CVE-2022-22932

Опубликовано: 09 янв. 2022

Источник: redhat

CVSS3: 5.4

EPSS Низкий

Описание

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326

A flaw was found in the Apache Karaf obr:* command, where a partial path traversal issue allows a break out of the expected folder. This entry is set by the user.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat BPM Suite 6	karaf	Out of support scope
Red Hat CodeReady Studio 12	karaf	Fix deferred
Red Hat Decision Manager 7	karaf	Not affected
Red Hat Integration Camel K 1	karaf	Not affected
Red Hat Integration Camel Quarkus 1	karaf	Not affected
Red Hat JBoss A-MQ 6	karaf	Out of support scope
Red Hat JBoss BRMS 6	karaf	Out of support scope
Red Hat JBoss Data Grid 7	karaf	Out of support scope
Red Hat JBoss Fuse 6	karaf	Out of support scope
Red Hat JBoss Fuse Service Works 6	karaf	Out of support scope

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-22

https://bugzilla.redhat.com/show_bug.cgi?id=2046279karaf: path traversal flaws

EPSS

Процентиль: 65%

0.00499

Низкий

5.4 Medium

CVSS3

Связанные уязвимости

CVE-2022-22932

CVSS3: 5.3

nvd

около 4 лет назад

CVE-2022-22932

CVSS3: 5.3

debian

около 4 лет назад

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin hav ...

GHSA-544x-2jx9-4pfg

CVSS3: 5.3

github

около 4 лет назад

Path traversal in Apache Karaf

EPSS

Процентиль: 65%

0.00499

Низкий

5.4 Medium

CVSS3