← Zuruck zu CVEs

CVE-2022-36006

HIGH

7.9

Beschreibung

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (“Workbench 2”) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based "Workbench 1" app ("apt-get remove arvados-workbench") from your installation as a workaround.

CVE Details

CVSS v3.1 Bewertung7.9

SchweregradHIGH

CVSS VektorCVSS:3.1/AV:N/AC:H/PR:L/UI:R/S:C/C:H/I:H/A:L

AngriffsvektorNETWORK

KomplexitatHIGH

Erforderliche PrivilegienLOW

BenutzerinteraktionREQUIRED

Veroffentlicht8/15/2022

Zuletzt geandert11/21/2024

Quellenvd

Honeypot-Sichtungen0

Betroffene Produkte

arvados:arvados

Schwachen (CWE)

CWE-94CWE-502CWE-502

Referenzen

https://arvados.org/release-notes/2.4.2/(security-advisories@github.com)

https://dev.arvados.org/issues/19316(security-advisories@github.com)

https://github.com/arvados/arvados/security/advisories/GHSA-8867-q4xf-cqgm(security-advisories@github.com)

https://arvados.org/release-notes/2.4.2/(af854a3a-2127-422b-91ae-364da2661108)

https://dev.arvados.org/issues/19316(af854a3a-2127-422b-91ae-364da2661108)

https://github.com/arvados/arvados/security/advisories/GHSA-8867-q4xf-cqgm(af854a3a-2127-422b-91ae-364da2661108)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.