Vulnerability Description
Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag -dSAFER is not set with Ghostscript.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mahara | Mahara | >= 21.04.0, < 21.04.7 |
| Canonical | Ubuntu Linux | 18.04 |
Related Weaknesses (CWE)
References
- https://bugs.launchpad.net/mahara/+bug/1979575Issue TrackingVendor Advisory
- https://mahara.org/interaction/forum/topic.php?id=9198Vendor Advisory
- https://bugs.launchpad.net/mahara/+bug/1979575Issue TrackingVendor Advisory
- https://mahara.org/interaction/forum/topic.php?id=9198Vendor Advisory
FAQ
What is CVE-2022-44544?
CVE-2022-44544 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Mahara 21.04 before 21.04.7, 21.10 before 21.10.5, 22.04 before 22.04.3, and 22.10 before 22.10.0 potentially allow a PDF export to trigger a remote shell if the site is running on Ubuntu and the flag...
How severe is CVE-2022-44544?
CVE-2022-44544 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2022-44544?
Check the references section above for vendor advisories and patch information. Affected products include: Mahara Mahara, Canonical Ubuntu Linux.