{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-30123", "assignerOrgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "assignerShortName": "hackerone", "dateUpdated": "2024-08-03T06:40:47.582Z", "dateReserved": "2022-05-02T00:00:00", "datePublished": "2022-12-05T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "36234546-b8fa-4601-9d6f-f4e334aa8ea1", "shortName": "hackerone", "dateUpdated": "2023-12-08T22:06:15.677017"}, "descriptions": [{"lang": "en", "value": "A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack."}], "affected": [{"vendor": "n/a", "product": "https://github.com/rack/rack", "versions": [{"version": "2.0.9.1, 2.1.4.1, 2.2.3.1", "status": "affected"}]}], "references": [{"url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728"}, {"name": "DSA-5530", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2023/dsa-5530"}, {"name": "GLSA-202310-18", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202310-18"}, {"url": "https://security.netapp.com/advisory/ntap-20231208-0011/"}], "problemTypes": [{"descriptions": [{"type": "CWE", "lang": "en", "description": "Improper Neutralization of Escape, Meta, or Control Sequences (CWE-150)", "cweId": "CWE-150"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T06:40:47.582Z"}, "title": "CVE Program Container", "references": [{"url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728", "tags": ["x_transferred"]}, {"name": "DSA-5530", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2023/dsa-5530"}, {"name": "GLSA-202310-18", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202310-18"}, {"url": "https://security.netapp.com/advisory/ntap-20231208-0011/", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "matchCriteriaId": "47D52179-BB26-40C6-95F0-4466A962CF91", "versionEndExcluding": "2.0.9.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "matchCriteriaId": "32E774AF-E7BB-45EB-B5E4-66F8F5D36285", "versionEndExcluding": "2.1.4.1", "versionStartIncluding": "2.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:rack_project:rack:*:*:*:*:*:*:*:*", "matchCriteriaId": "6145EE1D-85D5-4744-BA51-88EC52FF2891", "versionEndExcluding": "2.2.3.1", "versionStartIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack."}, {"lang": "es", "value": "Existe una vulnerabilidad de inyecci\u00f3n de secuencia en Rack &lt;2.0.9.1, &lt;2.1.4.1 y &lt;2.2.3.1 que podr\u00eda permitir un posible escape de shell en los componentes Lint y CommonLogger de Rack."}], "id": "CVE-2022-30123", "lastModified": "2023-12-08T22:15:07.257", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 6.0, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-12-05T22:15:10.280", "references": [{"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://discuss.rubyonrails.org/t/cve-2022-30123-possible-shell-escape-sequence-injection-vulnerability-in-rack/80728"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202310-18"}, {"source": "support@hackerone.com", "url": "https://security.netapp.com/advisory/ntap-20231208-0011/"}, {"source": "support@hackerone.com", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2023/dsa-5530"}], "sourceIdentifier": "support@hackerone.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-150"}], "source": "support@hackerone.com", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0632", "cpe": "cpe:/a:redhat:logging:5.4::el8", "impact": "moderate", "package": "openshift-logging/fluentd-rhel8:v1.14.5-51", "product_name": "Logging subsystem for Red Hat OpenShift 5.4", "release_date": "2023-02-15T00:00:00Z"}, {"advisory": "RHSA-2022:7343", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "pcs-0:0.9.169-3.el7_9.3", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2023:1486", "cpe": "cpe:/a:redhat:storage:3.5:wa:el7", "package": "rubygem-rack-0:2.2.4-1.el7rhgs", "product_name": "Red Hat Gluster Storage 3.5 for RHEL 7", "release_date": "2023-03-28T00:00:00Z"}], "bugzilla": {"description": "rubygem-rack: crafted requests can cause shell escape sequences", "id": "2099524", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2099524"}, "csaw": false, "cvss3": {"cvss3_base_score": "10.0", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-179", "details": ["A sequence injection vulnerability exists in Rack <2.0.9.1, <2.1.4.1 and <2.2.3.1 which could allow is a possible shell escape in the Lint and CommonLogger components of Rack.", "A flaw was found in ruby gem-rack. This flaw allows a malicious actor to craft requests that can cause shell escape sequences to be written to the terminal via rack's `Lint` middleware and `CommonLogger` middleware. This issue can leverage these escape sequences to execute commands in the victim's terminal."], "name": "CVE-2022-30123", "package_state": [{"cpe": "cpe:/a:redhat:openstack-optools:13", "fix_state": "Will not fix", "impact": "low", "package_name": "rubygem-rack", "product_name": "Red Hat OpenStack Platform 13 (Queens) Operational Tools"}, {"cpe": "cpe:/a:redhat:satellite:6", "fix_state": "Affected", "package_name": "rubygem-rack", "product_name": "Red Hat Satellite 6"}], "public_date": "2022-05-27T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-30123\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-30123\nhttps://github.com/advisories/GHSA-wq4h-7r42-5hrr"], "statement": "- Because Red Hat OpenStack Platform 13.0 Operational Tools packaged the flawed code, but does not use its functionality, its Impact has been reduced to 'Low'.\n- To exploit this vulnerability, applications should have either of these middlewares 'Lint' or 'CommonLogger' installed, and vulnerable apps may have something like this: \n'use Rack::Lint' OR 'use Rack::CommonLogger'\nThe Red Hat products use the flawed code but don't use its functionality, Hence, the impact is set to Important.\n- Logging Subsystem for Red Hat OpenShift uses the vulnerable ruby gem-rack package in the openshift-logging/fluentd-rhel8 component to instantiate client-to-server communication. But, this component cannot receive any requests so exploitation by crafted request consumption is not possible. Therefore the impact of this vulnerability on the Logging Subsystem for Red Hat OpenShift is reduced to Moderate.", "threat_severity": "Important", "upstream_fix": "rubygem-rack 2.0.9.1, rubygem-rack 2.1.4.1, rubygem-rack 2.2.3.1"}