CVE-2022-45062Argument Injection in Xfce4-settings

CWE-88Argument Injection5 documents5 sources
Severity
9.8CRITICALNVD
EPSS
3.5%
top 12.28%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Xfce Xfce4-settingsDebian Xfce4-settingsDebian Linux+1 more
Timeline
PublishedNov 9
Latest updateJun 6

Description

In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argument injection vulnerability in xfce4-mime-helper.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages3 packages

NVDxfce/xfce4-settings< 4.16.4+1
debiandebian/xfce4-settings< xfce4-settings 4.16.4-1 (bookworm)
Debianxfce/xfce4-settings< 4.16.0-1+deb11u1+3

Also affects: Debian Linux 11.0, Fedora 37

Patches

Patch: gitlab.xfce.orgPatch: gitlab.xfce.orgPatch: gitlab.xfce.org

🔴Vulnerability Details

2
GHSA
GHSA-5684-vxhc-x77c: In Xfce xfce4-settings before 42022-11-09
OSV
CVE-2022-45062: In Xfce xfce4-settings before 42022-11-09

📋Vendor Advisories

2
Ubuntu
xfce4-settings vulnerability2023-06-06
Debian
CVE-2022-45062: xfce4-settings - In Xfce xfce4-settings before 4.16.4 and 4.17.x before 4.17.1, there is an argum...2022
CVE-2022-45062 — Argument Injection in Xfce4-settings | cvebase