{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"important"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2022-20001","title":"Title"},{"category":"description","text":"fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2022-20001","url":"https://www.suse.com/security/cve/CVE-2022-20001"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1197139 for CVE-2022-20001","url":"https://bugzilla.suse.com/1197139"},{"category":"external","summary":"Advisory link for openSUSE-SU-2022:0096-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SRNZU5M6WR5TPTNDAIMOYXCJP2ONI4FB/"}],"title":"SUSE CVE CVE-2022-20001","tracking":{"current_release_date":"2026-01-23T04:12:46Z","generator":{"date":"2023-02-15T03:30:17Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2022-20001","initial_release_date":"2023-02-15T03:30:17Z","revision_history":[{"date":"2023-02-15T03:30:17Z","number":"2","summary":"Current version"},{"date":"2025-01-01T03:22:05Z","number":"3","summary":"Current version"},{"date":"2025-02-15T04:02:02Z","number":"4","summary":"Current version"},{"date":"2025-02-16T07:51:07Z","number":"5","summary":"Current version"},{"date":"2025-03-15T07:54:24Z","number":"6","summary":"Current version"},{"date":"2025-04-25T03:53:16Z","number":"7","summary":"Current version"},{"date":"2025-10-07T02:03:13Z","number":"8","summary":"Current version"},{"date":"2025-11-03T03:41:58Z","number":"9","summary":"Current version"},{"date":"2026-01-23T04:12:46Z","number":"10","summary":"unknown changes"}],"status":"interim","version":"10"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Enterprise Storage 7.1","product":{"name":"SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1","product_identification_helper":{"cpe":"cpe:/o:suse:ses:7.1"}}},{"category":"product_name","name":"SUSE Linux Enterprise High Performance Computing 15 SP3","product":{"name":"SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle_hpc:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Module for Containers 15 SP3","product":{"name":"SUSE Linux Enterprise Module for Containers 15 SP3","product_id":"SUSE Linux Enterprise Module for Containers 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sle-module-containers:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 15 SP3","product":{"name":"SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles:15:sp3"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 16.0","product":{"name":"SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0","product_identification_helper":{"cpe":"cpe:/o:suse:sles:16:16.0:server"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product":{"name":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_identification_helper":{"cpe":"cpe:/o:suse:sles_sap:15:sp3"}}},{"category":"product_name","name":"SUSE Manager Proxy 4.2","product":{"name":"SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-proxy:4.2"}}},{"category":"product_name","name":"SUSE Manager Retail Branch Server 4.2","product":{"name":"SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-retail-branch-server:4.2"}}},{"category":"product_name","name":"SUSE Manager Server 4.2","product":{"name":"SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2","product_identification_helper":{"cpe":"cpe:/o:suse:suse-manager-server:4.2"}}},{"category":"product_name","name":"SUSE Package Hub 15 SP3","product":{"name":"SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3"}},{"category":"product_name","name":"openSUSE Leap 15.3","product":{"name":"openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3","product_identification_helper":{"cpe":"cpe:/o:opensuse:leap:15.3"}}},{"category":"product_name","name":"openSUSE Tumbleweed","product":{"name":"openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed","product_identification_helper":{"cpe":"cpe:/o:opensuse:tumbleweed"}}},{"category":"product_version","name":"fish","product":{"name":"fish","product_id":"fish","product_identification_helper":{"cpe":"cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fish@?upstream=fish.src.rpm"}}},{"category":"product_version","name":"fish-3.4.0-1.1","product":{"name":"fish-3.4.0-1.1","product_id":"fish-3.4.0-1.1","product_identification_helper":{"cpe":"cpe:2.3:a:fishshell:fish:3.4.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fish@3.4.0-1.1?upstream=fish-3.4.0-1.1.src.rpm"}}},{"category":"product_version","name":"fish-4.0.1-160000.2.2","product":{"name":"fish-4.0.1-160000.2.2","product_id":"fish-4.0.1-160000.2.2","product_identification_helper":{"cpe":"cpe:2.3:a:fishshell:fish:4.0.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fish@4.0.1-160000.2.2?upstream=fish-4.0.1-160000.2.2.src.rpm"}}},{"category":"product_version","name":"fish-devel","product":{"name":"fish-devel","product_id":"fish-devel","product_identification_helper":{"cpe":"cpe:2.3:a:fishshell:fish:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fish-devel@?upstream=fish.src.rpm"}}},{"category":"product_version","name":"fish-devel-3.4.0-1.1","product":{"name":"fish-devel-3.4.0-1.1","product_id":"fish-devel-3.4.0-1.1","product_identification_helper":{"cpe":"cpe:2.3:a:fishshell:fish:3.4.0:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fish-devel@3.4.0-1.1?upstream=fish-3.4.0-1.1.src.rpm"}}},{"category":"product_version","name":"fish-devel-4.0.1-160000.2.2","product":{"name":"fish-devel-4.0.1-160000.2.2","product_id":"fish-devel-4.0.1-160000.2.2","product_identification_helper":{"cpe":"cpe:2.3:a:fishshell:fish:4.0.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fish-devel@4.0.1-160000.2.2?upstream=fish-4.0.1-160000.2.2.src.rpm"}}},{"category":"product_version","name":"fish3-3.3.1-bp153.2.10.1","product":{"name":"fish3-3.3.1-bp153.2.10.1","product_id":"fish3-3.3.1-bp153.2.10.1","product_identification_helper":{"cpe":"cpe:2.3:a:fishshell:fish:3.3.1:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/fish3@3.3.1-bp153.2.10.1"}}},{"category":"product_version","name":"fish3-devel-3.3.1-bp153.2.10.1","product":{"name":"fish3-devel-3.3.1-bp153.2.10.1","product_id":"fish3-devel-3.3.1-bp153.2.10.1","product_identification_helper":{"purl":"pkg:rpm/suse/fish3-devel@3.3.1-bp153.2.10.1"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"fish-4.0.1-160000.2.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fish-4.0.1-160000.2.2"},"product_reference":"fish-4.0.1-160000.2.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fish-devel-4.0.1-160000.2.2 as component of SUSE Linux Enterprise Server 16.0","product_id":"SUSE Linux Enterprise Server 16.0:fish-devel-4.0.1-160000.2.2"},"product_reference":"fish-devel-4.0.1-160000.2.2","relates_to_product_reference":"SUSE Linux Enterprise Server 16.0"},{"category":"default_component_of","full_product_name":{"name":"fish3-3.3.1-bp153.2.10.1 as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:fish3-3.3.1-bp153.2.10.1"},"product_reference":"fish3-3.3.1-bp153.2.10.1","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish3-devel-3.3.1-bp153.2.10.1 as component of SUSE Package Hub 15 SP3","product_id":"SUSE Package Hub 15 SP3:fish3-devel-3.3.1-bp153.2.10.1"},"product_reference":"fish3-devel-3.3.1-bp153.2.10.1","relates_to_product_reference":"SUSE Package Hub 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish3-3.3.1-bp153.2.10.1 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:fish3-3.3.1-bp153.2.10.1"},"product_reference":"fish3-3.3.1-bp153.2.10.1","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"fish3-devel-3.3.1-bp153.2.10.1 as component of openSUSE Leap 15.3","product_id":"openSUSE Leap 15.3:fish3-devel-3.3.1-bp153.2.10.1"},"product_reference":"fish3-devel-3.3.1-bp153.2.10.1","relates_to_product_reference":"openSUSE Leap 15.3"},{"category":"default_component_of","full_product_name":{"name":"fish-3.4.0-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:fish-3.4.0-1.1"},"product_reference":"fish-3.4.0-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"fish-devel-3.4.0-1.1 as component of openSUSE Tumbleweed","product_id":"openSUSE Tumbleweed:fish-devel-3.4.0-1.1"},"product_reference":"fish-devel-3.4.0-1.1","relates_to_product_reference":"openSUSE Tumbleweed"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Linux Enterprise Server 15 SP3","product_id":"SUSE Linux Enterprise Server 15 SP3:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Linux Enterprise Server 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Linux Enterprise Server for SAP Applications 15 SP3","product_id":"SUSE Linux Enterprise Server for SAP Applications 15 SP3:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Linux Enterprise Server for SAP Applications 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Linux Enterprise High Performance Computing 15 SP3","product_id":"SUSE Linux Enterprise High Performance Computing 15 SP3:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Linux Enterprise High Performance Computing 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Manager Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Manager Server 4.2","product_id":"SUSE Manager Server 4.2:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Manager Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Manager Proxy 4.2","product_id":"SUSE Manager Proxy 4.2:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Manager Proxy 4.2"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Manager Retail Branch Server 4.2","product_id":"SUSE Manager Retail Branch Server 4.2:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Manager Retail Branch Server 4.2"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Enterprise Storage 7.1","product_id":"SUSE Enterprise Storage 7.1:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Enterprise Storage 7.1"},{"category":"default_component_of","full_product_name":{"name":"fish as component of SUSE Linux Enterprise Module for Containers 15 SP3","product_id":"SUSE Linux Enterprise Module for Containers 15 SP3:fish"},"product_reference":"fish","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 15 SP3"},{"category":"default_component_of","full_product_name":{"name":"fish-devel as component of SUSE Linux Enterprise Module for Containers 15 SP3","product_id":"SUSE Linux Enterprise Module for Containers 15 SP3:fish-devel"},"product_reference":"fish-devel","relates_to_product_reference":"SUSE Linux Enterprise Module for Containers 15 SP3"}]},"vulnerabilities":[{"cve":"CVE-2022-20001","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2022-20001"}],"notes":[{"category":"general","text":"fish is a command line shell. fish version 3.1.0 through version 3.3.1 is vulnerable to arbitrary code execution. git repositories can contain per-repository configuration that change the behavior of git, including running arbitrary commands. When using the default configuration of fish, changing to a directory automatically runs `git` commands in order to display information about the current repository in the prompt. If an attacker can convince a user to change their current directory into one controlled by the attacker, such as on a shared file system or extracted archive, fish will run arbitrary commands under the attacker's control. This problem has been fixed in fish 3.4.0. Note that running git in these directories, including using the git tab completion, remains a potential trigger for this issue. As a workaround, remove the `fish_git_prompt` function from the prompt.","title":"CVE description"}],"product_status":{"known_not_affected":["SUSE Enterprise Storage 7.1:fish","SUSE Enterprise Storage 7.1:fish-devel","SUSE Linux Enterprise High Performance Computing 15 SP3:fish","SUSE Linux Enterprise High Performance Computing 15 SP3:fish-devel","SUSE Linux Enterprise Module for Containers 15 SP3:fish","SUSE Linux Enterprise Module for Containers 15 SP3:fish-devel","SUSE Linux Enterprise Server 15 SP3:fish","SUSE Linux Enterprise Server 15 SP3:fish-devel","SUSE Linux Enterprise Server for SAP Applications 15 SP3:fish","SUSE Linux Enterprise Server for SAP Applications 15 SP3:fish-devel","SUSE Manager Proxy 4.2:fish","SUSE Manager Proxy 4.2:fish-devel","SUSE Manager Retail Branch Server 4.2:fish","SUSE Manager Retail Branch Server 4.2:fish-devel","SUSE Manager Server 4.2:fish","SUSE Manager Server 4.2:fish-devel"],"recommended":["SUSE Linux Enterprise Server 16.0:fish-4.0.1-160000.2.2","SUSE Linux Enterprise Server 16.0:fish-devel-4.0.1-160000.2.2","SUSE Package Hub 15 SP3:fish3-3.3.1-bp153.2.10.1","SUSE Package Hub 15 SP3:fish3-devel-3.3.1-bp153.2.10.1","openSUSE Leap 15.3:fish3-3.3.1-bp153.2.10.1","openSUSE Leap 15.3:fish3-devel-3.3.1-bp153.2.10.1","openSUSE Tumbleweed:fish-3.4.0-1.1","openSUSE Tumbleweed:fish-devel-3.4.0-1.1"]},"references":[{"category":"external","summary":"CVE-2022-20001","url":"https://www.suse.com/security/cve/CVE-2022-20001"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1197139 for CVE-2022-20001","url":"https://bugzilla.suse.com/1197139"},{"category":"external","summary":"Advisory link for openSUSE-SU-2022:0096-1","url":"https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/SRNZU5M6WR5TPTNDAIMOYXCJP2ONI4FB/"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Linux Enterprise Server 16.0:fish-4.0.1-160000.2.2","SUSE Linux Enterprise Server 16.0:fish-devel-4.0.1-160000.2.2","SUSE Package Hub 15 SP3:fish3-3.3.1-bp153.2.10.1","SUSE Package Hub 15 SP3:fish3-devel-3.3.1-bp153.2.10.1","openSUSE Leap 15.3:fish3-3.3.1-bp153.2.10.1","openSUSE Leap 15.3:fish3-devel-3.3.1-bp153.2.10.1","openSUSE Tumbleweed:fish-3.4.0-1.1","openSUSE Tumbleweed:fish-devel-3.4.0-1.1"]}],"scores":[{"cvss_v3":{"baseScore":7.3,"baseSeverity":"HIGH","vectorString":"CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H","version":"3.1"},"products":["SUSE Linux Enterprise Server 16.0:fish-4.0.1-160000.2.2","SUSE Linux Enterprise Server 16.0:fish-devel-4.0.1-160000.2.2","SUSE Package Hub 15 SP3:fish3-3.3.1-bp153.2.10.1","SUSE Package Hub 15 SP3:fish3-devel-3.3.1-bp153.2.10.1","openSUSE Leap 15.3:fish3-3.3.1-bp153.2.10.1","openSUSE Leap 15.3:fish3-devel-3.3.1-bp153.2.10.1","openSUSE Tumbleweed:fish-3.4.0-1.1","openSUSE Tumbleweed:fish-devel-3.4.0-1.1"]}],"threats":[{"category":"impact","date":"2022-03-15T00:00:23Z","details":"important"}],"title":"CVE-2022-20001"}]}