CVE-2022-45062
Published: 9 November 2022
In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.
Priority
Status
Package | Release | Status |
---|---|---|
xfce4-settings Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
focal |
Not vulnerable
(code not present)
|
|
jammy |
Released
(4.16.2-1ubuntu2.22.04.1)
|
|
kinetic |
Released
(4.16.2-1ubuntu2.22.10.1)
|
|
lunar |
Released
(4.18.0-1ubuntu1)
|
|
trusty |
Ignored
(end of standard support)
|
|
upstream |
Released
(4.16.4,4.17.1)
|
|
xenial |
Not vulnerable
(code not present)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References
- https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390 (not public)
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110 (xfce4-settings-4.17.1)
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7 (xfce4-settings-4.16.4)
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/55e3c5fb667e96ad1412cf249879262b369d28d7
- https://gitlab.xfce.org/xfce/xfce4-settings/-/commit/f34a92a84f96268ad24a7a13fd5edc9f1d526110
- https://gitlab.xfce.org/xfce/xfce4-settings/-/tags
- https://gitlab.xfce.org/xfce/xfce4-settings/-/issues/390
- https://ubuntu.com/security/notices/USN-6141-1
- https://www.cve.org/CVERecord?id=CVE-2022-45062
- NVD
- Launchpad
- Debian