CVE-2022-4244

CVE-2022-4244

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Published Jan 24, 2024

Issue #4 Red Hat · Bugzilla #2149841

CVSS ScoreHigh

7.5

Vulnerabilities

CVE-2022-4244

Published Jan 24, 2024

Issue #4 Red Hat · Bugzilla #2149841

CVSS ScoreHigh

7.5

CVE-2022-4244 Security Details

CVE ID: CVE-2022-4244
CWE: CWE-22
CVE Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
Published: Jan 24, 2024
CVSS Score & Severity: 7.5High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.266%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/codehaus/plexus/util/Expand.extractFile(Ljava/io/File;Ljava/io/File;Ljava/io/InputStream;Ljava/lang/String;Ljava/util/Date;Z)V
JVMVulnerable params: 3
Affected Ecosystems: affected
Source: National Vulnerability Database
References: GitHub · Issue #4PROJECT
Red Hat · Bugzilla #2149841THIRD_PARTY

CVE-2022-4244 Security Details

CVE ID: CVE-2022-4244
CWE: CWE-22
CVE Description: A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.
Published: Jan 24, 2024
CVSS Score & Severity: 7.5High
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score: 0.266%
Malware: malware
KEV Status: Not in KEV Catalog: No known exploits
Vulnerable Methods: org/codehaus/plexus/util/Expand.extractFile(Ljava/io/File;Ljava/io/File;Ljava/io/InputStream;Ljava/lang/String;Ljava/util/Date;Z)V
JVMVulnerable params: 3
Affected Ecosystems: affected
Source: National Vulnerability Database
References: GitHub · Issue #4PROJECT
Red Hat · Bugzilla #2149841THIRD_PARTY

Find vulnerabilities. Fix fast with AI.

CVE-2022-4244

CVE-2022-4244 Security Details

CVE-2022-4244 Security Details