Rapid7 Vulnerability & Exploit Database

SUSE: CVE-2022-29599: SUSE Linux Security Advisory

Free InsightVM Trial No Credit Card Necessary
2024 Attack Intel Report Latest research by Rapid7 Labs
Back to Search

SUSE: CVE-2022-29599: SUSE Linux Security Advisory

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:P/I:P/A:P)
Published
05/23/2022
Created
03/22/2023
Added
03/20/2023
Modified
03/20/2023

Description

In Apache Maven maven-shared-utils prior to version 3.3.3, the Commandline class can emit double-quoted strings without proper escaping, allowing shell injection attacks.

Solution(s)

  • suse-upgrade-antlr4-maven-plugin
  • suse-upgrade-bnd-maven-plugin
  • suse-upgrade-bnd-maven-plugin-javadoc
  • suse-upgrade-exec-maven-plugin
  • suse-upgrade-exec-maven-plugin-javadoc
  • suse-upgrade-gmavenplus-plugin
  • suse-upgrade-gmavenplus-plugin-javadoc
  • suse-upgrade-hawtjni-maven-plugin
  • suse-upgrade-hawtjni-maven-plugin-javadoc
  • suse-upgrade-javacc-maven-plugin
  • suse-upgrade-javacc-maven-plugin-javadoc
  • suse-upgrade-maven
  • suse-upgrade-maven-antrun-plugin
  • suse-upgrade-maven-antrun-plugin-javadoc
  • suse-upgrade-maven-archiver
  • suse-upgrade-maven-archiver-javadoc
  • suse-upgrade-maven-artifact
  • suse-upgrade-maven-artifact-manager
  • suse-upgrade-maven-artifact-resolver
  • suse-upgrade-maven-artifact-resolver-javadoc
  • suse-upgrade-maven-artifact-transfer
  • suse-upgrade-maven-artifact-transfer-javadoc
  • suse-upgrade-maven-assembly-plugin
  • suse-upgrade-maven-assembly-plugin-javadoc
  • suse-upgrade-maven-clean-plugin
  • suse-upgrade-maven-clean-plugin-javadoc
  • suse-upgrade-maven-common-artifact-filters
  • suse-upgrade-maven-common-artifact-filters-javadoc
  • suse-upgrade-maven-compiler-plugin
  • suse-upgrade-maven-compiler-plugin-bootstrap
  • suse-upgrade-maven-compiler-plugin-javadoc
  • suse-upgrade-maven-dependency-analyzer
  • suse-upgrade-maven-dependency-analyzer-javadoc
  • suse-upgrade-maven-dependency-plugin
  • suse-upgrade-maven-dependency-plugin-javadoc
  • suse-upgrade-maven-dependency-tree
  • suse-upgrade-maven-dependency-tree-javadoc
  • suse-upgrade-maven-doxia-core
  • suse-upgrade-maven-doxia-javadoc
  • suse-upgrade-maven-doxia-logging-api
  • suse-upgrade-maven-doxia-module-apt
  • suse-upgrade-maven-doxia-module-confluence
  • suse-upgrade-maven-doxia-module-docbook-simple
  • suse-upgrade-maven-doxia-module-fml
  • suse-upgrade-maven-doxia-module-fo
  • suse-upgrade-maven-doxia-module-latex
  • suse-upgrade-maven-doxia-module-rtf
  • suse-upgrade-maven-doxia-module-twiki
  • suse-upgrade-maven-doxia-module-xdoc
  • suse-upgrade-maven-doxia-module-xhtml
  • suse-upgrade-maven-doxia-module-xhtml5
  • suse-upgrade-maven-doxia-sink-api
  • suse-upgrade-maven-doxia-sitetools
  • suse-upgrade-maven-doxia-sitetools-javadoc
  • suse-upgrade-maven-doxia-test-docs
  • suse-upgrade-maven-enforcer
  • suse-upgrade-maven-enforcer-api
  • suse-upgrade-maven-enforcer-javadoc
  • suse-upgrade-maven-enforcer-plugin
  • suse-upgrade-maven-enforcer-rules
  • suse-upgrade-maven-failsafe-plugin
  • suse-upgrade-maven-failsafe-plugin-bootstrap
  • suse-upgrade-maven-file-management
  • suse-upgrade-maven-file-management-javadoc
  • suse-upgrade-maven-filtering
  • suse-upgrade-maven-filtering-javadoc
  • suse-upgrade-maven-install-plugin
  • suse-upgrade-maven-install-plugin-javadoc
  • suse-upgrade-maven-invoker
  • suse-upgrade-maven-invoker-javadoc
  • suse-upgrade-maven-jar-plugin
  • suse-upgrade-maven-jar-plugin-bootstrap
  • suse-upgrade-maven-jar-plugin-javadoc
  • suse-upgrade-maven-javadoc
  • suse-upgrade-maven-javadoc-plugin
  • suse-upgrade-maven-javadoc-plugin-bootstrap
  • suse-upgrade-maven-javadoc-plugin-javadoc
  • suse-upgrade-maven-lib
  • suse-upgrade-maven-local
  • suse-upgrade-maven-mapping
  • suse-upgrade-maven-mapping-javadoc
  • suse-upgrade-maven-model
  • suse-upgrade-maven-monitor
  • suse-upgrade-maven-plugin-annotations
  • suse-upgrade-maven-plugin-build-helper
  • suse-upgrade-maven-plugin-build-helper-javadoc
  • suse-upgrade-maven-plugin-bundle
  • suse-upgrade-maven-plugin-bundle-javadoc
  • suse-upgrade-maven-plugin-descriptor
  • suse-upgrade-maven-plugin-plugin
  • suse-upgrade-maven-plugin-plugin-bootstrap
  • suse-upgrade-maven-plugin-plugin-javadoc
  • suse-upgrade-maven-plugin-registry
  • suse-upgrade-maven-plugin-testing
  • suse-upgrade-maven-plugin-testing-harness
  • suse-upgrade-maven-plugin-testing-javadoc
  • suse-upgrade-maven-plugin-testing-tools
  • suse-upgrade-maven-plugin-tools-annotations
  • suse-upgrade-maven-plugin-tools-ant
  • suse-upgrade-maven-plugin-tools-api
  • suse-upgrade-maven-plugin-tools-beanshell
  • suse-upgrade-maven-plugin-tools-generators
  • suse-upgrade-maven-plugin-tools-java
  • suse-upgrade-maven-plugin-tools-javadoc
  • suse-upgrade-maven-plugin-tools-model
  • suse-upgrade-maven-profile
  • suse-upgrade-maven-project
  • suse-upgrade-maven-remote-resources-plugin
  • suse-upgrade-maven-remote-resources-plugin-javadoc
  • suse-upgrade-maven-reporting-api
  • suse-upgrade-maven-reporting-api-javadoc
  • suse-upgrade-maven-resolver
  • suse-upgrade-maven-resolver-api
  • suse-upgrade-maven-resolver-connector-basic
  • suse-upgrade-maven-resolver-impl
  • suse-upgrade-maven-resolver-javadoc
  • suse-upgrade-maven-resolver-named-locks
  • suse-upgrade-maven-resolver-spi
  • suse-upgrade-maven-resolver-test-util
  • suse-upgrade-maven-resolver-transport-classpath
  • suse-upgrade-maven-resolver-transport-file
  • suse-upgrade-maven-resolver-transport-http
  • suse-upgrade-maven-resolver-transport-wagon
  • suse-upgrade-maven-resolver-util
  • suse-upgrade-maven-resources-plugin
  • suse-upgrade-maven-resources-plugin-bootstrap
  • suse-upgrade-maven-resources-plugin-javadoc
  • suse-upgrade-maven-script-ant
  • suse-upgrade-maven-script-beanshell
  • suse-upgrade-maven-settings
  • suse-upgrade-maven-shared-incremental
  • suse-upgrade-maven-shared-incremental-javadoc
  • suse-upgrade-maven-shared-io
  • suse-upgrade-maven-shared-io-javadoc
  • suse-upgrade-maven-shared-utils
  • suse-upgrade-maven-shared-utils-javadoc
  • suse-upgrade-maven-source-plugin
  • suse-upgrade-maven-source-plugin-javadoc
  • suse-upgrade-maven-surefire
  • suse-upgrade-maven-surefire-javadoc
  • suse-upgrade-maven-surefire-plugin
  • suse-upgrade-maven-surefire-plugin-bootstrap
  • suse-upgrade-maven-surefire-plugins-javadoc
  • suse-upgrade-maven-surefire-provider-junit
  • suse-upgrade-maven-surefire-provider-junit5
  • suse-upgrade-maven-surefire-provider-junit5-javadoc
  • suse-upgrade-maven-surefire-provider-testng
  • suse-upgrade-maven-surefire-report-parser
  • suse-upgrade-maven-surefire-report-plugin
  • suse-upgrade-maven-surefire-report-plugin-bootstrap
  • suse-upgrade-maven-test-tools
  • suse-upgrade-maven-toolchain
  • suse-upgrade-maven-verifier
  • suse-upgrade-maven-verifier-javadoc
  • suse-upgrade-maven-wagon-file
  • suse-upgrade-maven-wagon-ftp
  • suse-upgrade-maven-wagon-http
  • suse-upgrade-maven-wagon-http-lightweight
  • suse-upgrade-maven-wagon-http-shared
  • suse-upgrade-maven-wagon-javadoc
  • suse-upgrade-maven-wagon-provider-api
  • suse-upgrade-maven-wagon-ssh
  • suse-upgrade-maven-wagon-ssh-common
  • suse-upgrade-maven-wagon-ssh-external
  • suse-upgrade-maven2-javadoc
  • suse-upgrade-modello-maven-plugin
  • suse-upgrade-modello-maven-plugin-javadoc
  • suse-upgrade-os-maven-plugin
  • suse-upgrade-os-maven-plugin-javadoc
  • suse-upgrade-paranamer-maven-plugin
  • suse-upgrade-spec-version-maven-plugin
  • suse-upgrade-spec-version-maven-plugin-javadoc
  • suse-upgrade-string-template-maven-plugin
  • suse-upgrade-string-template-maven-plugin-javadoc
  • suse-upgrade-tesla-polyglot-maven-plugin
  • suse-upgrade-xml-maven-plugin
  • suse-upgrade-xml-maven-plugin-javadoc

With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.

– Scott Cheney, Manager of Information Security, Sierra View Medical Center

;