CVE-2022-29215 - OpenCVE

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Regionprotect Project	Regionprotect

Configuration 1 [-]

cpe:2.3:a:regionprotect_project:regionprotect:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d	Patch Third Party Advisory
https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-05-21T00:05:10

Updated: 2022-05-21T00:05:10

Reserved: 2022-04-13T00:00:00

Link: CVE-2022-29215

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-05-21T00:15:11.917

Modified: 2022-06-07T02:18:18.850

Link: CVE-2022-29215

JSON object: View

Redhat Information

No data.

CWE

CWE-88

{"containers": {"cna": {"affected": [{"product": "RegionProtect", "vendor": "kaidomc-pm-pl", "versions": [{"status": "affected", "version": "< 1.1.0"}]}], "descriptions": [{"lang": "en", "value": "RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-21T00:05:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d"}], "source": {"advisory": "GHSA-7gr2-w2r3-r9vf", "discovery": "UNKNOWN"}, "title": "Argument Injection in RegionProtect", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29215", "STATE": "PUBLIC", "TITLE": "Argument Injection in RegionProtect"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RegionProtect", "version": {"version_data": [{"version_value": "< 1.1.0"}]}}]}, "vendor_name": "kaidomc-pm-pl"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf", "refsource": "CONFIRM", "url": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf"}, {"name": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d", "refsource": "MISC", "url": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d"}]}, "source": {"advisory": "GHSA-7gr2-w2r3-r9vf", "discovery": "UNKNOWN"}}}}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29215", "datePublished": "2022-05-21T00:05:10", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2022-05-21T00:05:10", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:regionprotect_project:regionprotect:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BDBEA71-B6CE-42BB-902A-797957622530", "versionEndExcluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash."}, {"lang": "es", "value": "RegionProtect es un plugin que permite a usuarios administrar determinados eventos en determinadas regiones del mundo. Las versiones anteriores a 1.1.0 contienen una vulnerabilidad de inyecci\u00f3n de YAML que puede causar un bloqueo instant\u00e1neo del servidor si los argumentos pasados no coinciden. La versi\u00f3n 1.1.0 contiene un parche para este problema. Como mitigaci\u00f3n, restrinja los permisos de los operadores a personas que no sean confiables y evite introducir argumentos que puedan causar un bloqueo"}], "id": "CVE-2022-29215", "lastModified": "2022-06-07T02:18:18.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-05-21T00:15:11.917", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-88"}], "source": "security-advisories@github.com", "type": "Secondary"}]}