CVE-2022-39245

Summary

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.

Affected Software

VendorProductVersion RangeStatus
makedebmist< 0.9.5affected

Weaknesses

  • CWE-305: CWE-305: Authentication Bypass by Primary Weakness
  • CWE-287: CWE-287: Improper Authentication

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: total

References