CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Published: Sep 25, 2023
Updated: May 4, 2024
CVE: CVE-2022-4244
GHSA: GHSA-g6ph-x5wf-g337
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWEs:

CWE-22

OWASP TOP 10:

A5 - Broken Access Control

Affected Software
References

Software	From	Fixed in
org.codehaus.plexus / plexus-utils	-	3.0.24
redhat / integration_camel_k	-	1.10.1
codehaus-plexus / plexus-utils	-	3.0.24

https://access.redhat.com/errata/RHSA-2023:2135
https://access.redhat.com/errata/RHSA-2023:3906
https://access.redhat.com/security/cve/CVE-2022-4244
https://bugzilla.redhat.com/show_bug.cgi?id=2149841
https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef
https://github.com/codehaus-plexus/plexus-utils/issues/4
https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521

Vulnerability Database

289,599

CVE-2022-4244