CVE-2022-25914
Published on: Not Yet Published
Last Modified on: 09/13/2022 08:23:00 PM UTC
Certain versions of Jib from Jib Project contain the following vulnerability:
The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution (RCE) via the isDockerInstalled function, due to attempting to execute input.
- CVE-2022-25914 has been assigned by
[email protected] to track the vulnerability - currently rated as CRITICAL severity.
CVSS3 Score: 9.8 - CRITICAL
Attack Vector ⓘ |
Attack Complexity |
Privileges Required |
User Interaction |
---|---|---|---|
NETWORK | LOW | NONE | NONE |
Scope | Confidentiality Impact |
Integrity Impact |
Availability Impact |
UNCHANGED | HIGH | HIGH | HIGH |
CVE References
Description | Tags ⓘ | Link |
---|---|---|
Check if file exists when executable path is passed in through jib do… · GoogleContainerTools/[email protected] · GitHub | github.com text/html |
![]() |
Check if file exists when executable path is passed in through jib dockerClient.executable by mpeddada1 · Pull Request #3744 · GoogleContainerTools/jib · GitHub | github.com text/html |
![]() |
Remote Code Execution (RCE) in com.google.cloud.tools:jib-core | CVE-2022-25914 | Snyk | security.snyk.io text/html |
![]() |
There are currently no QIDs associated with this CVE
Known Affected Configurations (CPE V2.3)
Type | Vendor | Product | Version | Update | Edition | Language |
---|---|---|---|---|---|---|
Application | Jib Project | Jib | All | All | All | All |
- cpe:2.3:a:jib_project:jib:*:*:*:*:*:*:*:*:
Discovery Credit
altman
Social Mentions
Source | Title | Posted (UTC) |
---|---|---|
![]() |
CVE-2022-25914 : The package com.google.cloud.tools:jib-core before 0.22.0 are vulnerable to Remote Code Execution… twitter.com/i/web/status/1… | 2022-09-08 05:11:12 |
![]() |
Potentially Critical CVE Detected! CVE-2022-25914 The package com.google.cloud.tools:jib-core before 0.22.0 are vu… twitter.com/i/web/status/1… | 2022-09-08 06:56:00 |
![]() |
CVE-2022-25914 | 2022-09-08 05:38:25 |