CVE-2022-24753 – CVE-2022-24753 is an OS command injection vulne... (How to Fix)

Q: What is the severity of CVE-2022-24753?

CVE-2022-24753 has a CVSS score of 7.7 (HIGH). CVE-2022-24753 is an OS command injection vulnerability in Stripe CLI on Windows that allows arbitrary code execution when running specific commands in directories containing attacker-controlled files. Only Windows users of Stripe CLI are affected, while macOS and Linux systems are not vulnerable. An attacker can execute commands with the privileges of the current user.

📋 TL;DR

CVE-2022-24753 is an OS command injection vulnerability in Stripe CLI on Windows that allows arbitrary code execution when running specific commands in directories containing attacker-controlled files. Only Windows users of Stripe CLI are affected, while macOS and Linux systems are not vulnerable. An attacker can execute commands with the privileges of the current user.

💻 Affected Systems

Products:

Stripe CLI

Versions: All versions before 1.7.13

Operating Systems: Windows

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects Windows systems. macOS and Linux are not vulnerable. Requires running specific Stripe CLI commands in directories with attacker-controlled files.

📦 What is this software?

Stripe Cli by Stripe

View all CVEs affecting Stripe Cli →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the Windows machine, data theft, lateral movement, and persistence establishment.

🟠

Likely Case

Local privilege escalation leading to credential theft, data exfiltration, or installation of malware/backdoors.

🟢

If Mitigated

Limited impact if user runs with minimal privileges and in controlled directories, though code execution still possible.

🌐 Internet-Facing: LOW - This requires local access or social engineering to place malicious files in specific directories.

🏢 Internal Only: MEDIUM - Internal attackers with access to shared directories or who can plant files could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires the victim to run specific Stripe CLI commands in a directory where an attacker has planted malicious files. No authentication bypass needed beyond file placement.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.7.13

Vendor Advisory: https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9

Restart Required: No

Instructions:

1. Open command prompt or PowerShell as administrator. 2. Run: stripe update. 3. Verify version with: stripe version. 4. Ensure version is 1.7.13 or higher.

🔧 Temporary Workarounds

Avoid running Stripe CLI in untrusted directories

windows

Only run Stripe CLI commands in trusted, controlled directories where attackers cannot plant files.

Use macOS or Linux for Stripe CLI operations

all

Switch to using Stripe CLI on macOS or Linux systems which are not vulnerable to this issue.

🧯 If You Can't Patch

Restrict user permissions to prevent file creation in directories where Stripe CLI might be executed
Implement application whitelisting to block execution of unauthorized binaries that might be dropped by an attacker

🔍 How to Verify

Check if Vulnerable:

Check Stripe CLI version. If version is below 1.7.13 and running on Windows, the system is vulnerable.

Check Version:

stripe version

Verify Fix Applied:

Run 'stripe version' and confirm output shows version 1.7.13 or higher.

📡 Detection & Monitoring

Log Indicators:

Windows Event Logs showing unexpected process execution following Stripe CLI commands
Antivirus/EDR alerts for malicious payloads executed from directories where Stripe CLI was run

Network Indicators:

Unexpected outbound connections from systems running Stripe CLI
Command and control traffic from previously clean systems

SIEM Query:

Process Creation where (Image contains 'stripe.exe' AND CommandLine contains 'login' OR CommandLine contains 'config -e' OR CommandLine contains 'community' OR CommandLine contains 'open') followed by suspicious child processes within short time window

📊 Metadata

CVE ID: CVE-2022-24753

CVSS v3 Score: 7.7 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H

CWE: CWE-78

Published: March 9, 2022

Last Updated: November 21, 2024

🔗 References

https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd Patch,Third Party Advisory
https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9 Third Party Advisory
https://github.com/stripe/stripe-cli/commit/be38da5c0191adb77f661f769ffff2fbc7ddf6cd Patch,Third Party Advisory
https://github.com/stripe/stripe-cli/security/advisories/GHSA-4cx6-fj7j-pjx9 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-24753, you might also want to check these: