CVE-2022-1616 Use after free in append_command in GitHub repository vim/vim prior to 8.2.4895
CVE-2016-1000, it is a privilege escalation vulnerability. This flaw can be exploited by local attackers to execute code with elevated privileges. After this plugin is installed, any time you make a change to a file, you will notice that file gets added to the Changes tab in your pull request. After you have made your change, you can click on the Changes tab, and you will notice that file gets added in the list of files in the pull request. That’s when you start to get suspicious. You click on that file, and you will notice that there is a link in the lower right corner of that file that says, “Copy to CL.” Click on that link, and your code will get copied to the pull request. After that, your code is added to the pull request. By doing this, an attacker can create malicious code in the pull request, and then it can be executed by anyone who has access to the pull request. Exploitation of this vulnerability is quite easy. All you need to do is to change any file in your repository, then click on the Changes tab, and you will notice that file gets added to the pull request. After that, click on the file, and you will notice a link in the lower right corner. Click on that link, and your code will get copied to the pull request. After that, your code is added to the pull request. By doing this, an attacker can create malicious code in
Installing this Plugin
This vulnerability is quite easy to exploit. All you need to do is to change any file in your repository, then click on the Changes tab, and you will notice that file gets added to the pull request. After that, click on the file, and you will notice a link in the lower right corner. Click on that link, and your code will get copied to the pull request. After that, your code is added to the pull request. By doing this, an attacker can create malicious code in the pull request, and then it can be executed by anyone who has access to the pull request.
Timeline
Published on: 05/07/2022 19:15:00 UTC
Last modified on: 08/21/2022 06:15:00 UTC
References
- https://github.com/vim/vim/commit/d88934406c5375d88f8f1b65331c9f0cab68cc6c
- https://huntr.dev/bounties/40f1d75f-fb2f-4281-b585-a41017f217e2
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/A6BY5P7ERZS7KXSBCGFCOXLMLGWUUJIH/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JUN33257RUM4RS2I4GZETKFSAXPETATG/
- https://lists.debian.org/debian-lts-announce/2022/05/msg00022.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HIP7KG7TVS5YF3QREAY2GOGUT3YUBZAI/
- https://security.gentoo.org/glsa/202208-32
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-1616