CVE-2022-24753
Last modified
CVE-2022-24753 is a high-severity vulnerability rated 7/10 on the CVSS scale. Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. EPSS estimates a 0.32% chance of exploitation in the next 30 days.
Description
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue.
Metrics
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Stripe | Stripe Cli | < 1.7.13 |
References
- https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cdPatch, Third Party Advisory
- https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9Third Party Advisory
- https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cdPatch, Third Party Advisory
- https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2022-24753?
How severe is CVE-2022-24753?
How do I fix CVE-2022-24753?
Are you affected by CVE-2022-24753?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST