Lucene search

[email protected]CVE-2022-39245

HistorySep 26, 2022 - 2:15 p.m.

CVE-2022-39245

2022-09-2614:15:10

CWE-287

CWE-426

CWE-305

[email protected]

web.nvd.nist.gov

cve-2022-39245

mist cli

makedeb package repository

local user

arbitrary commands

root permissions

nvd

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user’s system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.

Affected configurations

Vulners

NVD

Node

makedebmistRange<0.9.5

VendorProductVersionCPE
makedebmist*cpe:2.3:a:makedeb:mist:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
makedeb	mist	*	cpe:2.3:a:makedeb:mist::::::::

CNA Affected

[
  {
    "product": "mist",
    "vendor": "makedeb",
    "versions": [
      {
        "status": "affected",
        "version": "< 0.9.5"
      }
    ]
  }
]

References

github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67

github.com/makedeb/mist/releases/tag/v0.9.5

github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6

Social References

8.4 High

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2022-39245

nvd1 osv1 cvelist1 prion1