Vulnerability Name:

CVE-2022-25255 (CCN-219786)

Assigned:2022-02-09
Published:2022-02-09
Updated:2022-02-28
Summary:In Qt 5.9.x through 5.15.x before 5.15.9 and 6.x before 6.2.4 on Linux and UNIX, QProcess could execute a binary from the current working directory when not found in the PATH.
CVSS v3 Severity:7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
9.4 Critical (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L)
8.2 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Network
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): Low
7.8 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H)
6.8 Medium (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): Low
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): High
Integrity (I): High
Availibility (A): High
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
9.7 High (CCN CVSS v2 Vector: AV:N/AC:L/Au:N/C:C/I:C/A:P)
Exploitability Metrics:Access Vector (AV): Network
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Partial
Vulnerability Type:CWE-noinfo
CWE-427
Vulnerability Consequences:Gain Access
References:Source: MITRE
Type: CNA
CVE-2022-25255

Source: CCN
Type: Qt Web site
QProcess/Unix: ensure we don't accidentally execute something from CWD

Source: MISC
Type: Issue Tracking, Patch, Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/393113

Source: MISC
Type: Patch, Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/394914

Source: MISC
Type: Patch, Release Notes, Vendor Advisory
https://codereview.qt-project.org/c/qt/qtbase/+/396020

Source: MISC
Type: Patch, Vendor Advisory
https://download.qt.io/official_releases/qt/5.15/qprocess5-15.diff

Source: MISC
Type: Patch, Vendor Advisory
https://download.qt.io/official_releases/qt/6.2/qprocess6-2.diff

Source: XF
Type: UNKNOWN
qt-cve202225255-code-exec(219786)

Source: CCN
Type: IBM Security Bulletin 6836915 (App Connect Enterprise Certified Container)
IBM App Connect Enterprise Certified Container operator and operands may be vulnerable to arbitrary code execution [CVE-2022-25255]

Vulnerable Configuration:Configuration 1:
  • cpe:/a:qt:qt:*:*:*:*:*:*:*:* (Version >= 5.9.0 and < 5.15.9)
  • OR cpe:/a:qt:qt:*:*:*:*:*:*:*:* (Version >= 6.0.0 and < 6.2.4)
  • AND
  • cpe:/o:linux:linux_kernel:-:*:*:*:*:*:*:*
  • OR cpe:/o:opengroup:unix:-:*:*:*:*:*:*:*

    • Configuration RedHat 1:
  • cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

    • Configuration RedHat 2:
  • cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

    • Configuration RedHat 3:
  • cpe:/a:redhat:enterprise_linux:8::crb:*:*:*:*:*

    • Configuration RedHat 4:
  • cpe:/a:redhat:enterprise_linux:9:*:*:*:*:*:*:*

    • Configuration RedHat 5:
  • cpe:/a:redhat:enterprise_linux:9::appstream:*:*:*:*:*

    • Configuration RedHat 6:
  • cpe:/a:redhat:enterprise_linux:9::crb:*:*:*:*:*

    • Configuration CCN 1:
  • cpe:/a:qt:qt:6.0.0:*:*:*:*:*:*:*
  • OR cpe:/a:qt:qt:5.9:*:*:*:*:*:*:*
  • AND
  • cpe:/a:ibm:app_connect_enterprise_certified_container:4.2:*:*:*:*:*:*:*

    • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:7910
    P
    		libQt6Core6-6.4.2-150500.1.14 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7551
    P
    		libQt5Concurrent-devel-5.15.8+kde185-150500.2.1 on GA media (Moderate)
    2023-06-12
    oval:org.opensuse.security:def:7909
    P
    		libQt5OpenGLExtensions-devel-static-5.15.8+kde185-150500.2.1 on GA media (Moderate)
    2023-06-12
    oval:com.redhat.rhsa:def:20228022
    P
    		RHSA-2022:8022: qt5 security and bug fix update (Moderate)
    2022-11-15
    oval:com.redhat.rhsa:def:20227482
    P
    		RHSA-2022:7482: qt5 security, bug fix, and enhancement update (Moderate)
    2022-11-08
    oval:org.opensuse.security:def:3291
    P
    		libyaml-0-2-0.1.6-7.1 on GA media (Moderate)
    2022-06-28
    oval:org.opensuse.security:def:94921
    P
    		libQt5OpenGLExtensions-devel-static-5.15.2+kde294-150400.4.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:2971
    P
    		libQt5Concurrent-devel-5.15.2+kde294-150400.4.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:94601
    P
    		libQt5Concurrent-devel-5.15.2+kde294-150400.4.8 on GA media (Moderate)
    2022-06-22
    oval:org.opensuse.security:def:101663
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:119341
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:118846
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:101772
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:119524
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:119036
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:971
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:119709
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:119149
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    oval:org.opensuse.security:def:1094
    P
    		Security update for libqt5-qtbase (Important)
    2022-03-15
    BACK
    qt qt *
    qt qt *
    linux linux kernel -
    opengroup unix -
    qt qt 6.0.0
    qt qt 5.9
    ibm app connect enterprise certified container 4.2