Bug 2150871 (CVE-2022-45046) - CVE-2022-45046 camel-ldap: LDAP Injection on camel-ldap component when using the filter option
Summary: CVE-2022-45046 camel-ldap: LDAP Injection on camel-ldap component when using ...
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2022-45046
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 2152798
TreeView+ depends on / blocked
 
Reported: 2022-12-05 13:32 UTC by Borja Tarraso
Modified: 2022-12-15 17:49 UTC (History)
31 users (show)

Fixed In Version: camel-ldap 3.14.6, camel-ldap 3.18.4
Clone Of:
Environment:
Last Closed: 2022-12-15 17:49:06 UTC
Embargoed:

Attachments (Terms of Use)

Description Borja Tarraso 2022-12-05 13:32:33 UTC 
camel-ldap component is vulnerable to LDAP Injection when using the filter option. The camel-spring-ldap component is not affected.

The versions affected are 3.0.0 up to 3.14.5, and 3.15.0 up to 3.18.3, and 3.19.0.
Comment 1 Patrick Del Bello 2022-12-14 16:04:02 UTC 
This CVE came out as a false alarm and should be retracted soon. See more information in this link[1]

[1] https://issues.apache.org/jira/browse/CAMEL-18811?focusedCommentId=17647118&page=com.atlassian.jira.plugin.system.issuetabpanels%3Acomment-tabpanel#comment-17647118
Comment 2 Product Security DevOps Team 2022-12-15 17:49:03 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-45046
Note You need to log in before you can comment on or make changes to this bug.