Home

CVE-2022-25648

Description

The package git before 1.11.0 are vulnerable to Command Injection via git argument injection. When calling the fetch(remote = origin, opts = {}) function, the remote parameter is passed to the git fetch subcommand in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Risk Information

Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
1.598

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2022-25648 are fixed in Ruby-git 1.11.0Windows
(RHSA-2022:8506) Satellite 6.12 Release foreman-cli-3.3.0.17-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release python39-pulp_manifest-3.0.0-3.el8pc.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-apipie-bindings-0.5.0-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-1.12.2-2.1.el8sat.x86_64.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-ffi-debugsource-1.12.2-2.1.el8sat.x86_64.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-foreman_maintain-1.1.8-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-gssapi-1.2.0-8.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli-3.3.0-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman-3.3.0.1-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_tasks-0.0.18-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_foreman_webhooks-0.0.3-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release rubygem-hammer_cli_katello-1.6.0.1-1.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release satellite-cli-6.12.0-4.el8sat.noarch.rpmLinux
(RHSA-2022:8506) Satellite 6.12 Release satellite-clone-3.2.0-1.el8sat.noarch.rpmLinux
Vulnerabilities CVE-2022-25648 are fixed in Ruby-git for Linux 1.11.0Linux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234