CVE-2022-20001

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions fish versions 3.1.0 through 3.3.1

Description The issue is related to arbitrary code execution. Fish, a command line shell, can run arbitrary commands under an attacker's control when using the default configuration and changing to a directory controlled by the attacker. This can happen on shared file systems or extracted archives. Git repositories can contain per-repository configuration that changes the behavior of git, including running arbitrary commands. The problem is fixed in fish 3.4.0. Running git in these directories, including using the git tab completion, remains a potential trigger for this issue.

Recommendations For fish versions 3.1.0 through 3.3.1, update to fish 3.4.0 to resolve the issue. As a temporary workaround, consider removing the fish git prompt function from the prompt to minimize the risk of exploitation.

Exploit

Fix

Special Elements Injection

Uncontrolled Search Path Element

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-74CWE-427

Related Identifiers

ALT-PU-2022-1535

ALT-PU-2023-1907

ALT-PU-2023-2076

ALT-PU-2023-7981

BDU:2022-01726

CVE-2022-20001

DSA-5234-1

GHSA-PJ5F-6VXJ-F5MQ

MGASA-2022-0181

OESA-2022-1689

OPENSUSE-SU-2022:0096-1

OPENSUSE-SU-2024:11936-1

USN-5367-1

Affected Products

Alt Linux

Linuxmint

Ubuntu

Fish

CVE-2022-20001

Weakness Enumeration

Related Identifiers

Affected Products

References · 37