CVE-2019-0226

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2019-0226

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2019-0226.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2019-0226

Aliases

GHSA-fjw4-39pg-vf4f

Published

2019-05-09T14:29:00Z

Modified

2024-09-03T02:21:02.774183Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N CVSS Calculator

Summary

[none]

Details

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.

References

Affected packages

Git / github.com/apache/karaf

Affected ranges

Type: GIT
Repo: https://github.com/apache/karaf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

f8c224771dcd1f0122dc02bf9367ec13c307a9c3

Affected versions

karaf-3.*

karaf-3.0.0

karaf-4.*

karaf-4.0.0

karaf-4.0.0.M1

karaf-4.0.0.M2

karaf-4.0.0.M3

karaf-4.0.1

karaf-4.0.2

karaf-4.0.3

karaf-4.0.4

karaf-4.1.0

karaf-4.1.1

karaf-4.2.0

karaf-4.2.0.M1

karaf-4.2.0.M2

karaf-4.2.1

karaf-4.2.2

karaf-4.2.3

karaf-4.2.4