CVE-2022-22932
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2022-22932
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2022-22932.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2022-22932
- Aliases
- Published
- 2022-01-26T11:15:09Z
- Modified
- 2025-01-14T10:46:46.662665Z
- Severity
-
- 5.3 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N CVSS Calculator
- Summary
- [none]
- Details
-
Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326
- References
Affected packages
Git / github.com/apache/karaf
Affected ranges
- Type
- GIT
- Repo
- https://github.com/apache/karaf
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
karaf-3.*
karaf-3.0.0
karaf-4.*
karaf-4.0.0
karaf-4.0.0.M1
karaf-4.0.0.M2
karaf-4.0.0.M3
karaf-4.0.1
karaf-4.0.2
karaf-4.0.3
karaf-4.0.4
karaf-4.1.0
karaf-4.1.1
karaf-4.2.0
karaf-4.2.0.M1
karaf-4.2.0.M2
karaf-4.2.1
karaf-4.2.10
karaf-4.2.11
karaf-4.2.12
karaf-4.2.13
karaf-4.2.14
karaf-4.2.2
karaf-4.2.3
karaf-4.2.4
karaf-4.2.5
karaf-4.2.6
karaf-4.2.7
karaf-4.2.8
karaf-4.2.9