git: 15a0ee651699 - main - security/vuxml: register shells/fish vulnerability
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Sat, 21 Jan 2023 22:43:04 UTC
The branch main has been updated by asomers (src committer): URL: https://cgit.FreeBSD.org/ports/commit/?id=15a0ee651699dc551e4e41d3976e68ba1c9e90a9 commit 15a0ee651699dc551e4e41d3976e68ba1c9e90a9 Author: Alan Somers <asomers@FreeBSD.org> AuthorDate: 2023-01-21 22:30:29 +0000 Commit: Alan Somers <asomers@FreeBSD.org> CommitDate: 2023-01-21 22:42:45 +0000 security/vuxml: register shells/fish vulnerability Arbitrary code execution if the attacker can convince the user to cd to a directory the attacker controls. CVE-2022-20001 PR: 263506 --- security/vuxml/vuln/2023.xml | 44 ++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 44 insertions(+) diff --git a/security/vuxml/vuln/2023.xml b/security/vuxml/vuln/2023.xml index 30e741f00766..d43c2aa94ef3 100644 --- a/security/vuxml/vuln/2023.xml +++ b/security/vuxml/vuln/2023.xml @@ -1,3 +1,47 @@ + <vuln vid="a3b10c9b-99d9-11ed-aa55-d05099fed512"> + <topic>shells/fish -- arbitrary code execution via git</topic> + <affects> + <package> + <name>fish</name> + <range><ge>3.1.0</ge><lt>3.4.0</lt></range> + </package> + </affects> + <description> + <body xmlns="http://www.w3.org/1999/xhtml"> + <p>Peter Ammon reports:</p> + <blockquote cite="https://nvd.nist.gov/vuln/detail/CVE-2022-20001"> + <p> + fish is a command line shell. fish version 3.1.0 through + version 3.3.1 is vulnerable to arbitrary code execution. + git repositories can contain per-repository + configuration that change the behavior of git, including + running arbitrary commands. When using the default + configuration of fish, changing to a directory + automatically runs git commands in order to display + information about the current repository in the prompt. + If an attacker can convince a user to change their + current directory into one controlled by the attacker, + such as on a shared file system or extracted archive, + fish will run arbitrary commands under the attacker's + control. This problem has been fixed in fish 3.4.0. Note + that running git in these directories, including using + the git tab completion, remains a potential trigger for + this issue. As a workaround, remove the + fish_git_prompt function from the prompt. + </p> + </blockquote> + </body> + </description> + <references> + <cvename>CVE-2022-20001</cvename> + <url>https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-20001</url> + </references> + <dates> + <discovery>2021-12-26</discovery> + <entry>2023-01-21</entry> + </dates> + </vuln> + <vuln vid="dc49f6dc-99d2-11ed-86e9-d4c9ef517024"> <topic>MySQL -- Multiple vulnerabilities</topic> <affects>