CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:2135
https://access.redhat.com/errata/RHSA-2023:3906	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2022-4244	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2149841	Issue Tracking Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:*:*:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:a:redhat:integration_camel_k:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-09-25 20:15

Updated : 2024-05-03 16:15

NVD link : CVE-2022-4244

Mitre link : CVE-2022-4244

CVE.ORG link : CVE-2022-4244

JSON object : View

Products Affected

codehaus-plexus_project

codehaus-plexus

redhat

integration_camel_k

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

{"id": "CVE-2022-4244", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}, {"type": "Secondary", "source": "secalert@redhat.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2023-09-25T20:15:10.220", "references": [{"url": "https://access.redhat.com/errata/RHSA-2023:2135", "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/errata/RHSA-2023:3906", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2022-4244", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2149841", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "secalert@redhat.com", "description": [{"lang": "en", "value": "CWE-22"}]}, {"type": "Secondary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en codeplex-codehaus. Un ataque de directory traversal (tambi\u00e9n conocido como path traversal) tiene como objetivo acceder a archivos y directorios almacenados fuera de la carpeta deseada. Al manipular archivos con secuencias \"dot-dot-slash (../)\" y sus variaciones o al usar rutas de archivo absolutas, es posible acceder a archivos y directorios arbitrarios almacenados en el sistema de archivos, incluido el c\u00f3digo fuente de la aplicaci\u00f3n, la configuraci\u00f3n, y otros archivos cr\u00edticos del sistema."}], "lastModified": "2024-05-03T16:15:08.730", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:codehaus-plexus_project:codehaus-plexus:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AAE606F1-EBAB-4832-8F66-495E84147298", "versionEndExcluding": "3.0.24"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:integration_camel_k:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0E66C6CC-DA05-4BF4-84B5-D537606B0467", "versionEndExcluding": "1.10.1"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}