Home > Vulnerability Database > CVE-2022-39245

Mend.io Vulnerability Database

CVE-2022-39245

Date: September 26, 2022

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided "sudo" binary via the "PATH" variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.

Language: RUST

Severity Score

8.4

Related Resources (5)

Url: https://github.com/makedeb/mist/releases/tag/v0.9.5

Url: https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67

Url: https://nvd.nist.gov/vuln/detail/CVE-2022-39245

Url: https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6

Url: https://www.mend.io/vulnerability-database/CVE-2022-39245

Severity Score

8.4

Weakness Type (CWE)

Improper Authentication

CWE-287

Improper Neutralization of Special Elements used in a Command ('Command Injection')

CWE-77

Untrusted Search Path

CWE-426

Authentication Bypass by Primary Weakness

CWE-305

CVSS v3.1

Base Score:	8.4
Attack Vector (AV):	LOCAL
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2022-39245

Date: September 26, 2022

Language: RUST

Severity Score

Related Resources (5)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?