{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-20T09:09:25.695","vulnerabilities":[{"cve":{"id":"CVE-2022-39245","sourceIdentifier":"security-advisories@github.com","published":"2022-09-26T14:15:10.757","lastModified":"2024-11-21T07:17:52.017","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided `sudo` binary via the `PATH` variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist."},{"lang":"es","value":"Mist es la interfaz de lĂ­nea de comandos para el repositorio de paquetes makedeb. versiones anteriores a 0.9.5, un binario \"sudo\" proporcionado por el usuario por medio de la variable \"PATH\" puede permitir a un usuario local ejecutar comandos arbitrarios en el sistema del usuario con permisos de root. Las versiones 0.9.5 y posteriores contienen un parche. No se presentan mitigaciones conocidas.\n"}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","baseScore":8.4,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.5,"impactScore":5.9},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":7.8,"baseSeverity":"HIGH","attackVector":"LOCAL","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":1.8,"impactScore":5.9}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-287"},{"lang":"en","value":"CWE-305"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-426"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:makedeb:mist:*:*:*:*:*:*:*:*","versionEndExcluding":"0.9.5","matchCriteriaId":"425F97F7-1A75-4759-8DF7-B44087B5CA95"}]}]}],"references":[{"url":"https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67","source":"security-advisories@github.com","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/makedeb/mist/releases/tag/v0.9.5","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6","source":"security-advisories@github.com","tags":["Third Party Advisory"]},{"url":"https://github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch","Third Party Advisory"]},{"url":"https://github.com/makedeb/mist/releases/tag/v0.9.5","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]},{"url":"https://github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Third Party Advisory"]}]}}]}