Vulnerability Description
Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. The commands are `stripe login`, `stripe config -e`, `stripe community`, and `stripe open`. MacOS and Linux are unaffected. An attacker who successfully exploits the vulnerability can run arbitrary code in the context of the current user. The update addresses the vulnerability by throwing an error in these situations before the code can run.Users are advised to upgrade to version 1.7.13. There are no known workarounds for this issue.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Stripe | Stripe Cli | < 1.7.13 |
| Microsoft | Windows | - |
Related Weaknesses (CWE)
References
- https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddPatchThird Party Advisory
- https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9Third Party Advisory
- https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddPatchThird Party Advisory
- https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9Third Party Advisory
FAQ
What is CVE-2022-24753?
CVE-2022-24753 is a vulnerability with a CVSS score of 7.7 (HIGH). Stripe CLI is a command-line tool for the Stripe eCommerce platform. A vulnerability in Stripe CLI exists on Windows when certain commands are run in a directory where an attacker has planted files. T...
How severe is CVE-2022-24753?
CVE-2022-24753 has been rated HIGH with a CVSS base score of 7.7/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2022-24753?
Check the references section above for vendor advisories and patch information. Affected products include: Stripe Stripe Cli, Microsoft Windows.