CVE-2022-30636 — Vulnetix

CVE-2022-30636 PUBLISHED CVSS 7.5 HIGH

httpTokenCacheKey uses path.Base to extract the expected HTTP-01 token value to lookup in the DirCache implementation. On Windows, path.Base acts differently to filepath.Base, since Windows uses a different path separator (\ vs. /), allowing a user to provide a relative path, i.e. .well-known/acme-challenge/..\..\asd becomes ..\..\asd. The extracted path is then suffixed with +http-01, joined with the cache directory, and opened. Since the controlled path is suffixed with +http-01 before opening, the impact of this is significantly limited, since it only allows reading arbitrary files on the system if and only if they have this suffix.

EPSS 0.19% · 40.6th percentile

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS Score

0.19%

40.6th percentile

Affected Products

Vendor	Product	Versions
golang	crypto	0
golang.org/x/crypto	golang.org/x/crypto/acme/autocert	0

Timeline

Jul 2, 2024 CVE Published
Jul 3, 2024 EPSS Score
Jul 25, 2024 EPSS Score
Aug 15, 2024 EPSS Score
Sep 6, 2024 EPSS Score
Sep 28, 2024 EPSS Score
Oct 19, 2024 EPSS Score
Nov 10, 2024 EPSS Score
Dec 3, 2024 EPSS Score
Dec 25, 2024 EPSS Score
Jan 15, 2025 EPSS Score
Feb 6, 2025 EPSS Score

References

Open in Interactive Console →