CVE-2022-46334
published 2022-12-21CVE-2022-46334: Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions…
PriorityP341high7.8CVSS 3.1
AVLACLPRLUINSUCHIHAH
EPSS
0.17%
6.1th percentile
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.
Affected
8 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | microsoft_visual_studio_2017_version_15.9 | — | — |
| msrc | microsoft_visual_studio_2019_version_16.11 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.10 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.12 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.14 | — | — |
| msrc | microsoft_visual_studio_2022_version_17.8 | — | — |
| proofpoint | enterprise_protection | <= 8.19.0 | — |
| proofpoint | enterprise_protection | 8.* – 8.19.0 | — |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
vendor_msrc8.6HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-29gp-96hf-p856: Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permis
ghsa_unreviewed·2022-12-21
CVE-2022-46334 [HIGH] CWE-269 GHSA-29gp-96hf-p856: Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permis
Proofpoint Enterprise Protection (PPS/PoD) contains a vulnerability which allows the pps user to escalate to root privileges due to unnecessary permissions. This affects all versions 8.19.0 and below.
Microsoft
GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability
vendor_msrc·2025-07-08·CVSS 8.6
CVE-2025-46334 [HIGH] GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability
GitHub: CVE-2025-46334 Git Malicious Shell Vulnerability
Description: CVE-2025-46334 is regarding a vulnerability in Git GUI (Windows only) where a malicious repository can ship versions of sh.exe or typical textconv filter programs such as astextplain. On Windows, path lookup can find such executables in the worktree. These programs are invoked when the user selects "Git Bash" or "Browse Files" from the menu. GitHub created this CVE on their behalf. The documented Visual Studio updates incorporate updates in GitK which address this vulnerability.
Please see CVE-2025-46334 for more information.
Visual Studio: Visual Studio
GitHub: GitHub
Customer Action Required: Yes
Remediation: Release Notes
Reference: https://my.visualstudio.com/Downloads?q=Visual Studio 2022 version 17.8
Referen
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2022-12-21
Published