CVE-2022-45062 - OpenCVE

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Debian	Debian Linux
Fedoraproject	Fedora
Xfce	Xfce4-settings

Configuration 1 [-]

OR	cpe:2.3:a:xfce:xfce4-settings::::::::
	cpe:2.3:a:xfce:xfce4-settings:4.17.0:::::::*

Configuration 2 [-]

OR	cpe:2.3:o:debian:debian_linux:11.0:::::::*
	cpe:2.3:o:fedoraproject:fedora:37:::::::*

No data.

References

Link	Providers
https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/
https://security.gentoo.org/glsa/202305-05
https://www.debian.org/security/2022/dsa-5296

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-11-09T00:00:00

Updated: 2024-08-03T14:01:31.477Z

Reserved: 2022-11-09T00:00:00

Link: CVE-2022-45062

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-11-09T07:15:10.130

Modified: 2023-11-07T03:54:30.667

Link: CVE-2022-45062

Redhat

No data.

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-45062", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-08-03T14:01:31.477Z", "dateReserved": "2022-11-09T00:00:00", "datePublished": "2022-11-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-05-03T00:00:00"}, "descriptions": [{"lang": "en", "value": "In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390"}, {"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7"}, {"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110"}, {"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/tags"}, {"name": "DSA-5296", "tags": ["vendor-advisory"], "url": "https://www.debian.org/security/2022/dsa-5296"}, {"name": "FEDORA-2022-7febff96e0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/"}, {"name": "GLSA-202305-05", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202305-05"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T14:01:31.477Z"}, "title": "CVE Program Container", "references": [{"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390", "tags": ["x_transferred"]}, {"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7", "tags": ["x_transferred"]}, {"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110", "tags": ["x_transferred"]}, {"url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/tags", "tags": ["x_transferred"]}, {"name": "DSA-5296", "tags": ["vendor-advisory", "x_transferred"], "url": "https://www.debian.org/security/2022/dsa-5296"}, {"name": "FEDORA-2022-7febff96e0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/"}, {"name": "GLSA-202305-05", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202305-05"}]}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:xfce:xfce4-settings:*:*:*:*:*:*:*:*", "matchCriteriaId": "57E00C48-04B4-4064-B63D-F50CBE892D79", "versionEndExcluding": "4.16.4", "vulnerable": true}, {"criteria": "cpe:2.3:a:xfce:xfce4-settings:4.17.0:*:*:*:*:*:*:*", "matchCriteriaId": "05C26A95-B208-437F-94F3-08DAF10CB551", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper."}, {"lang": "es", "value": "En Xfce xfce4-settings anterior a 4.16.4 y 4.17.x anterior a 4.17.1, existe una vulnerabilidad de inyecci\u00f3n de argumentos en xfce4-mime-helper."}], "id": "CVE-2022-45062", "lastModified": "2023-11-07T03:54:30.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-11-09T07:15:10.130", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://gitlab.xfce.org/xfce/xfce4-settings/-/tags"}, {"source": "cve@mitre.org", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XGTGTTPFHDUB3EZHVKDK4H32QUUYPPFF/"}, {"source": "cve@mitre.org", "url": "https://security.gentoo.org/glsa/202305-05"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.debian.org/security/2022/dsa-5296"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}]}