Lucene search

[email protected]NVD:CVE-2022-24767

HistoryApr 12, 2022 - 6:15 p.m.

CVE-2022-24767

2022-04-1218:15:09

CWE-427

[email protected]

web.nvd.nist.gov

github

git for windows

uninstaller

dll hijacking

system user account

CVSS2

6.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:M/Au:N/C:C/I:C/A:C

CVSS3

7.8

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.001

Percentile

22.8%

JSON

GitHub: Git for Windows’ uninstaller vulnerable to DLL hijacking when run under the SYSTEM user account.

Affected configurations

Nvd

Node

microsoftvisual_studio_2017Range15.0–15.9.46

microsoftvisual_studio_2019Range16.0–16.7.27

microsoftvisual_studio_2019Range16.8–16.9.19

microsoftvisual_studio_2019Range16.10–16.11.12

microsoftvisual_studio_2022Range17.0–17.0.8

microsoftvisual_studio_2022Range17.1.0–17.1.4

Node

git_for_windows_projectgit_for_windowsRange<2.35.2

VendorProductVersionCPE
microsoftvisual_studio_2017*cpe:2.3:a:microsoft:visual_studio_2017:*:*:*:*:*:*:*:*
microsoftvisual_studio_2019*cpe:2.3:a:microsoft:visual_studio_2019:*:*:*:*:*:*:*:*
microsoftvisual_studio_2022*cpe:2.3:a:microsoft:visual_studio_2022:*:*:*:*:*:*:*:*
git_for_windows_projectgit_for_windows*cpe:2.3:a:git_for_windows_project:git_for_windows:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
microsoft	visual_studio_2017	*	cpe:2.3:a:microsoft:visual_studio_2017::::::::
microsoft	visual_studio_2019	*	cpe:2.3:a:microsoft:visual_studio_2019::::::::
microsoft	visual_studio_2022	*	cpe:2.3:a:microsoft:visual_studio_2022::::::::
git_for_windows_project	git_for_windows	*	cpe:2.3:a:git_for_windows_project:git_for_windows::::::::