CVE-2022-42968 - Vulnerability Details - OpenCVE

Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Exploitation none

Automatable yes

Technical Impact total

Vendors	Products
Gitea	Gitea

Configuration 1 [-]

cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
https://github.com/advisories/GHSA-w8xw-7crf-h23x
https://github.com/go-gitea/gitea/pull/21463
https://github.com/go-gitea/gitea/releases/tag/v1.17.3
https://nvd.nist.gov/vuln/detail/CVE-2022-42968
https://security.gentoo.org/glsa/202210-14
https://www.cve.org/CVERecord?id=CVE-2022-42968

History

Wed, 14 May 2025 15:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-16T00:00:00.000Z

Updated: 2025-05-14T14:34:03.454Z

Reserved: 2022-10-16T00:00:00.000Z

Link: CVE-2022-42968

Vulnrichment

Updated: 2024-08-03T13:19:05.488Z

NVD

Status : Modified

Published: 2022-10-16T04:15:09.347

Modified: 2025-05-14T15:15:54.047

Link: CVE-2022-42968

Redhat

Severity : Moderate

Publid Date: 2022-10-16T00:00:00Z

Links: CVE-2022-42968 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2022-42968", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2025-05-14T14:34:03.454Z", "dateReserved": "2022-10-16T00:00:00.000Z", "datePublished": "2022-10-16T00:00:00.000Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-31T00:00:00.000Z"}, "descriptions": [{"lang": "en", "value": "Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/go-gitea/gitea/pull/21463"}, {"url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3"}, {"name": "GLSA-202210-14", "tags": ["vendor-advisory"], "url": "https://security.gentoo.org/glsa/202210-14"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.488Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/go-gitea/gitea/pull/21463", "tags": ["x_transferred"]}, {"url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3", "tags": ["x_transferred"]}, {"name": "GLSA-202210-14", "tags": ["vendor-advisory", "x_transferred"], "url": "https://security.gentoo.org/glsa/202210-14"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-88", "lang": "en", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-05-14T14:33:59.973332Z", "id": "CVE-2022-42968", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:34:03.454Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://github.com/go-gitea/gitea/pull/21463", "tags": ["x_transferred"]}, {"url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3", "tags": ["x_transferred"]}, {"url": "https://security.gentoo.org/glsa/202210-14", "name": "GLSA-202210-14", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T13:19:05.488Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-42968", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-05-14T14:33:59.973332Z"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-88", "description": "CWE-88 Improper Neutralization of Argument Delimiters in a Command ('Argument Injection')"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-05-14T14:33:55.284Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://github.com/go-gitea/gitea/pull/21463"}, {"url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3"}, {"url": "https://security.gentoo.org/glsa/202210-14", "name": "GLSA-202210-14", "tags": ["vendor-advisory"]}], "descriptions": [{"lang": "en", "value": "Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2022-10-31T00:00:00.000Z"}}}, "cveMetadata": {"cveId": "CVE-2022-42968", "state": "PUBLISHED", "dateUpdated": "2025-05-14T14:34:03.454Z", "dateReserved": "2022-10-16T00:00:00.000Z", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2022-10-16T00:00:00.000Z", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gitea:gitea:*:*:*:*:*:*:*:*", "matchCriteriaId": "ACEC293C-EEB4-4CCD-99D2-84BFD1D6ADD7", "versionEndExcluding": "1.17.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled."}, {"lang": "es", "value": "Gitea versiones anteriores a 1.17.3, no sanea ni escapa de las referencias en el backend de git. Los argumentos de los comandos de git son manejados inapropiadamente"}], "id": "CVE-2022-42968", "lastModified": "2025-05-14T15:15:54.047", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-10-16T04:15:09.347", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/go-gitea/gitea/pull/21463"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-14"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/go-gitea/gitea/pull/21463"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Third Party Advisory"], "url": "https://github.com/go-gitea/gitea/releases/tag/v1.17.3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/202210-14"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-88"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-88"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"bugzilla": {"description": "gitea: Sanitize and Escape refs in git backend", "id": "2135739", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2135739"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "details": ["Gitea before 1.17.3 does not sanitize and escape refs in the git backend. Arguments to git commands are mishandled.", "A flaw was found in Gitea. The self-hosted Git service does not sanitize and escape refs in the git backend. This issue could allow an attacker to craft arguments for the git commands, which will be mishandled."], "name": "CVE-2022-42968", "package_state": [{"cpe": "cpe:/a:redhat:logging:5", "fix_state": "Not affected", "package_name": "openshift-logging/lokistack-gateway-rhel9", "product_name": "Logging Subsystem for Red Hat OpenShift"}, {"cpe": "cpe:/a:redhat:serverless:1", "fix_state": "Will not fix", "package_name": "openshift-serverless-1/client-kn-rhel8", "product_name": "OpenShift Serverless"}, {"cpe": "cpe:/a:redhat:acm:2", "fix_state": "Affected", "package_name": "rhacm2/acm-search-v2-rhel8", "product_name": "Red Hat Advanced Cluster Management for Kubernetes 2"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-main-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:advanced_cluster_security:3", "fix_state": "Not affected", "package_name": "advanced-cluster-security/rhacs-scanner-rhel8", "product_name": "Red Hat Advanced Cluster Security 3"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Affected", "package_name": "openshift-gitops-1/kam-delivery-rhel8", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:openshift_gitops:1", "fix_state": "Will not fix", "package_name": "openshift-gitops-kam", "product_name": "Red Hat OpenShift GitOps"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Not affected", "package_name": "quay/quay-builder-rhel8", "product_name": "Red Hat Quay 3"}], "public_date": "2022-10-16T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-42968\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-42968\nhttps://github.com/advisories/GHSA-w8xw-7crf-h23x"], "statement": "The 'gitea' package is a transitive dependency in the Red Hat products and is not used directly in a codebase, which reduces the chances of successful exploitation. Hence, the impact is set as Moderate.", "threat_severity": "Moderate"}