Vulnerability-Lookup

RHSA-2023_4582

Vulnerability from csaf_redhat - Published: 2023-08-16 00:19 - Updated: 2024-11-22 23:27

Summary

Red Hat Security Advisory: Release of containers for Red Hat OpenStack Platform 17.1 director Operator

Notes

Topic

Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available.

Details

Release of Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers provides these changes: Security Fix(es): * github.com/Masterminds/vcs: Command Injection via argument injection (CVE-2022-21235) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page listed in the References section.

This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://access.redhat.com/security/updates/classification/",
      "text": "Moderate"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers are now available.",
        "title": "Topic"
      },
      {
        "category": "general",
        "text": "Release of Red Hat OpenStack Platform 17.1 (Wallaby) director Operator containers provides these changes:\n\nSecurity Fix(es):\n\n* github.com/Masterminds/vcs: Command Injection via argument injection (CVE-2022-21235)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage listed in the References section.",
        "title": "Details"
      },
      {
        "category": "legal_disclaimer",
        "text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
        "title": "Terms of Use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://access.redhat.com/security/team/contact/",
      "issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
      "name": "Red Hat Product Security",
      "namespace": "https://www.redhat.com"
    },
    "references": [
      {
        "category": "self",
        "summary": "https://access.redhat.com/errata/RHSA-2023:4582",
        "url": "https://access.redhat.com/errata/RHSA-2023:4582"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/security/updates/classification/#moderate",
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "category": "external",
        "summary": "https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html/release_notes",
        "url": "https://access.redhat.com/documentation/en-us/red_hat_openstack_platform/17.1/html/release_notes"
      },
      {
        "category": "external",
        "summary": "2215019",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215019"
      },
      {
        "category": "external",
        "summary": "2215317",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215317"
      },
      {
        "category": "external",
        "summary": "2218299",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2218299"
      },
      {
        "category": "external",
        "summary": "2221326",
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2221326"
      },
      {
        "category": "external",
        "summary": "OSPK8-701",
        "url": "https://issues.redhat.com/browse/OSPK8-701"
      },
      {
        "category": "self",
        "summary": "Canonical URL",
        "url": "https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4582.json"
      }
    ],
    "title": "Red Hat Security Advisory: Release of containers for Red Hat OpenStack Platform 17.1 director Operator",
    "tracking": {
      "current_release_date": "2024-11-22T23:27:07+00:00",
      "generator": {
        "date": "2024-11-22T23:27:07+00:00",
        "engine": {
          "name": "Red Hat SDEngine",
          "version": "4.2.1"
        }
      },
      "id": "RHSA-2023:4582",
      "initial_release_date": "2023-08-16T00:19:46+00:00",
      "revision_history": [
        {
          "date": "2023-08-16T00:19:46+00:00",
          "number": "1",
          "summary": "Initial version"
        },
        {
          "date": "2023-08-16T00:19:46+00:00",
          "number": "2",
          "summary": "Last updated version"
        },
        {
          "date": "2024-11-22T23:27:07+00:00",
          "number": "3",
          "summary": "Last generated version"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_name",
                "name": "Red Hat OpenStack Platform 17.1",
                "product": {
                  "name": "Red Hat OpenStack Platform 17.1",
                  "product_id": "9Base-RHOS-17.1",
                  "product_identification_helper": {
                    "cpe": "cpe:/a:redhat:openstack:17.1::el9"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "Red Hat OpenStack Platform"
          },
          {
            "branches": [
              {
                "category": "product_version",
                "name": "rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64",
                "product": {
                  "name": "rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64",
                  "product_id": "rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-agent\u0026tag=1.3.1-10"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64",
                "product": {
                  "name": "rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64",
                  "product_id": "rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-downloader\u0026tag=1.3.1-8"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64",
                "product": {
                  "name": "rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64",
                  "product_id": "rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-operator-bundle\u0026tag=1.3.1-14"
                  }
                }
              },
              {
                "category": "product_version",
                "name": "rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64",
                "product": {
                  "name": "rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64",
                  "product_id": "rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64",
                  "product_identification_helper": {
                    "purl": "pkg:oci/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2?arch=amd64\u0026repository_url=registry.redhat.io/rhosp-rhel9/osp-director-operator\u0026tag=1.3.1-10"
                  }
                }
              }
            ],
            "category": "architecture",
            "name": "amd64"
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64"
        },
        "product_reference": "rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64",
        "relates_to_product_reference": "9Base-RHOS-17.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64"
        },
        "product_reference": "rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64",
        "relates_to_product_reference": "9Base-RHOS-17.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64"
        },
        "product_reference": "rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64",
        "relates_to_product_reference": "9Base-RHOS-17.1"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64 as a component of Red Hat OpenStack Platform 17.1",
          "product_id": "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64"
        },
        "product_reference": "rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64",
        "relates_to_product_reference": "9Base-RHOS-17.1"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2022-21235",
      "cwe": {
        "id": "CWE-88",
        "name": "Improper Neutralization of Argument Delimiters in a Command (\u0027Argument Injection\u0027)"
      },
      "discovery_date": "2023-06-15T00:00:00+00:00",
      "flags": [
        {
          "label": "vulnerable_code_not_present",
          "product_ids": [
            "9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64",
            "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64",
            "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64"
          ]
        }
      ],
      "ids": [
        {
          "system_name": "Red Hat Bugzilla ID",
          "text": "2215317"
        }
      ],
      "notes": [
        {
          "category": "description",
          "text": "A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands on the system.",
          "title": "Vulnerability description"
        },
        {
          "category": "summary",
          "text": "github.com/Masterminds/vcs: Command Injection via argument injection",
          "title": "Vulnerability summary"
        },
        {
          "category": "other",
          "text": "In Red Hat OpenStack, the \u0027github.com/Masterminds/vcs\u0027 is a transitive dependency and is not used by operators directly which reduces the chances for successful exploitation. Hence, the impact for OpenStack is reduced to moderate.",
          "title": "Statement"
        },
        {
          "category": "general",
          "text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
          "title": "CVSS score applicability"
        }
      ],
      "product_status": {
        "fixed": [
          "9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64"
        ],
        "known_not_affected": [
          "9Base-RHOS-17.1:rhosp-rhel9/osp-director-downloader@sha256:61159eadd71ed20f274f22007347860a5569db386e8c70da6cb4cbcaf3a4bc59_amd64",
          "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator-bundle@sha256:c41549c229cb7af7034a0711f715be1b75695830cdcf7c524230508a5f938717_amd64",
          "9Base-RHOS-17.1:rhosp-rhel9/osp-director-operator@sha256:af6ac5429c7243d9faf4e13b6c337b2e8beb17adc7c44beaac74787c3b71ebf2_amd64"
        ]
      },
      "references": [
        {
          "category": "self",
          "summary": "Canonical URL",
          "url": "https://access.redhat.com/security/cve/CVE-2022-21235"
        },
        {
          "category": "external",
          "summary": "RHBZ#2215317",
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2215317"
        },
        {
          "category": "external",
          "summary": "https://www.cve.org/CVERecord?id=CVE-2022-21235",
          "url": "https://www.cve.org/CVERecord?id=CVE-2022-21235"
        },
        {
          "category": "external",
          "summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-21235",
          "url": "https://nvd.nist.gov/vuln/detail/CVE-2022-21235"
        },
        {
          "category": "external",
          "summary": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078",
          "url": "https://security.snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078"
        }
      ],
      "release_date": "2023-04-01T00:00:00+00:00",
      "remediations": [
        {
          "category": "vendor_fix",
          "date": "2023-08-16T00:19:46+00:00",
          "details": "Before applying this update, make sure all previously released errata\nrelevant to your system have been applied.\n\nFor details on how to apply this update, refer to:\n\nhttps://access.redhat.com/articles/11258",
          "product_ids": [
            "9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64"
          ],
          "restart_required": {
            "category": "none"
          },
          "url": "https://access.redhat.com/errata/RHSA-2023:4582"
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 9.8,
            "baseSeverity": "CRITICAL",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "products": [
            "9Base-RHOS-17.1:rhosp-rhel9/osp-director-agent@sha256:197160a2e744eb53a6e152407c825cc3e2a88830a4feba01aabbd11d9b16e404_amd64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "details": "Moderate"
        }
      ],
      "title": "github.com/Masterminds/vcs: Command Injection via argument injection"
    }
  ]
}

CVE-2022-21235 (GCVE-0-2022-21235)

Vulnerability from cvelistv5 – Published: 2022-04-01 15:55 – Updated: 2024-09-17 00:20

Title

Command Injection

Summary

The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection.

Severity ?

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE

Command Injection

Assigner

snyk

References

URL

Tags

	https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERM…	x_refsource_MISC
	https://github.com/Masterminds/vcs/pull/105	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	github.com/Masterminds/vcs	Affected: unspecified , < 1.13.3 (custom)

Credits

Alessio Della Libera of Snyk Research Team

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T02:31:59.297Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/Masterminds/vcs/pull/105"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "github.com/Masterminds/vcs",
          "vendor": "n/a",
          "versions": [
            {
              "lessThan": "1.13.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "value": "Alessio Della Libera of Snyk Research Team"
        }
      ],
      "datePublic": "2022-04-01T00:00:00",
      "descriptions": [
        {
          "lang": "en",
          "value": "The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Command Injection",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-04-01T15:55:10",
        "orgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
        "shortName": "snyk"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/Masterminds/vcs/pull/105"
        }
      ],
      "title": "Command Injection",
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "report@snyk.io",
          "DATE_PUBLIC": "2022-04-01T15:51:13.303575Z",
          "ID": "CVE-2022-21235",
          "STATE": "PUBLIC",
          "TITLE": "Command Injection"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "github.com/Masterminds/vcs",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "1.13.3"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "credit": [
          {
            "lang": "eng",
            "value": "Alessio Della Libera of Snyk Research Team"
          }
        ],
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The package github.com/masterminds/vcs before 1.13.3 are vulnerable to Command Injection via argument injection. When hg is executed, argument strings are passed to hg in a way that additional flags can be set. The additional flags can be used to perform a command injection."
            }
          ]
        },
        "impact": {
          "cvss": {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Command Injection"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078",
              "refsource": "MISC",
              "url": "https://snyk.io/vuln/SNYK-GOLANG-GITHUBCOMMASTERMINDSVCS-2437078"
            },
            {
              "name": "https://github.com/Masterminds/vcs/pull/105",
              "refsource": "MISC",
              "url": "https://github.com/Masterminds/vcs/pull/105"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "bae035ff-b466-4ff4-94d0-fc9efd9e1730",
    "assignerShortName": "snyk",
    "cveId": "CVE-2022-21235",
    "datePublished": "2022-04-01T15:55:10.738304Z",
    "dateReserved": "2022-02-24T00:00:00",
    "dateUpdated": "2024-09-17T00:20:56.794Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

RHSA-2023_4582

CVE-2022-21235 (GCVE-0-2022-21235)

Tags

Sightings

Nomenclature