CVE-2022-25914 — Vulnetix

CVE-2022-25914 PUBLISHED CVSS 5.599999904632568 MEDIUM

The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.

EPSS 3.87% · 88.5th percentile

Risk Scores

CVSS 3.1

5.599999904632568

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

EPSS Score

3.87%

88.5th percentile

Affected Products

Vendor	Product	Versions
n/a	com.google.cloud.tools:jib-core	*
Maven	com.google.cloud.tools:jib-core	0
jib_project	jib	0

Exploit Intelligence

https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871 (circl)
https://github.com/GoogleContainerTools/jib/pull/3744 (circl)
https://github.com/GoogleContainerTools/jib/commit/67fa40bc2c484da0546333914ea07a89fe44eaaf (circl)

Timeline

Sep 8, 2022 EPSS Score
Sep 8, 2022 CVE Published
Sep 15, 2022 EPSS Score
Dec 7, 2022 EPSS Score
Jan 22, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 22, 2023 EPSS Score
Jun 6, 2023 EPSS Score
Jul 21, 2023 EPSS Score
Oct 20, 2023 EPSS Score
Dec 4, 2023 EPSS Score
Jan 18, 2024 EPSS Score

References

https://nvd.nist.gov/vuln/detail/CVE-2022-25914 advisory
https://security.snyk.io/vuln/SNYK-JAVA-COMGOOGLECLOUDTOOLS-2968871 url
https://github.com/GoogleContainerTools/jib/pull/3744 url
https://github.com/GoogleContainerTools/jib/commit/67fa40bc2c484da0546333914ea07a89fe44eaaf url
https://github.com/GoogleContainerTools/jib package

Open in Interactive Console →