How severe is CVE-2022-39206?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.9 out of 10.

What type of vulnerability is CVE-2022-39206?

This is classified as CWE-610, which is a common weakness in software security.

CVE-2022-39206

CRITICAL Year: 2022

CVSS v3 Score

9.9

Critical

Weakness Type

CWE-610

View all →

Vulnerability Description

Onedev is an open source, self-hosted Git Server with CI/CD and Kanban. When using Docker-based job executors, the Docker socket (e.g. /var/run/docker.sock on Linux) is mounted into each Docker step. Users that can define and trigger CI/CD jobs on a project could use this to control the Docker daemon on the host machine. This is a known dangerous pattern, as it can be used to break out of Docker containers and, in most cases, gain root privileges on the host system. This issue allows regular (non-admin) users to potentially take over the build infrastructure of a OneDev instance. Attackers need to have an account (or be able to register one) and need permission to create a project. Since code.onedev.io has the right preconditions for this to be exploited by remote attackers, it could have been used to hijack builds of OneDev itself, e.g. by injecting malware into the docker images that are built and pushed to Docker Hub. The impact is increased by this as described before. Users are advised to upgrade to 7.3.0 or higher. There are no known workarounds for this issue.

CVE-2017-16088

CRITICAL

CVSS:10.0(Critical)

The safe-eval module describes itself as a safer version of eval. By accessing the object constructors, un-sanitized user input can access the entire standard library and effectively break out of the ...

CWE-6102017

CVE-2019-7290

CRITICAL

CVSS:10.0(Critical)

An access issue was addressed with additional sandbox restrictions. This issue is fixed in Shortcuts 2.1.3 for iOS. A sandboxed process may be able to circumvent sandbox restrictions.

CWE-6102019

CVE-2020-14057

CRITICAL

CVSS:9.8(Critical)

Monsta FTP 2.10.1 or below allows external control of paths used in filesystem operations. This allows attackers to read and write arbitrary local files, allowing an attacker to gain remote code execu...

CWE-6102020

CVE-2021-43685

CRITICAL

CVSS:9.8(Critical)

libretime hv3.0.0-alpha.10 is affected by a path manipulation vulnerability in /blob/master/legacy/application/modules/rest/controllers/ShowImageController.php through the rename function.

CWE-6102021

CVE-2021-44041

CRITICAL

CVSS:9.8(Critical)

UiPath Assistant 21.4.4 will load and execute attacker controlled data from the file path supplied to the --dev-widget argument of the URI handler for uipath-assistant://. This allows an attacker to e...

CWE-6102021

CVE-2022-20239

CRITICAL

CVSS:9.8(Critical)

remap_pfn_range' here may map out of size kernel memory (for example, may map the kernel area), and because the 'vma->vm_page_prot' can also be controlled by userspace, so userspace may map the kernel...

CWE-6102022

CVE-2022-39206

Vulnerability Description

Related Vulnerabilities

CVE-2017-16088

CVE-2019-7290

CVE-2020-14057

CVE-2021-43685

CVE-2021-44041

CVE-2022-20239