CVE-2022-4244: Codehaus-plexus: directory traversal
First published: Thu Dec 01 2022(Updated: )
A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files. <a href="https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521">https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521</a>
Credit: secalert@redhat.com secalert@redhat.com secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Codehaus-plexus Project Codehaus-plexus | <3.0.24 | |
| Redhat Integration Camel K | <1.10.1 | |
| redhat/codehaus-plexus | <3.0.24 | 3.0.24 |
| maven/org.codehaus.plexus:plexus-utils | <3.0.24 | 3.0.24 |
| Codehaus-plexus Plexus-utils | <3.0.24 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://nvd.nist.gov/vuln/detail/CVE-2022-4244
- https://access.redhat.com/errata/RHSA-2023:3906
- https://access.redhat.com/security/cve/CVE-2022-4244
- https://bugzilla.redhat.com/show_bug.cgi?id=2149841
- https://github.com/codehaus-plexus/plexus-utils/issues/4
- https://github.com/codehaus-plexus/plexus-utils/commit/33a2853df8185b4519b1b8bfae284f03392618ef
- https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521
- https://github.com/advisories/GHSA-g6ph-x5wf-g337 (Advisory)
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2157631
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2157632
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2157633
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2157634
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2157635
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2157636
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2157637
- https://access.redhat.com/security/cve/cve-2022-4244
- https://access.redhat.com/errata/RHSA-2023:2135
Frequently Asked Questions
What is CVE-2022-4244?
CVE-2022-4244 is a vulnerability that allows directory traversal attacks in plexus-codehaus.
What is a directory traversal attack?
A directory traversal attack, also known as a path traversal attack, aims to access files and directories stored outside the intended folder.
What is the severity of CVE-2022-4244?
CVE-2022-4244 has a severity rating of 7.5 (High).
Which software is affected by CVE-2022-4244?
The affected software includes codehaus-plexus version up to 3.0.24, Codehaus-plexus Project Codehaus-plexus up to version 3.0.24, Redhat Integration Camel K up to version 1.10.1, and org.codehaus.plexus:plexus-utils up to version 3.0.24.
How can the CVE-2022-4244 vulnerability be fixed?
To fix the CVE-2022-4244 vulnerability, update the affected software to version 3.0.24 or later.
- collector/nvd-index
- agent/type
- agent/first-publish-date
- agent/weakness
- agent/author
- agent/severity
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-4244
- agent/software-canonical-lookup
- agent/title
- agent/references
- agent/event
- collector/nvd-cve
- source/NVD
- collector/github-advisory-latest
- source/GitHub
- alias/GHSA-g6ph-x5wf-g337
- collector/github-advisory
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/softwarecombine
- agent/tags
- agent/last-modified-date
- collector/nvd-api
- agent/software-canonical-lookup-request
- vendor/codehaus-plexus project
- canonical/codehaus-plexus project codehaus-plexus
- vendor/redhat
- canonical/redhat integration camel k
- package-manager/redhat
- package-manager/maven
- vendor/codehaus-plexus
- canonical/codehaus-plexus plexus-utils