CVE-2022-45129
First published: Thu Nov 10 2022(Updated: )
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Payara | <4.1.2.191.38 | |
| Payara | <5.45.0 | |
| Payara | >=5.0.0<5.2022.4 | |
| Payara | >=6.0.0<6.2022.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html
- http://seclists.org/fulldisclosure/2022/Nov/11
- https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release
- https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html
- https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html
- https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html
- https://github.com/payara/Payara/commit/cccdfddeda71c78ae7b3179db5429e1bb8a56b2e
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-45129.
What is the severity of CVE-2022-45129?
The severity of CVE-2022-45129 is high (7.5).
Which software versions are affected by CVE-2022-45129?
Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0 are affected.
How can attackers exploit CVE-2022-45129?
Attackers can visit META-INF and WEB-INF by deploying Payara to the root context.
Is there a fix for CVE-2022-45129?
Yes, updating to Payara Platform Community 4.1.2.191.38, 5.2022.4, or 6.2022.1, or Payara Platform Enterprise 5.45.0 will fix the vulnerability.
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/remedy
- agent/severity
- agent/references
- agent/weakness
- agent/first-publish-date
- agent/description
- agent/author
- agent/last-modified-date
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- collector/nvd-index
- vendor/payara
- canonical/payara
- version/payara/5.0.0
- version/payara/6.0.0