A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".
Metrics
No CVSS v4.0
Attack Vector Network
Attack Complexity Low
Privileges Required None
Scope Unchanged
Confidentiality Impact High
Integrity Impact None
Availability Impact None
User Interaction None
No CVSS v3.0
No CVSS v2
This CVE is not in the KEV list.
Key SSVC decision points have not yet been added.
Affected Vendors & Products
Vendors | Products |
---|---|
Golang |
|
Microsoft |
|
Redhat |
|
Configuration 1 [-]
AND |
|
Package | CPE | Advisory | Released Date |
---|---|---|---|
Red Hat OpenShift Container Platform 4.13 | |||
openshift-clients-0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el9 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:1325 | 2023-05-18T00:00:00Z |
openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
cri-o-0:1.26.3-7.rhaos4.13.gitec064c9.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3366 | 2023-06-07T00:00:00Z |
cri-tools-0:1.26.0-2.el9 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3366 | 2023-06-07T00:00:00Z |
openshift-0:4.13.0-202305301919.p0.g0001a21.assembly.stream.el9 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3366 | 2023-06-07T00:00:00Z |
openshift-clients-0:4.13.0-202305291355.p0.g1024efc.assembly.stream.el8 | cpe:/a:redhat:openshift:4.13::el8 | RHSA-2023:3366 | 2023-06-07T00:00:00Z |
openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream | cpe:/a:redhat:openshift:4.13::el9 | RHSA-2023:3304 | 2023-05-30T00:00:00Z |
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: Go
Published: 2023-02-28T17:19:41.324Z
Updated: 2024-08-03T12:49:43.602Z
Reserved: 2022-09-28T17:00:06.610Z
Link: CVE-2022-41722
Vulnrichment
No data.
NVD
Status : Modified
Published: 2023-02-28T18:15:09.887
Modified: 2024-11-21T07:23:44.303
Link: CVE-2022-41722
Redhat