shelljs is vulnerable to improper pPrivilege management. Reference: https://huntr.dev/bounties/50996581-c08e-4eed-a90e-c0bac082679c Upstream patch: https://github.com/shelljs/shelljs/commit/d919d22dd6de385edaa9d90313075a77f74b338c
Created nodejs-shelljs tracking bugs for this issue: Affects: epel-7 [bug 2043536]
Marking services-rhcert affected/delegated. Affected code present in manifest, but use of affected function not found in cursory review of source.
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 7 Red Hat Advanced Cluster Management for Kubernetes 2.3 for RHEL 8 Via RHSA-2022:1083 https://access.redhat.com/errata/RHSA-2022:1083
This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.4 for RHEL 8 Via RHSA-2022:1476 https://access.redhat.com/errata/RHSA-2022:1476
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2022-0144