CVE-2022-41722 - Vulnerability Details

A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as "a/../c:/b" into the valid path "c:\b". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path ".\c:\b".

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact partial

Vendors	Products
Golang	Go
Microsoft	Windows
Redhat	Openshift

Configuration 1 [-]

AND

OR	cpe:2.3:a:golang:go::::::::
	cpe:2.3:a:golang:go:1.20.0:-::::::

cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*

Package	CPE	Advisory	Released Date
Red Hat OpenShift Container Platform 4.13
openshift-clients-0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:1325	2023-05-18T00:00:00Z
openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3304	2023-05-30T00:00:00Z
cri-o-0:1.26.3-7.rhaos4.13.gitec064c9.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3366	2023-06-07T00:00:00Z
cri-tools-0:1.26.0-2.el9	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3366	2023-06-07T00:00:00Z
openshift-0:4.13.0-202305301919.p0.g0001a21.assembly.stream.el9	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3366	2023-06-07T00:00:00Z
openshift-clients-0:4.13.0-202305291355.p0.g1024efc.assembly.stream.el8	cpe:/a:redhat:openshift:4.13::el8	RHSA-2023:3366	2023-06-07T00:00:00Z
openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z
openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream	cpe:/a:redhat:openshift:4.13::el9	RHSA-2023:3304	2023-05-30T00:00:00Z

References

Link	Providers
https://go.dev/cl/468123
https://go.dev/issue/57274
https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E
https://nvd.nist.gov/vuln/detail/CVE-2022-41722
https://pkg.go.dev/vuln/GO-2023-1568
https://www.cve.org/CVERecord?id=CVE-2022-41722

History

Fri, 07 Mar 2025 18:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: Go

Published: 2023-02-28T17:19:41.324Z

Updated: 2025-03-07T17:58:57.055Z

Reserved: 2022-09-28T17:00:06.610Z

Link: CVE-2022-41722

Vulnrichment

Updated: 2024-08-03T12:49:43.602Z

NVD

Status : Modified

Published: 2023-02-28T18:15:09.887

Modified: 2024-11-21T07:23:44.303

Link: CVE-2022-41722

Redhat

Severity : Moderate

Publid Date: 2023-02-15T00:00:00Z

Links: CVE-2022-41722 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-41722", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "state": "PUBLISHED", "assignerShortName": "Go", "dateReserved": "2022-09-28T17:00:06.610Z", "datePublished": "2023-02-28T17:19:41.324Z", "dateUpdated": "2025-03-07T17:58:57.055Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:05:50.152Z"}, "title": "Path traversal on Windows in path/filepath", "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\"."}], "affected": [{"vendor": "Go standard library", "product": "path/filepath", "collectionURL": "https://pkg.go.dev", "packageName": "path/filepath", "versions": [{"version": "0", "lessThan": "1.19.6", "status": "affected", "versionType": "semver"}, {"version": "1.20.0-0", "lessThan": "1.20.1", "status": "affected", "versionType": "semver"}], "platforms": ["windows"], "programRoutines": [{"name": "Clean"}, {"name": "Abs"}, {"name": "Dir"}, {"name": "EvalSymlinks"}, {"name": "Glob"}, {"name": "IsLocal"}, {"name": "Join"}, {"name": "Rel"}, {"name": "Walk"}, {"name": "WalkDir"}], "defaultStatus": "unaffected"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted\nDirectory (\"Path Traversal\")\n"}]}], "references": [{"url": "https://go.dev/issue/57274"}, {"url": "https://go.dev/cl/468123"}, {"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1568"}], "credits": [{"lang": "en", "value": "RyotaK (https://ryotak.net)"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.602Z"}, "title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/57274", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/468123", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1568", "tags": ["x_transferred"]}]}, {"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-07T17:58:38.218567Z", "id": "CVE-2022-41722", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T17:58:57.055Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://go.dev/issue/57274", "tags": ["x_transferred"]}, {"url": "https://go.dev/cl/468123", "tags": ["x_transferred"]}, {"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E", "tags": ["x_transferred"]}, {"url": "https://pkg.go.dev/vuln/GO-2023-1568", "tags": ["x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:49:43.602Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2022-41722", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-07T17:58:38.218567Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-07T17:58:49.541Z"}}], "cna": {"title": "Path traversal on Windows in path/filepath", "credits": [{"lang": "en", "value": "RyotaK (https://ryotak.net)"}], "affected": [{"vendor": "Go standard library", "product": "path/filepath", "versions": [{"status": "affected", "version": "0", "lessThan": "1.19.6", "versionType": "semver"}, {"status": "affected", "version": "1.20.0-0", "lessThan": "1.20.1", "versionType": "semver"}], "platforms": ["windows"], "packageName": "path/filepath", "collectionURL": "https://pkg.go.dev", "defaultStatus": "unaffected", "programRoutines": [{"name": "Clean"}, {"name": "Abs"}, {"name": "Dir"}, {"name": "EvalSymlinks"}, {"name": "Glob"}, {"name": "IsLocal"}, {"name": "Join"}, {"name": "Rel"}, {"name": "Walk"}, {"name": "WalkDir"}]}], "references": [{"url": "https://go.dev/issue/57274"}, {"url": "https://go.dev/cl/468123"}, {"url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"}, {"url": "https://pkg.go.dev/vuln/GO-2023-1568"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\"."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted\nDirectory (\"Path Traversal\")\n"}]}], "providerMetadata": {"orgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "shortName": "Go", "dateUpdated": "2023-06-12T19:05:50.152Z"}}}, "cveMetadata": {"cveId": "CVE-2022-41722", "state": "PUBLISHED", "dateUpdated": "2025-03-07T17:58:57.055Z", "dateReserved": "2022-09-28T17:00:06.610Z", "assignerOrgId": "1bb62c36-49e3-4200-9d77-64a1400537cc", "datePublished": "2023-02-28T17:19:41.324Z", "assignerShortName": "Go"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:golang:go:*:*:*:*:*:*:*:*", "matchCriteriaId": "2219CF76-6D17-487E-9B67-BC49E4743528", "versionEndExcluding": "1.19.6", "vulnerable": true}, {"criteria": "cpe:2.3:a:golang:go:1.20.0:-:*:*:*:*:*:*", "matchCriteriaId": "B78574DF-045C-4A26-B0F5-8C082B24D9FD", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*", "matchCriteriaId": "A2572D17-1DE6-457B-99CC-64AFD54487EA", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\"."}], "id": "CVE-2022-41722", "lastModified": "2024-11-21T07:23:44.303", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-02-28T18:15:09.887", "references": [{"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/cl/468123"}, {"source": "security@golang.org", "tags": ["Issue Tracking"], "url": "https://go.dev/issue/57274"}, {"source": "security@golang.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"}, {"source": "security@golang.org", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1568"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://go.dev/cl/468123"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking"], "url": "https://go.dev/issue/57274"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Vendor Advisory"], "url": "https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://pkg.go.dev/vuln/GO-2023-1568"}], "sourceIdentifier": "security@golang.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:1325", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-clients-0:4.13.0-202303241616.p0.g92b1a3d.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-18T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-o-0:1.26.3-7.rhaos4.13.gitec064c9.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "cri-tools-0:1.26.0-2.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-0:4.13.0-202305301919.p0.g0001a21.assembly.stream.el9", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3366", "cpe": "cpe:/a:redhat:openshift:4.13::el8", "package": "openshift-clients-0:4.13.0-202305291355.p0.g1024efc.assembly.stream.el8", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-06-07T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/cloud-network-config-controller-rhel8:v4.13.0-202305171615.p0.g71ccef5.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/network-tools-rhel8:v4.13.0-202305232329.p0.gb4098c6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/oc-mirror-plugin-rhel8:v4.13.0-202305171615.p0.gaee430b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-agent-installer-api-server-rhel8:v4.13.0-202305190628.p0.g8db33db.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-agent-installer-node-agent-rhel8:v4.13.0-202305190628.p0.ge8de058.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-aws-ebs-csi-driver-rhel8-operator:v4.13.0-202305191154.p0.gb6dee5c.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-baremetal-installer-rhel8:v4.13.0-202305210316.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-baremetal-rhel8-operator:v4.13.0-202305190854.p0.gd17c8bc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-baremetal-runtimecfg-rhel8:v4.13.0-202305211041.p0.gf0c1297.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cloud-credential-operator:v4.13.0-202305171615.p0.gd3b5ffa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-control-plane-machine-set-operator-rhel8:v4.13.0-202305230930.p0.g9740b7e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-kube-controller-manager-operator:v4.13.0-202305220716.p0.g56b9707.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-monitoring-operator:v4.13.0-202305171454.p0.g1563f68.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-network-operator:v4.13.0-202305180328.p0.g3ed6bef.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-node-tuning-operator:v4.13.0-202305230128.p0.g7333da2.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-policy-controller-rhel8:v4.13.0-202305220329.p0.g4aa5ecd.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-cluster-storage-operator:v4.13.0-202305181415.p0.g6479617.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-console:v4.13.0-202305231941.p0.g6f58e08.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-console-operator:v4.13.0-202305231816.p0.gc5f3b24.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-docker-builder:v4.13.0-202305220716.p0.g72c106d.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-hypershift-rhel8:v4.13.0-202305181516.p0.g3f61d88.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-image-customization-controller-rhel8:v4.13.0-202305190628.p0.g8765166.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-insights-rhel8-operator:v4.13.0-202305171615.p0.g0babf2b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-installer:v4.13.0-202305202341.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-installer-artifacts:v4.13.0-202305210744.p0.g2f227cc.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-ironic-machine-os-downloader-rhel9:v4.13.0-202305191342.p0.g2ba6060.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-kube-proxy:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-kuryr-cni-rhel8:v4.13.0-202305220716.p0.g3055dbe.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-api-provider-aws-rhel8:v4.13.0-202305171741.p0.gba3b3a3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-api-provider-azure-rhel8:v4.13.0-202305171615.p0.g2c0c0ec.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-api-provider-openstack-rhel8:v4.13.0-202305171615.p0.g36f48b7.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-machine-config-operator:v4.13.0-202305231717.p0.g1ae3805.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-multus-cni:v4.13.0-202305232329.p0.g5d283fa.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-network-interface-bond-cni-rhel8:v4.13.0-202305180328.p0.g937b1e6.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-nutanix-cloud-controller-manager-rhel8:v4.13.0-202305171741.p0.g4d1c58e.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-operator-lifecycle-manager:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-operator-registry:v4.13.0-202305171615.p0.gce46f5b.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-ovn-kubernetes:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-ovn-kubernetes-microshift-rhel9:v4.13.0-202305232329.p0.gdb0dbad.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-sdn-rhel8:v4.13.0-202305180130.p0.gd56dc6a.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-tests:v4.13.0-202305220716.p0.g893ae57.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-thanos-rhel8:v4.13.0-202305171615.p0.g43238be.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-vmware-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-vsphere-csi-driver-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}, {"advisory": "RHSA-2023:3304", "cpe": "cpe:/a:redhat:openshift:4.13::el9", "package": "openshift4/ose-vsphere-csi-driver-syncer-rhel8:v4.13.0-202305161954.p0.g5e0efc3.assembly.stream", "product_name": "Red Hat OpenShift Container Platform 4.13", "release_date": "2023-05-30T00:00:00Z"}], "bugzilla": {"description": "golang: path/filepath: path-filepath filepath.Clean path traversal", "id": "2203008", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2203008"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "status": "verified"}, "cwe": "CWE-22", "details": ["A path traversal vulnerability exists in filepath.Clean on Windows. On Windows, the filepath.Clean function could transform an invalid path such as \"a/../c:/b\" into the valid path \"c:\\b\". This transformation of a relative (if invalid) path into an absolute path could enable a directory traversal attack. After fix, the filepath.Clean function transforms this path into the relative (but still invalid) path \".\\c:\\b\".", "A flaw was found in Go, where it could allow a remote attacker to traverse directories on the system, caused by improper validation of user requests by the filepath.Clean on Windows package. This flaw allows an attacker to send a specially-crafted URL request containing \"dot dot\" sequences (/../) to view arbitrary files on the system."], "name": "CVE-2022-41722", "package_state": [{"cpe": "cpe:/a:redhat:cert_manager:1", "fix_state": "Not affected", "package_name": "cert-manager/cert-manager-operator-rhel9", "product_name": "cert-manager Operator for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:cryostat:2", "fix_state": "Under investigation", "package_name": "cryostat-tech-preview/cryostat-rhel8-operator", "product_name": "Cryostat 2"}, {"cpe": "cpe:/a:redhat:openshift_custom_metrics_autoscaler:2", "fix_state": "Not affected", "package_name": "custom-metrics-autoscaler/custom-metrics-autoscaler-rhel8", "product_name": "Custom Metric Autoscaler operator for Red Hat Openshift"}, {"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/logging-loki-rhel8", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:migration_toolkit_applications:6", "fix_state": "Not affected", "package_name": "mta/mta-hub-rhel8", "product_name": "Migration Toolkit for Applications 6"}, {"cpe": "cpe:/a:redhat:rhmt", "fix_state": "Not affected", "package_name": "rhmtc/openshift-velero-plugin-rhel8", "product_name": "Migration Toolkit for Containers"}, {"cpe": "cpe:/a:redhat:migration_toolkit_virtualization:2", "fix_state": "Not affected", "package_name": "migration-toolkit-virtualization/mtv-rhel8-operator", "product_name": "Migration Toolkit for Virtualization"}, {"cpe": "cpe:/a:redhat:mirror_registry:1", "fix_state": "Not affected", "package_name": "mirror-registry-container", "product_name": "mirror registry for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:network_observ_optr:1", "fix_state": "Not affected", "package_name": "network-observability/network-observability-rhel9-operator", "product_name": "Network Observability Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_node_healthcheck", "fix_state": "Not affected", "package_name": "workload-availability/node-healthcheck-rhel8-operator", "product_name": "Node HealthCheck Operator"}, {"cpe": "cpe:/a:redhat:workload_availability_nmo:5", "fix_state": "Not affected", "package_name": "workload-availability/node-maintenance-rhel8-operator", "product_name": "Node Maintenance Operator"}, {"cpe": "cpe:/a:redhat:openshift_api_data_protection:1", "fix_state": "Not affected", "package_name": "oadp/oadp-velero-rhel8", "product_name": "OpenShift API for Data Protection"}, {"cpe": "cpe:/a:redhat:openshift_pipelines:1", "fix_state": "Not affected", "package_name": "openshift-pipelines-client", "product_name": "OpenShift Pipelines"}, {"cpe": "cpe:/a:redhat:run_once_duration_override_operator:1", "fix_state": "Not affected", "package_name": "run-once-duration-override-operator/run-once-duration-override-rhel9", "product_name": "OpenShift Run Once Duration Override Operator"}, {"cpe": "cpe:/a:redhat:openshift_secondary_scheduler:1", "fix_state": "Not affected", "package_name": "openshift-secondary-scheduler-operator/secondary-scheduler-rhel9-operator", "product_name": "OpenShift Secondary Scheduler Operator"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Not affected", "package_name": "openshift-serverless-clients", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:service_mesh:2", "fix_state": "Not affected", "package_name": "openshift-golang-builder-container", "product_name": "OpenShift Service Mesh 2"}, {"cpe": "cpe:/a:redhat:red_hat_3scale_amp:2", "fix_state": "Not affected", "package_name": "3scale-operator-container", "product_name": "Red Hat 3scale API Management Platform 2"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Not affected", "package_name": "rhacm2/subctl-rhel9", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:4", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 4"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "openshift-clients", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:ansible_automation_platform:2", "fix_state": "Not affected", "package_name": "receptor", "product_name": "Red Hat Ansible Automation Platform 2"}, {"cpe": "cpe:/a:redhat:application_interconnect:1.0", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:application_interconnect:1.0", "fix_state": "Not affected", "package_name": "skupper-cli", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:application_interconnect:1.0", "fix_state": "Not affected", "package_name": "skupper-router", "product_name": "Red Hat Application Interconnect 1.0"}, {"cpe": "cpe:/a:redhat:ceph_storage:3", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Ceph Storage 3"}, {"cpe": "cpe:/a:redhat:ceph_storage:5", "fix_state": "Not affected", "package_name": "rhceph/rhceph-5-dashboard-rhel8", "product_name": "Red Hat Ceph Storage 5"}, {"cpe": "cpe:/a:redhat:devtools:", "fix_state": "Not affected", "package_name": "go-toolset-1.19-golang", "product_name": "Red Hat Developer Tools"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:3.0/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:4.0/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/buildah", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/conmon", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/podman", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/runc", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/skopeo", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "container-tools:rhel8/toolbox", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "go-toolset:rhel8/golang", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "butane", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "git-lfs", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "grafana-pcp", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "ignition", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "oci-seccomp-bpf-hook", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "osbuild-composer", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "rsyslog", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "runc", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "skopeo", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "weldr-client", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "buildah", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "butane", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "conmon-rs", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "containernetworking-plugins", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "ignition", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Will not fix", "package_name": "microshift", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "podman", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Not affected", "package_name": "skopeo", "product_name": "Red Hat OpenShift Container Platform 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "mcg", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_foundation:4", "fix_state": "Not affected", "package_name": "odf4/cephcsi-rhel9", "product_name": "Red Hat Openshift Data Foundation 4"}, {"cpe": "cpe:/a:redhat:openshift_data_science", "fix_state": "Not affected", "package_name": "rhods/odh-mm-rest-proxy-rhel8", "product_name": "Red Hat OpenShift Data Science (RHODS)"}, {"cpe": "cpe:/a:redhat:openshift_devspaces:3:", "fix_state": "Not affected", "package_name": "devspaces/udi-rhel8", "product_name": "Red Hat OpenShift Dev Spaces"}, {"cpe": "cpe:/a:redhat:openshift_distributed_tracing:2", "fix_state": "Not affected", "package_name": "rhosdt/jaeger-agent-rhel8", "product_name": "Red Hat OpenShift distributed tracing 2"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-1/gitops-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Not affected", "package_name": "openshift-gitops-kam", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_service_on_aws:1", "fix_state": "Not affected", "package_name": "rosa", "product_name": "Red Hat OpenShift on AWS"}, {"cpe": "cpe:/a:redhat:openshift_sandboxed_containers:1", "fix_state": "Not affected", "package_name": "openshift-sandboxed-containers/osc-rhel8-operator", "product_name": "Red Hat Openshift Sandboxed Containers"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "kubevirt", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:container_native_virtualization:4", "fix_state": "Not affected", "package_name": "openshift-golang-builder-container", "product_name": "Red Hat OpenShift Virtualization 4"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:16.2", "fix_state": "Not affected", "package_name": "rhosp-rhel8/osp-director-agent", "product_name": "Red Hat OpenStack Platform 16.2"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "collectd-libpod-stats", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "etcd", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "golang-github-infrawatch-apputils", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "golang-qpid-apache", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:openstack:17.0", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat OpenStack Platform 17.0"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/clair-rhel8", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "qpid-proton", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Not affected", "package_name": "yggdrasil-worker-forwarder", "product_name": "Red Hat Satellite 6"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "go-toolset-7-golang", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:storage:3", "fix_state": "Not affected", "package_name": "heketi", "product_name": "Red Hat Storage 3"}, {"cpe": "cpe:/a:redhat:webterminal:1", "fix_state": "Not affected", "package_name": "web-terminal-operator-container", "product_name": "Red Hat Web Terminal"}, {"cpe": "cpe:/a:redhat:workload_availability_self_node_remediation", "fix_state": "Not affected", "package_name": "workload-availability/self-node-remediation-rhel8-operator", "product_name": "Self Node Remediation Operator"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.4::el8", "fix_state": "Not affected", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.4 for RHEL 8"}, {"cpe": "cpe:/a:redhat:service_telemetry_framework:1.5::el8", "fix_state": "Not affected", "package_name": "stf/sg-core-rhel8", "product_name": "Service Telemetry Framework 1.5 for RHEL 8"}], "public_date": "2023-02-15T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-41722\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-41722"], "statement": "This CVE is specific to versions of Go on Windows. It does not affect any packages shipped with Red Hat Enterprise Linux 8 and Red Hat Enterprise Linux 9.\nThe following components were fixed in RHSA-2023:3366 and have therefore been marked as \"Not Affected\": `openshift`, `cri-tools`, `cri-o`, `containernetworking-plugins` and `conmon`", "threat_severity": "Moderate"}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

Exploitation none

Automatable yes

Technical Impact partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object