Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.
Published 2022-09-26 14:15:11
Updated 2023-07-13 17:24:48
Source GitHub, Inc.
View at NVD,   CVE.org
Vulnerability category: File inclusionBypassGain privilege

Exploit prediction scoring system (EPSS) score for CVE-2022-39245

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 6 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2022-39245

Base Score Base Severity CVSS Vector Exploitability Score Impact Score Score Source
7.8
HIGH CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
1.8
5.9
NIST
8.4
HIGH CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
2.5
5.9
GitHub, Inc.

CWE ids for CVE-2022-39245

  • The product constructs all or part of a command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended command when it is sent to a downstream component.
    Assigned by: nvd@nist.gov (Primary)
  • When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.
    Assigned by: security-advisories@github.com (Secondary)
  • The authentication algorithm is sound, but the implemented mechanism can be bypassed as the result of a separate weakness that is primary to the authentication error.
    Assigned by: security-advisories@github.com (Secondary)
  • The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.
    Assigned by: nvd@nist.gov (Primary)

References for CVE-2022-39245

Products affected by CVE-2022-39245

This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!