CVE-2022-48624 - OpenCVE

close_altfile in filename.c in less before 606 omits shell_quote calls for LESSCLOSE.

No CVSS v4.0

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Redhat	Enterprise Linux Logging Rhel Eus

No data.

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
less-0:530-2.el8_9	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:1610	2024-04-02T00:00:00Z
less-0:530-3.el8_10	cpe:/o:redhat:enterprise_linux:8	RHSA-2024:4256	2024-07-02T00:00:00Z
Red Hat Enterprise Linux 8.6 Extended Update Support
less-0:530-2.el8_6	cpe:/o:redhat:rhel_eus:8.6	RHSA-2024:1989	2024-04-23T00:00:00Z
Red Hat Enterprise Linux 8.8 Extended Update Support
less-0:530-2.el8_8	cpe:/o:redhat:rhel_eus:8.8	RHSA-2024:1875	2024-04-18T00:00:00Z
Red Hat Enterprise Linux 9
less-0:590-3.el9_3	cpe:/o:redhat:enterprise_linux:9	RHSA-2024:1692	2024-04-08T00:00:00Z
RHOL-5.6-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.6.18-16	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.6.18-7	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-409	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.6.18-16	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-481	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.6.18-7	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-246	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-216	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-430	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-226	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-472	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-16	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.6.18-3	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.6.18-30	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.6.18-12	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-528	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-226	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.21.0-127	cpe:/a:redhat:logging:5.6::el8	RHSA-2024:2092	2024-05-01T00:00:00Z
RHOL-5.7-RHEL-8
openshift-logging/cluster-logging-operator-bundle:v5.7.13-16	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/cluster-logging-rhel8-operator:v5.7.13-7	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch6-rhel8:v6.8.1-408	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-operator-bundle:v5.7.13-19	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-proxy-rhel8:v1.0.0-480	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/elasticsearch-rhel8-operator:v5.7.13-9	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/eventrouter-rhel8:v0.4.0-248	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/fluentd-rhel8:v1.14.6-215	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/kibana6-rhel8:v6.8.1-431	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/log-file-metric-exporter-rhel8:v1.1.0-228	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-curator5-rhel8:v5.8.1-471	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-loki-rhel8:v2.9.6-15	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/logging-view-plugin-rhel8:v5.7.13-3	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/loki-operator-bundle:v5.7.13-27	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/loki-rhel8-operator:v5.7.13-12	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/lokistack-gateway-rhel8:v0.1.0-527	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/opa-openshift-rhel8:v0.1.0-225	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z
openshift-logging/vector-rhel8:v0.28.1-57	cpe:/a:redhat:logging:5.7::el8	RHSA-2024:2093	2024-05-01T00:00:00Z

References

Link	Providers
https://github.com/gwsw/less/commit/c6ac6de49698be84d264a0c4c0c40bb870b10144
https://github.com/gwsw/less/compare/v605...v606
https://greenwoodsoftware.com/less/
https://lists.debian.org/debian-lts-announce/2024/05/msg00018.html
https://nvd.nist.gov/vuln/detail/CVE-2022-48624
https://security.netapp.com/advisory/ntap-20240605-0010/
https://www.cve.org/CVERecord?id=CVE-2022-48624

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2024-02-19T00:00:00

Updated: 2024-08-03T15:17:55.391Z

Reserved: 2024-02-19T00:00:00

Link: CVE-2022-48624

Vulnrichment

Updated: 2024-08-03T15:17:55.391Z

NVD

Status : Awaiting Analysis

Published: 2024-02-19T01:15:48.643

Modified: 2024-06-10T18:15:19.857

Link: CVE-2022-48624

Redhat

Severity : Moderate

Publid Date: 2024-02-19T00:00:00Z

Links: CVE-2022-48624 - Bugzilla

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

Metrics

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object