← Volver a CVEs

CVE-2022-36006

HIGH

7.9

Descripcion

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (“Workbench 2”) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based "Workbench 1" app ("apt-get remove arvados-workbench") from your installation as a workaround.

Detalles CVE

Puntuacion CVSS v3.17.9

SeveridadHIGH

Vector CVSSCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

Vector de ataqueNETWORK

ComplejidadHIGH

Privilegios requeridosLOW

Interaccion usuarioREQUIRED

Publicado8/15/2022

Ultima modificacion11/21/2024

Fuentenvd

Avistamientos honeypot0

Productos afectados

arvados:arvados

Debilidades (CWE)

CWE-94CWE-502CWE-502

Referencias

https://arvados.org/release-notes/2.4.2/(security-advisories@github.com)

https://dev.arvados.org/issues/19316(security-advisories@github.com)

https://github.com/arvados/arvados/security/advisories/GHSA-8867-q4xf-cqgm(security-advisories@github.com)

https://arvados.org/release-notes/2.4.2/(af854a3a-2127-422b-91ae-364da2661108)

https://dev.arvados.org/issues/19316(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/arvados/arvados/security/advisories/GHSA-8867-q4xf-cqgm(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.