PT-2022-19468 · Unknown · Regionprotect

Nhanaz

Published

2022-05-21

Updated

2022-06-07

CVE-2022-29215

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions RegionProtect versions prior to 1.1.0

Description The issue is related to a YAML injection vulnerability in RegionProtect, a plugin for managing events in certain regions. This vulnerability can cause an instant server crash if the passed arguments are not matched.

Recommendations For versions prior to 1.1.0, update to version 1.1.0 to resolve the issue. As a temporary workaround, restrict operator permissions to untrusted people and avoid entering arguments likely to cause a crash.

Exploit

Fix

Argument Injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-88

Related Identifiers

CVE-2022-29215

GHSA-7GR2-W2R3-R9VF

Affected Products

Regionprotect

PT-2022-19468 · Unknown · Regionprotect

CVE-2022-29215

Weakness Enumeration

Related Identifiers

Affected Products

References · 6