CVE-2022-41158 - OpenCVE

Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

Vendors & Products
CPE Configurations

Vendors	Products
Linux	Linux Kernel
Eyoom	Eyoom Builder

Configuration 1 [-]

AND

cpe:2.3:a:eyoom:eyoom_builder:*:*:*:*:*:*:*:*

cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*

References

Link	Resource
https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67043	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: krcert

Published: 2022-11-25T00:00:00

Updated: 2022-11-25T00:00:00

Reserved: 2022-09-20T00:00:00

Link: CVE-2022-41158

JSON object: View

NVD Information

Status : Analyzed

Published: 2022-11-25T19:15:11.867

Modified: 2023-06-27T14:58:35.293

Link: CVE-2022-41158

JSON object: View

Redhat Information

No data.

CWE

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:eyoom:eyoom_builder:*:*:*:*:*:*:*:*", "matchCriteriaId": "3B959942-7E4B-499D-A7C6-33F42214A8AB", "versionEndIncluding": "4.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*", "matchCriteriaId": "703AF700-7A70-47E2-BC3A-7FD03B3CA9C1", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "descriptions": [{"lang": "en", "value": "Remote code execution vulnerability can be achieved by using cookie values as paths to a file by this builder program. A remote attacker could exploit the vulnerability to execute or inject malicious code."}, {"lang": "es", "value": "La vulnerabilidad de ejecuci\u00f3n remota de c\u00f3digo se puede lograr utilizando valores de cookies como rutas a un archivo mediante este programa de creaci\u00f3n. Un atacante remoto podr\u00eda aprovechar la vulnerabilidad para ejecutar o inyectar c\u00f3digo malicioso."}], "id": "CVE-2022-41158", "lastModified": "2023-06-27T14:58:35.293", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "vuln@krcert.or.kr", "type": "Secondary"}]}, "published": "2022-11-25T19:15:11.867", "references": [{"source": "vuln@krcert.or.kr", "tags": ["Third Party Advisory", "VDB Entry"], "url": "https://www.krcert.or.kr/krcert/secNoticeView.do?bulletin_writing_sequence=67043"}], "sourceIdentifier": "vuln@krcert.or.kr", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-94"}], "source": "vuln@krcert.or.kr", "type": "Secondary"}]}