Bug 2149841 (CVE-2022-4244) - CVE-2022-4244 codehaus-plexus: Directory Traversal
Summary: CVE-2022-4244 codehaus-plexus: Directory Traversal
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-4244
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2156487 2156490 2156492 2156493 2156494 2156495 2156496 2157631 2157632 2157633 2157634 2157635 2157636 2157637
Blocks: 2149832
TreeView+ depends on / blocked
 
Reported: 2022-12-01 06:42 UTC by Sandipan Roy
Modified: 2023-12-31 15:48 UTC (History)
78 users (show)

Fixed In Version: codehaus-plexus 3.0.24
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
Clone Of:
Environment:
Last Closed: 2023-06-28 20:17:19 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2023:3906 0 None None None 2023-06-28 15:59:19 UTC

Description Sandipan Roy 2022-12-01 06:42:41 UTC 
A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521
Comment 5 Patrick Del Bello 2023-01-02 12:57:04 UTC 
Created extra-enforcer-rules tracking bugs for this issue:

Affects: fedora-37 [bug 2157631]


Created maven tracking bugs for this issue:

Affects: fedora-37 [bug 2157632]


Created maven-antrun-plugin tracking bugs for this issue:

Affects: fedora-37 [bug 2157633]


Created maven-compiler-plugin tracking bugs for this issue:

Affects: fedora-37 [bug 2157634]


Created maven-plugin-bundle tracking bugs for this issue:

Affects: fedora-37 [bug 2157635]


Created maven-source-plugin tracking bugs for this issue:

Affects: fedora-37 [bug 2157636]


Created pomchecker tracking bugs for this issue:

Affects: fedora-37 [bug 2157637]
Comment 8 errata-xmlrpc 2023-06-28 15:59:15 UTC 
This issue has been addressed in the following products:

  RHINT Camel-K-1.10.1

Via RHSA-2023:3906 https://access.redhat.com/errata/RHSA-2023:3906
Comment 9 Product Security DevOps Team 2023-06-28 20:17:14 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-4244
Note You need to log in before you can comment on or make changes to this bug.