CVE-2022-23181

Опубликовано: 27 янв. 2022

Источник: ubuntu

Приоритет: low

EPSS Низкий

CVSS2: 3.7

CVSS3: 7

Описание

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
esm-apps/bionic	released	8.5.39-1ubuntu1~18.04.3+esm2
esm-infra/xenial	released	8.0.32-1ubuntu1.13+esm1
trusty	ignored	end of standard support
upstream	needs-triage
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	not-affected	9.0.70-2
esm-apps/bionic	released	9.0.16-3ubuntu0.18.04.2+esm2
esm-apps/focal	released	9.0.31-1ubuntu0.6
esm-apps/jammy	not-affected	9.0.58-1
esm-apps/noble	not-affected	9.0.70-1ubuntu1
focal	released	9.0.31-1ubuntu0.6
impish	ignored	end of life
jammy	not-affected	9.0.58-1
kinetic	ignored	end of life, was needs-triage

Показывать по

Ссылки на источники

EPSS

Процентиль: 50%

0.00266

Низкий

3.7 Low

CVSS2

7 High

CVSS3

Связанные уязвимости

CVE-2022-23181

CVSS3: 7

redhat

больше 3 лет назад

CVE-2022-23181

CVSS3: 7

nvd

больше 3 лет назад

CVE-2022-23181

CVSS3: 7

debian

больше 3 лет назад

The fix for bug CVE-2020-9484 introduced a time of check, time of use ...

openSUSE-SU-2022:0818-1

suse-cvrf

больше 3 лет назад

Security update for tomcat

SUSE-SU-2022:0818-1

suse-cvrf

больше 3 лет назад

Security update for tomcat

EPSS

Процентиль: 50%

0.00266

Низкий

3.7 Low

CVSS2

7 High

CVSS3

CVE-2022-23181

Описание

Пакет tomcat8

Пакет tomcat9

Ссылки на источники

Связанные уязвимости