Lucene search

MitreCVE-2022-44544

HistoryNov 06, 2022 - 5:15 p.m.

CVE-2022-44544

2022-11-0617:15:10

mitre

web.nvd.nist.gov

cve-2022-44544

mahara

pdf export

remote shell

ubuntu

ghostscript

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.

Affected configurations

Nvd

Node

canonicalubuntu_linuxMatch18.04

AND

maharamaharaRange21.04.0–21.04.7

maharamaharaRange21.10.0–21.10.5

maharamaharaRange22.04.0–22.04.3

maharamaharaMatch22.10.0rc1

VendorProductVersionCPE
canonicalubuntu_linux18.04cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:*:*:*:*
maharamahara*cpe:2.3:a:mahara:mahara:*:*:*:*:*:*:*:*
maharamahara22.10.0cpe:2.3:a:mahara:mahara:22.10.0:rc1:*:*:*:*:*:*

Vendor	Product	Version	CPE
canonical	ubuntu_linux	18.04	cpe:2.3:o:canonical:ubuntu_linux:18.04:::::::*
mahara	mahara	*	cpe:2.3:a:mahara:mahara::::::::
mahara	mahara	22.10.0	cpe:2.3:a:mahara:mahara:22.10.0:rc1::::::

References

bugs.launchpad.net/mahara/+bug/1979575

mahara.org/interaction/forum/topic.php?id=9198

Social References

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

AI Score

9.4

Confidence

High

EPSS

0.002

Percentile

55.9%

JSON

Related for CVE-2022-44544