CVE-2022-24441

Code Injection

Severity Score

8.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

The package snyk before 1.1064.0 are vulnerable to Code Injection when analyzing a project. An attacker who can convince a user to scan a malicious project can include commands in a build file such as build.gradle or gradle-wrapper.jar, which will be executed with the privileges of the application. This vulnerability may be triggered when running the the CLI tool directly, or when running a scan with one of the IDE plugins that invoke the Snyk CLI. Successful exploitation of this issue would likely require some level of social engineering - to coerce an untrusted project to be downloaded and analyzed via the Snyk CLI or opened in an IDE where a Snyk IDE plugin is installed and enabled. Additionally, if the IDE has a Trust feature then the target folder must be marked as ‘trusted’ in order to be vulnerable. **NOTE:** This issue is independent of the one reported in [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), and upgrading to a fixed version for this addresses that issue as well. The affected IDE plugins and versions are: - VS Code - Affected: <=1.8.0, Fixed: 1.9.0 - IntelliJ - Affected: <=2.4.47, Fixed: 2.4.48 - Visual Studio - Affected: <=1.1.30, Fixed: 1.1.31 - Eclipse - Affected: <=v20221115.132308, Fixed: All subsequent versions - Language Server - Affected: <=v20221109.114426, Fixed: All subsequent versions

Los paquetes snyk anteriores a 1.1064.0 son vulnerables a la Inyección de Código al analizar un proyecto. Un atacante que pueda convencer a un usuario de que escanee un proyecto malicioso puede incluir comandos en un archivo de compilación como build.gradle o gradle-wrapper.jar, que se ejecutarán con los privilegios de la aplicación. Esta vulnerabilidad puede desencadenarse al ejecutar la herramienta CLI directamente o al ejecutar un análisis con uno de los complementos IDE que invocan la CLI de Snyk. La explotación exitosa de este problema probablemente requeriría cierto nivel de ingeniería social: obligar a que un proyecto que no es de confianza se descargue y analice a través de la CLI de Snyk o se abra en un IDE donde esté instalado y habilitado un complemento de Snyk IDE. Además, si el IDE tiene una función de confianza, la carpeta de destino debe marcarse como "de confianza". para ser vulnerable. **NOTA:** Este problema es independiente del reportado en [CVE-2022-40764](https://security.snyk.io/vuln/SNYK-JS-SNYK-3037342), y se actualiza a una versión corregida. porque esto también aborda ese problema. Los complementos y versiones de IDE afectados son: - VS Code - Afectado: <=1.8.0, Corregido: 1.9.0 - IntelliJ - Afectado: <=2.4.47, Corregido: 2.4.48 - Visual Studio - Afectado: < ;=1.1.30, Corregido: 1.1.31 - Eclipse - Afectado: <=v20221115.132308, Corregido: Todas las versiones posteriores - Servidor de idiomas - Afectado: <=v20221109.114426, Corregido: Todas las versiones posteriores

*Credits: Ron Masas - Imperva

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

Required

Scope

Changed

Confidentiality

Low

Integrity

Low

Availability

Low

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-02-24 CVE Reserved
2022-11-30 CVE Published
2024-07-21 EPSS Updated
2024-08-03 CVE Updated
2024-08-03 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-78: Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CAPEC

References (7)

URL	Tag	Source

URL	Date	SRC
https://security.snyk.io/vuln/SNYK-JS-SNYK-3111871	2024-08-03
https://www.imperva.com/blog/how-scanning-your-projects-for-security-issues-can-lead-to-remote-code-execution	2024-08-03

URL	Date	SRC
https://github.com/snyk/snyk-eclipse-plugin/commit/b5a8bce25a359ced75f83a729fc6b2393fc9a495	2023-08-08
https://github.com/snyk/snyk-intellij-plugin/commit/56682f4ba6081ce1d95cb980cbfacd3809a826f4	2023-08-08
https://github.com/snyk/snyk-ls/commit/b3229f0142f782871aa72d1a7dcf417546d568ed	2023-08-08
https://github.com/snyk/snyk-visual-studio-plugin/commit/0b53dbbd4a3153c3ef9aaf797af3b5caad0f731a	2023-08-08
https://github.com/snyk/vscode-extension/commit/0db3b4240be0db6a0a5c6d02c0d4231a2c4ba708	2023-08-08

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Snyk Search vendor "Snyk"		Snyk Cli Search vendor "Snyk" for product "Snyk Cli"				< 1.1064.0 Search vendor "Snyk" for product "Snyk Cli" and version " < 1.1064.0"		-		Affected
Snyk Search vendor "Snyk"		Snyk Language Server Search vendor "Snyk" for product "Snyk Language Server"				<= 20221109.114426 Search vendor "Snyk" for product "Snyk Language Server" and version " <= 20221109.114426"		-		Affected
Snyk Search vendor "Snyk"		Snyk Security Search vendor "Snyk" for product "Snyk Security"				<= 1.1.30 Search vendor "Snyk" for product "Snyk Security" and version " <= 1.1.30"		visual_studio		Affected
Snyk Search vendor "Snyk"		Snyk Security Search vendor "Snyk" for product "Snyk Security"				<= 1.8.0 Search vendor "Snyk" for product "Snyk Security" and version " <= 1.8.0"		visual_studio_code		Affected
Snyk Search vendor "Snyk"		Snyk Security Search vendor "Snyk" for product "Snyk Security"				<= 2.4.47 Search vendor "Snyk" for product "Snyk Security" and version " <= 2.4.47"		intellij		Affected
Snyk Search vendor "Snyk"		Snyk Security Search vendor "Snyk" for product "Snyk Security"				<= 20221115.132308 Search vendor "Snyk" for product "Snyk Security" and version " <= 20221115.132308"		eclipse		Affected