Unrated severityNVD Advisory· Published Sep 26, 2022· Updated Apr 23, 2025

Mist vulnerable to user providing a Sudo binary for authentication checks

CVE-2022-39245

Description

Mist is the command-line interface for the makedeb Package Repository. Prior to version 0.9.5, a user-provided sudo binary via the PATH variable can allow a local user to run arbitrary commands on the user's system with root permissions. Versions 0.9.5 and later contain a patch. No known workarounds exist.

Affected products

Makedeb/Mistv5
Range: < 0.9.5

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

github.com/makedeb/mist/commit/e257561a32cffe3c541b265097959adaea3d6b67mitrex_refsource_MISC
github.com/makedeb/mist/releases/tag/v0.9.5mitrex_refsource_MISC
github.com/makedeb/mist/security/advisories/GHSA-pxg4-7c7r-2ww6mitrex_refsource_CONFIRM

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000