vulnerability
CentOS Linux: CVE-2022-24439: Important: Satellite 6.13.5 Async Security Update (CESA-2023:5931)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 10 | (AV:N/AC:L/Au:N/C:C/I:C/A:C) | 2022-12-06 | 2023-11-01 | 2025-01-28 |
Severity
10
CVSS
(AV:N/AC:L/Au:N/C:C/I:C/A:C)
Published
2022-12-06
Added
2023-11-01
Modified
2025-01-28
Description
All versions of package gitpython are vulnerable to Remote Code Execution (RCE) due to improper user input validation, which makes it possible to inject a maliciously crafted remote URL into the clone command. Exploiting this vulnerability is possible because the library makes external calls to git without sufficient sanitization of input arguments.
Solution(s)
centos-upgrade-foreman-clicentos-upgrade-rubygem-foreman_maintaincentos-upgrade-satellite-cli
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.