CVE-2022-23915 – CVE-2022-23915 is a remote code execution vulne... (How to Fix)

Q: What is the severity of CVE-2022-23915?

CVE-2022-23915 has a CVSS score of 7.2 (HIGH). CVE-2022-23915 is a remote code execution vulnerability in Weblate, a web-based translation management system. Authenticated users can inject arguments when using git or mercurial repositories, allowing them to execute arbitrary commands on the server. This affects all Weblate installations before version 4.11.1.

📋 TL;DR

CVE-2022-23915 is a remote code execution vulnerability in Weblate, a web-based translation management system. Authenticated users can inject arguments when using git or mercurial repositories, allowing them to execute arbitrary commands on the server. This affects all Weblate installations before version 4.11.1.

💻 Affected Systems

Products:

Weblate

Versions: All versions before 4.11.1

Operating Systems: All platforms running Weblate

Default Config Vulnerable: ⚠️ Yes

Notes: Requires git or mercurial repository integration to be configured. All deployments using these version control systems are vulnerable.

📦 What is this software?

Weblate by Weblate

View all CVEs affecting Weblate →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise where an attacker gains complete control over the Weblate server, potentially leading to data theft, lateral movement, or deployment of persistent malware.

🟠

Likely Case

Authenticated attackers (including low-privilege users) execute arbitrary commands to steal sensitive data, modify translations, or disrupt service availability.

🟢

If Mitigated

With proper network segmentation and least privilege access, impact is limited to the Weblate application server, preventing lateral movement to other systems.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access. The vulnerability is in argument parsing for git/mercurial commands, making exploitation straightforward for attackers with valid credentials.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 4.11.1

Vendor Advisory: https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1

Restart Required: Yes

Instructions:

1. Backup your Weblate data and configuration. 2. Update Weblate to version 4.11.1 or later using pip: 'pip install --upgrade weblate==4.11.1'. 3. Restart the Weblate service. 4. Verify the update was successful.

🔧 Temporary Workarounds

Disable Git/Mercurial Integration

all

Temporarily disable git and mercurial repository functionality to prevent exploitation

Modify Weblate configuration to remove VCS repository settings

Restrict User Permissions

all

Limit authenticated users' ability to modify repository settings

Review and tighten user role permissions in Weblate admin interface

🧯 If You Can't Patch

Implement strict network segmentation to isolate Weblate servers from critical infrastructure
Enforce multi-factor authentication and review all user accounts for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check Weblate version: if version is less than 4.11.1 and git/mercurial is configured, the system is vulnerable.

Check Version:

weblate --version

Verify Fix Applied:

Confirm Weblate version is 4.11.1 or higher and test git/mercurial functionality works without allowing command injection.

📡 Detection & Monitoring

Log Indicators:

Unusual git or mercurial command patterns in application logs
Multiple failed authentication attempts followed by repository modifications

Network Indicators:

Unexpected outbound connections from Weblate server
Suspicious command and control traffic patterns

SIEM Query:

source="weblate.log" AND ("git" OR "hg") AND command="*;*" OR command="*|*" OR command="*`*"

📊 Metadata

CVE ID: CVE-2022-23915

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-88

Published: March 4, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/WeblateOrg/weblate/pull/7337 Patch,Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7338 Patch,Third Party Advisory
https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 Patch,Release Notes,Third Party Advisory
https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 Patch,Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7337 Patch,Third Party Advisory
https://github.com/WeblateOrg/weblate/pull/7338 Patch,Third Party Advisory
https://github.com/WeblateOrg/weblate/releases/tag/weblate-4.11.1 Patch,Release Notes,Third Party Advisory
https://snyk.io/vuln/SNYK-PYTHON-WEBLATE-2414088 Patch,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23915, you might also want to check these: