How does CVE-2022-36006 affect Arvados?

CVE-2022-36006 affects Arvados versions up to and excluding 2.4.2.

What is the severity of CVE-2022-36006?

CVE-2022-36006 has a severity rating of 8.8 (high).

How can authenticated attackers exploit CVE-2022-36006?

Authenticated attackers can exploit CVE-2022-36006 by executing arbitrary code through specially crafted JSON payloads.

Where can I find more information about CVE-2022-36006?

You can find more information about CVE-2022-36006 in the release notes, issue tracker, and security advisories provided by Arvados.

Vulnerability/
CVE-2022-36006

high

8.8

CWE

502 94

15/8/2022

29/6/2023

CVE-2022-36006: Code Injection

Q: What is CVE-2022-36006?

CVE-2022-36006 is a remote code execution (RCE) vulnerability in the Arvados Workbench.

First published: Mon Aug 15 2022(Updated: )

Arvados is an open source platform for managing, processing, and sharing genomic and other large scientific and biomedical data. A remote code execution (RCE) vulnerability in the Arvados Workbench allows authenticated attackers to execute arbitrary code via specially crafted JSON payloads. This exists in all versions up to 2.4.1 and is fixed in 2.4.2. This vulnerability is specific to the Ruby on Rails Workbench application (“Workbench 1”). We do not believe any other Arvados components, including the TypesScript browser-based Workbench application (“Workbench 2”) or API Server, are vulnerable to this attack. For versions of Arvados earlier than 2.4.2: remove the Ruby-based "Workbench 1" app ("apt-get remove arvados-workbench") from your installation as a workaround.

Credit: security-advisories@github.com

Affected Software	Affected Version	How to fix
Arvados Arvados	<2.4.2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is CVE-2022-36006?
CVE-2022-36006 is a remote code execution (RCE) vulnerability in the Arvados Workbench.
How does CVE-2022-36006 affect Arvados?
CVE-2022-36006 affects Arvados versions up to and excluding 2.4.2.
What is the severity of CVE-2022-36006?
CVE-2022-36006 has a severity rating of 8.8 (high).
How can authenticated attackers exploit CVE-2022-36006?
Authenticated attackers can exploit CVE-2022-36006 by executing arbitrary code through specially crafted JSON payloads.
Where can I find more information about CVE-2022-36006?
You can find more information about CVE-2022-36006 in the release notes, issue tracker, and security advisories provided by Arvados.

collector/nvd-index
agent/severity
agent/author
agent/type
agent/weakness
agent/references
agent/tags
agent/description
agent/softwarecombine
agent/first-publish-date
agent/last-modified-date
agent/event
vendor/arvados
canonical/arvados arvados

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.