Bug 2215317 (CVE-2022-21235)
| Summary: | CVE-2022-21235 github.com/Masterminds/vcs: Command Injection via argument injection | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Marian Rehak <mrehak> |
| Component: | vulnerability | Assignee: | Nobody <nobody> |
| Status: | NEW --- | QA Contact: | |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | unspecified | CC: | adudiak, ahanwate, amasferr, amctagga, aveerama, chazlett, cwelton, davidn, dfreiber, dhughes, dperaza, dsimansk, eglynn, ellin, epacific, gparvin, jburrell, jcammara, jchui, jhardy, jjoyce, jneedle, jobarker, jschluet, kshier, lball, lgamliel, lhh, mabashia, matzew, mburns, mgarciac, mkudlej, mschuppe, muagarwa, nbecker, njean, osapryki, owatkins, pahickey, pgrist, rdey, rfreiman, rgarg, rhos-maint, rhuss, rogbas, sasakshi, scorneli, shbose, simaishi, skontopo, smcdonal, stcannon, teagle, tfister, tjochec, ubhargav, vkumar, vsroka, yguenane, zsadeh |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | github.com/masterminds/vcs 1.13.3 | Doc Type: | If docs needed, set a value |
| Doc Text: |
A flaw was found in the VCS package, caused by improper validation of user-supplied input. By using a specially-crafted argument, a remote attacker could execute arbitrary commands on the system.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | Type: | --- | |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2215329, 2215332, 2215479, 2215480, 2215481, 2215482, 2215483, 2215484, 2215485, 2215486, 2215487, 2215488, 2215489, 2215490, 2215491, 2215492, 2215493, 2216406, 2217526 | ||
| Bug Blocks: | 2215338 | ||
|
Description
Marian Rehak
2023-06-15 14:09:08 UTC
Created golang-github-Masterminds-vcs tracking bugs for this issue: Affects: epel-7 [bug 2215329] Created glide tracking bugs for this issue: Affects: epel-7 [bug 2215332] This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.11 Via RHSA-2023:4053 https://access.redhat.com/errata/RHSA-2023:4053 The customer has an openshift environment (uses CoreOS and inplace Ceph) and just completed the environment upgrade to 4.10.59. On the standalone servers, the customer is running either RHEL8.8 or RHEL7.9. The customer is impacted by vulnerability `CVE-2022-21235` and this bug .The customer wants to know when this bug will be fixed. Kindly assist. Hi Team, Any timeline when this issue will be fixed? Hi Team, Customer wants to know the timeline for when this issue will be fixed. Kindly assist. Thanks! This issue has been addressed in the following products: Red Hat OpenStack Platform 17.1 Via RHSA-2023:4582 https://access.redhat.com/errata/RHSA-2023:4582 Hi Team, Customer uses CoreOS and in place Ceph) and just completed the environment upgrade to 4.10.59. On the standalone servers, the customer is running either RHEL8.8 or RHEL7.9. The customer is impacted by vulnerability `CVE-2022-21235` and this bug. The customer wants to know when this bug will be fixed. The customer is waiting for the feedback for long time. Please assist. This issue has been addressed in the following products: Red Hat OpenStack Platform 16.2 Via RHSA-2023:4694 https://access.redhat.com/errata/RHSA-2023:4694 |