CVE-2022-22932

Published: 26/01/2022 Updated: 03/02/2022

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 5.3 | Impact Score: 1.4 | Exploitability Score: 3.9

VMScore: 446

Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N

Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: issues.apache.org/jira/browse/KARAF-7326

Vulnerable Product	Search on Vulmon	Subscribe to Product
apache karaf

Synopsis Important: Red Hat Fuse 7110 release and security update Type/Severity Security Advisory: Important Topic A minor version update (from 710 to 711) is now available for Red Hat Fuse The purpose of this text-only errata is to inform you about the security issues fixed in this releaseRed Hat Product Security has rated this update ...

A new security advisory has been released for Apache Karaf, which was fixed in the 4215 and 436 runtime releases CVE-2022-22932: Path traversal flaws Severity: Low Vendor: The Apache Software Foundation Versions Affected: all versions of Apache Karaf prior to 4215 or 436 Description: Apache Karaf obr:* commands and run goal on the kar ...

CWE-22 https://karaf.apache.org/security/cve-2022-22932.txt https://access.redhat.com/errata/RHSA-2022:5532 https://nvd.nist.gov

CVE-2022-22932

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect