Lucene search

SnykCVELIST:CVE-2022-23915

HistoryMar 04, 2022 - 12:00 a.m.

CVE-2022-23915 Remote Code Execution (RCE)

2022-03-0400:00:00

snyk

www.cve.org

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

The package weblate from 0 and before 4.11.1 are vulnerable to Remote Code Execution (RCE) via argument injection when using git or mercurial repositories. Authenticated users, can change the behavior of the application in an unintended way, leading to command execution.

CNA Affected

[
  {
    "product": "Weblate",
    "vendor": "n/a",
    "versions": [
      {
        "lessThan": "unspecified",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      },
      {
        "lessThan": "4.11.1",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

References

github.com/WeblateOrg/weblate/pull/7337

github.com/WeblateOrg/weblate/pull/7338

github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1

snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088

7.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

9.6 High

AI Score

Confidence

High

0.003 Low

EPSS

Percentile

69.3%

JSON

Related for CVELIST:CVE-2022-23915