Note: This is a public test instance of Red Hat Bugzilla. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback at bugzilla.redhat.com.
Bug 2253323 (CVE-2023-45285)
Summary: | CVE-2023-45285 golang: cmd/go: Protocol Fallback when fetching modules | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | CC: | bodavis, dbenoit, dfreiber, dkenigsb, drow, emachado, fdeutsch, ganandan, gsuckevi, jburrell, jwendell, mnewsome, oramraz, rcernich, sipoyare, smullick, twalsh, vkumar |
Target Milestone: | --- | Keywords: | Security |
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | golang 1.20.12, golang 1.21.0-0, golang 1.21.5 | Doc Type: | If docs needed, set a value |
Doc Text: |
A flaw was found in the Golang package cmd/go. This issue permits the fallback to insecure "git://" if trying to fetch a .git module that has no "https://" or "git+ssh://" available.
|
Story Points: | --- |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2253324, 2253325, 2253326, 2253327, 2253347 | ||
Bug Blocks: |
Description
Patrick Del Bello
2023-12-06 20:25:43 UTC
Created golang tracking bugs for this issue: Affects: epel-all [bug 2253324] Affects: fedora-all [bug 2253325] This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:0887 https://access.redhat.com/errata/RHSA-2024:0887 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2023:7198 https://access.redhat.com/errata/RHSA-2023:7198 This issue has been addressed in the following products: Red Hat Developer Tools Via RHSA-2024:1041 https://access.redhat.com/errata/RHSA-2024:1041 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1131 https://access.redhat.com/errata/RHSA-2024:1131 |