.22.7-3",
"product": {
"name": "cbl2 golang 1.22.7-3",
"product_id": "35"
}
},
{
"category": "product_name",
"name": "cbl2 jx 3.2.236-21",
"product": {
"name": "cbl2 jx 3.2.236-21",
"product_id": "40"
}
},
{
"category": "product_name",
"name": "cbl2 kata-containers-cc 3.2.0.azl2-6",
"product": {
"name": "cbl2 kata-containers-cc 3.2.0.azl2-6",
"product_id": "38"
}
},
{
"category": "product_name",
"name": "cbl2 kube-vip-cloud-provider 0.0.2-22",
"product": {
"name": "cbl2 kube-vip-cloud-provider 0.0.2-22",
"product_id": "24"
}
},
{
"category": "product_name",
"name": "cbl2 moby-engine 20.10.27-4",
"product": {
"name": "cbl2 moby-engine 20.10.27-4",
"product_id": "20"
}
},
{
"category": "product_name",
"name": "cbl2 node-problem-detector 0.8.10-20",
"product": {
"name": "cbl2 node-problem-detector 0.8.10-20",
"product_id": "8"
}
},
{
"category": "product_name",
"name": "cbl2 prometheus-process-exporter 0.7.10-21",
"product": {
"name": "cbl2 prometheus-process-exporter 0.7.10-21",
"product_id": "6"
}
},
{
"category": "product_name",
"name": "cbl2 rook 1.6.2-26",
"product": {
"name": "cbl2 rook 1.6.2-26",
"product_id": "23"
}
},
{
"category": "product_name",
"name": "azl3 kata-containers 3.2.0.azl5-2",
"product": {
"name": "azl3 kata-containers 3.2.0.azl5-2",
"product_id": "30"
}
},
{
"category": "product_name",
"name": "azl3 tensorflow 2.16.1-9",
"product": {
"name": "azl3 tensorflow 2.16.1-9",
"product_id": "51"
}
},
{
"category": "product_name",
"name": "cbl2 python-tensorboard 2.11.0-3",
"product": {
"name": "cbl2 python-tensorboard 2.11.0-3",
"product_id": "37"
}
},
{
"category": "product_name",
"name": "cbl2 cni 1.0.1-19",
"product": {
"name": "cbl2 cni 1.0.1-19",
"product_id": "1"
}
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 azcopy 10.15.0-15 as a component of CBL Mariner 2.0",
"product_id": "17086-16"
},
"product_reference": "16",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cf-cli 8.4.0-24 as a component of CBL Mariner 2.0",
"product_id": "17086-21"
},
"product_reference": "21",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 containerized-data-importer 1.55.0-23 as a component of CBL Mariner 2.0",
"product_id": "17086-27"
},
"product_reference": "27",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 flannel 0.14.0-25 as a component of CBL Mariner 2.0",
"product_id": "17086-12"
},
"product_reference": "12",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 git-lfs 3.1.4-17 as a component of CBL Mariner 2.0",
"product_id": "17086-11"
},
"product_reference": "11",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kata-containers 3.2.0.azl2-6 as a component of CBL Mariner 2.0",
"product_id": "17086-39"
},
"product_reference": "39",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 keda 2.4.0-29 as a component of CBL Mariner 2.0",
"product_id": "17086-25"
},
"product_reference": "25",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 libcontainers-common 20210626-7 as a component of CBL Mariner 2.0",
"product_id": "17086-29"
},
"product_reference": "29",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 local-path-provisioner 0.0.21-18 as a component of CBL Mariner 2.0",
"product_id": "17086-10"
},
"product_reference": "10",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-buildx 0.7.1-24 as a component of CBL Mariner 2.0",
"product_id": "17086-32"
},
"product_reference": "32",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 prometheus 2.37.0-15 as a component of CBL Mariner 2.0",
"product_id": "17086-3"
},
"product_reference": "3",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 prometheus 2.37.0-15 as a component of CBL Mariner 2.0",
"product_id": "20327-17086"
},
"product_reference": "20327",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 prometheus-node-exporter 1.3.1-26 as a component of CBL Mariner 2.0",
"product_id": "17086-7"
},
"product_reference": "7",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 dcos-cli 1.2.0-18 as a component of Azure Linux 3.0",
"product_id": "17084-52"
},
"product_reference": "52",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kata-containers-cc 3.2.0.azl5-2 as a component of Azure Linux 3.0",
"product_id": "17084-28"
},
"product_reference": "28",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 keda 2.4.0-15 as a component of Azure Linux 3.0",
"product_id": "17084-22"
},
"product_reference": "22",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 multus 3.8-13 as a component of Azure Linux 3.0",
"product_id": "17084-19"
},
"product_reference": "19",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 multus 3.8-13 as a component of Azure Linux 3.0",
"product_id": "20086-17084"
},
"product_reference": "20086",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 node-problem-detector 0.8.10-18 as a component of Azure Linux 3.0",
"product_id": "17084-5"
},
"product_reference": "5",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 node-problem-detector 0.8.10-18 as a component of Azure Linux 3.0",
"product_id": "20307-17084"
},
"product_reference": "20307",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 prometheus 2.37.0-11 as a component of Azure Linux 3.0",
"product_id": "17084-17"
},
"product_reference": "17",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 prometheus 2.37.0-11 as a component of Azure Linux 3.0",
"product_id": "20094-17084"
},
"product_reference": "20094",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 prometheus-process-exporter 0.7.10-15 as a component of Azure Linux 3.0",
"product_id": "17084-18"
},
"product_reference": "18",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 sriov-network-device-plugin 3.5.1-3 as a component of Azure Linux 3.0",
"product_id": "17084-15"
},
"product_reference": "15",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 sriov-network-device-plugin 3.5.1-3 as a component of Azure Linux 3.0",
"product_id": "20235-17084"
},
"product_reference": "20235",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.17.13-2 as a component of CBL Mariner 2.0",
"product_id": "17086-33"
},
"product_reference": "33",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.17.13-2 as a component of CBL Mariner 2.0",
"product_id": "19778-17086"
},
"product_reference": "19778",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 golang 1.18.8-7 as a component of CBL Mariner 2.0",
"product_id": "17086-31"
},
"product_reference": "31",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.18.8-7 as a component of CBL Mariner 2.0",
"product_id": "19785-17086"
},
"product_reference": "19785",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 tensorflow 2.11.1-2 as a component of CBL Mariner 2.0",
"product_id": "17086-42"
},
"product_reference": "42",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 python-tensorboard 2.16.2-6 as a component of Azure Linux 3.0",
"product_id": "17084-41"
},
"product_reference": "41",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.22.7-1 as a component of Azure Linux 3.0",
"product_id": "17084-14"
},
"product_reference": "14",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.22.7-1 as a component of Azure Linux 3.0",
"product_id": "20239-17084"
},
"product_reference": "20239",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 golang 1.22.7-2 as a component of Azure Linux 3.0",
"product_id": "17084-48"
},
"product_reference": "48",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 golang 1.22.7-2 as a component of Azure Linux 3.0",
"product_id": "18139-17084"
},
"product_reference": "18139",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 containernetworking-plugins 1.6.1-4 as a component of Azure Linux 3.0",
"product_id": "17084-46"
},
"product_reference": "46",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 containernetworking-plugins 1.6.1-4 as a component of Azure Linux 3.0",
"product_id": "18820-17084"
},
"product_reference": "18820",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 cni 1.1.2-4 as a component of Azure Linux 3.0",
"product_id": "17084-53"
},
"product_reference": "53",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 cni 1.1.2-4 as a component of Azure Linux 3.0",
"product_id": "17505-17084"
},
"product_reference": "17505",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 sriov-network-device-plugin 3.7.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-47"
},
"product_reference": "47",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 sriov-network-device-plugin 3.7.0-1 as a component of Azure Linux 3.0",
"product_id": "18528-17084"
},
"product_reference": "18528",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 prometheus 2.37.0-1 as a component of Azure Linux 3.0",
"product_id": "17084-45"
},
"product_reference": "45",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 prometheus 2.37.0-1 as a component of Azure Linux 3.0",
"product_id": "18821-17084"
},
"product_reference": "18821",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 node-problem-detector 0.8.15-1 as a component of Azure Linux 3.0",
"product_id": "17084-44"
},
"product_reference": "44",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 node-problem-detector 0.8.15-1 as a component of Azure Linux 3.0",
"product_id": "18822-17084"
},
"product_reference": "18822",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 multus 4.0.2-1 as a component of Azure Linux 3.0",
"product_id": "17084-43"
},
"product_reference": "43",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 multus 4.0.2-1 as a component of Azure Linux 3.0",
"product_id": "18823-17084"
},
"product_reference": "18823",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 moby-engine 25.0.3-1 as a component of Azure Linux 3.0",
"product_id": "17084-50"
},
"product_reference": "50",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 moby-engine 25.0.3-1 as a component of Azure Linux 3.0",
"product_id": "17814-17084"
},
"product_reference": "17814",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 application-gateway-kubernetes-ingress 1.4.0-25 as a component of CBL Mariner 2.0",
"product_id": "17086-36"
},
"product_reference": "36",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 csi-driver-lvm 0.4.1-17 as a component of CBL Mariner 2.0",
"product_id": "17086-13"
},
"product_reference": "13",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 dcos-cli 1.2.0-21 as a component of CBL Mariner 2.0",
"product_id": "17086-26"
},
"product_reference": "26",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 golang 1.22.7-3 as a component of CBL Mariner 2.0",
"product_id": "17086-35"
},
"product_reference": "35",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 jx 3.2.236-21 as a component of CBL Mariner 2.0",
"product_id": "17086-40"
},
"product_reference": "40",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kata-containers-cc 3.2.0.azl2-6 as a component of CBL Mariner 2.0",
"product_id": "17086-38"
},
"product_reference": "38",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 kube-vip-cloud-provider 0.0.2-22 as a component of CBL Mariner 2.0",
"product_id": "17086-24"
},
"product_reference": "24",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 moby-engine 20.10.27-4 as a component of CBL Mariner 2.0",
"product_id": "17086-20"
},
"product_reference": "20",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 nmi 1.8.7-15 as a component of CBL Mariner 2.0",
"product_id": "17086-9"
},
"product_reference": "9",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 nmi 1.8.7-15 as a component of CBL Mariner 2.0",
"product_id": "20297-17086"
},
"product_reference": "20297",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 node-problem-detector 0.8.10-20 as a component of CBL Mariner 2.0",
"product_id": "17086-8"
},
"product_reference": "8",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 prometheus-process-exporter 0.7.10-21 as a component of CBL Mariner 2.0",
"product_id": "17086-6"
},
"product_reference": "6",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 rook 1.6.2-26 as a component of CBL Mariner 2.0",
"product_id": "17086-23"
},
"product_reference": "23",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 sriov-network-device-plugin 3.5.1-3 as a component of CBL Mariner 2.0",
"product_id": "17086-4"
},
"product_reference": "4",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 sriov-network-device-plugin 3.5.1-3 as a component of CBL Mariner 2.0",
"product_id": "20308-17086"
},
"product_reference": "20308",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 kata-containers 3.2.0.azl5-2 as a component of Azure Linux 3.0",
"product_id": "17084-30"
},
"product_reference": "30",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003cazl3 moby-engine 20.10.25-3 as a component of Azure Linux 3.0",
"product_id": "17084-49"
},
"product_reference": "49",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 moby-engine 20.10.25-3 as a component of Azure Linux 3.0",
"product_id": "17964-17084"
},
"product_reference": "17964",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "azl3 tensorflow 2.16.1-9 as a component of Azure Linux 3.0",
"product_id": "17084-51"
},
"product_reference": "51",
"relates_to_product_reference": "17084"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 python-tensorboard 2.11.0-3 as a component of CBL Mariner 2.0",
"product_id": "17086-37"
},
"product_reference": "37",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 cri-o 1.22.3-14 as a component of CBL Mariner 2.0",
"product_id": "17086-34"
},
"product_reference": "34",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cri-o 1.22.3-14 as a component of CBL Mariner 2.0",
"product_id": "19777-17086"
},
"product_reference": "19777",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cni 1.0.1-18 as a component of CBL Mariner 2.0",
"product_id": "17086-2"
},
"product_reference": "2",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 cni 1.0.1-19 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-29526",
"cwe": {
"id": "CWE-269",
"name": "Improper Privilege Management"
},
"flags": [
{
"label": "component_not_present",
"product_ids": [
"17086-16",
"17086-21",
"17086-27",
"17086-12",
"17086-11",
"17086-25",
"17086-29",
"17086-10",
"17086-32",
"17086-7",
"17084-52",
"17084-22",
"17084-18",
"17086-42",
"17084-41",
"17086-36",
"17086-13",
"17086-26",
"17086-35",
"17086-40",
"17086-24",
"17086-20",
"17086-8",
"17086-6",
"17086-23",
"17084-51",
"17086-37",
"17086-1"
]
},
{
"label": "vulnerable_code_not_in_execute_path",
"product_ids": [
"17086-39",
"17084-28",
"17086-38",
"17084-30"
]
}
],
"notes": [
{
"category": "general",
"text": "mitre",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"20327-17086",
"20086-17084",
"20307-17084",
"20094-17084",
"20235-17084",
"19778-17086",
"19785-17086",
"20239-17084",
"18139-17084",
"18820-17084",
"17505-17084",
"18528-17084",
"18821-17084",
"18822-17084",
"18823-17084",
"17814-17084",
"20297-17086",
"20308-17086",
"17964-17084",
"19777-17086"
],
"known_affected": [
"17086-3",
"17084-19",
"17084-5",
"17084-17",
"17084-15",
"17086-33",
"17086-31",
"17084-14",
"17084-48",
"17084-46",
"17084-53",
"17084-47",
"17084-45",
"17084-44",
"17084-43",
"17084-50",
"17086-9",
"17086-4",
"17084-49",
"17086-34",
"17086-2"
],
"known_not_affected": [
"17086-16",
"17086-21",
"17086-27",
"17086-12",
"17086-11",
"17086-39",
"17086-25",
"17086-29",
"17086-10",
"17086-32",
"17086-7",
"17084-52",
"17084-28",
"17084-22",
"17084-18",
"17086-42",
"17084-41",
"17086-36",
"17086-13",
"17086-26",
"17086-35",
"17086-40",
"17086-38",
"17086-24",
"17086-20",
"17086-8",
"17086-6",
"17086-23",
"17084-30",
"17084-51",
"17086-37",
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-29526 Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-29526.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "2.37.9-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-3"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "4.0.2-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-19",
"17084-43"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "0.8.15-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-5",
"17084-44"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "2.45.4-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-17"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "3.7.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-15",
"17084-47"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-33",
"17086-31"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "1.22.7-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-14",
"17084-48"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "1.6.1-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-46"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "1.1.2-4:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-53"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "2.37.0-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-45"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "25.0.3-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17084-50",
"17084-49"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "1.8.11-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-9"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "3.6.2-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-4"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
},
{
"category": "vendor_fix",
"date": "2023-11-08T00:00:00.000Z",
"details": "1.21.7-2:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-34"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "LOW",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 5.3,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"version": "3.1"
},
"products": [
"17086-3",
"17084-19",
"17084-5",
"17084-17",
"17084-15",
"17086-33",
"17086-31",
"17084-14",
"17084-48",
"17084-46",
"17084-53",
"17084-47",
"17084-45",
"17084-44",
"17084-43",
"17084-50",
"17086-9",
"17086-4",
"17084-49",
"17086-34",
"17086-2"
]
}
],
"title": "Go before 1.17.10 and 1.18.x before 1.18.2 has Incorrect Privilege Assignment. When called with a non-zero flags parameter the Faccessat function could incorrectly report that a file is accessible."
}
]
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…