CVE-2022-29215 - OpenCVE

RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:L/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Regionprotect Project	Regionprotect

Configuration 1 [-]

cpe:2.3:a:regionprotect_project:regionprotect:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d
https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf

History

No history.

MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2022-05-21T00:05:10

Updated: 2024-08-03T06:17:54.046Z

Reserved: 2022-04-13T00:00:00

Link: CVE-2022-29215

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2022-05-21T00:15:11.917

Modified: 2022-06-07T02:18:18.850

Link: CVE-2022-29215

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "RegionProtect", "vendor": "kaidomc-pm-pl", "versions": [{"status": "affected", "version": "< 1.1.0"}]}], "descriptions": [{"lang": "en", "value": "RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-88", "description": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-05-21T00:05:10", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d"}], "source": {"advisory": "GHSA-7gr2-w2r3-r9vf", "discovery": "UNKNOWN"}, "title": "Argument Injection in RegionProtect", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2022-29215", "STATE": "PUBLIC", "TITLE": "Argument Injection in RegionProtect"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "RegionProtect", "version": {"version_data": [{"version_value": "< 1.1.0"}]}}]}, "vendor_name": "kaidomc-pm-pl"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-88: Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}]}, "references": {"reference_data": [{"name": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf", "refsource": "CONFIRM", "url": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf"}, {"name": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d", "refsource": "MISC", "url": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d"}]}, "source": {"advisory": "GHSA-7gr2-w2r3-r9vf", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:17:54.046Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2022-29215", "datePublished": "2022-05-21T00:05:10", "dateReserved": "2022-04-13T00:00:00", "dateUpdated": "2024-08-03T06:17:54.046Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:regionprotect_project:regionprotect:*:*:*:*:*:*:*:*", "matchCriteriaId": "8BDBEA71-B6CE-42BB-902A-797957622530", "versionEndExcluding": "1.1.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "RegionProtect is a plugin that allows users to manage certain events in certain regions of the world. Versions prior to 1.1.0 contain a YAML injection vulnerability that can cause an instant server crash if the passed arguments are not matched. Version 1.1.0 contains a patch for this issue. As a workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash."}, {"lang": "es", "value": "RegionProtect es un plugin que permite a usuarios administrar determinados eventos en determinadas regiones del mundo. Las versiones anteriores a 1.1.0 contienen una vulnerabilidad de inyecci\u00f3n de YAML que puede causar un bloqueo instant\u00e1neo del servidor si los argumentos pasados no coinciden. La versi\u00f3n 1.1.0 contiene un parche para este problema. Como mitigaci\u00f3n, restrinja los permisos de los operadores a personas que no sean confiables y evite introducir argumentos que puedan causar un bloqueo"}], "id": "CVE-2022-29215", "lastModified": "2022-06-07T02:18:18.850", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.0, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2022-05-21T00:15:11.917", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/commit/0060d421358ab59acb6a168eab0d11c43d2d105d"}, {"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/kaidomc-pm-pl/RegionProtect/security/advisories/GHSA-7gr2-w2r3-r9vf"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-88"}], "source": "security-advisories@github.com", "type": "Secondary"}]}