CVE-2022-4244 — Path Traversal in Plexus-utils

CWE-22 — Path Traversal8 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.3%

top 49.85%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Codehaus-plexus Plexus-utils Redhat Integration Camel K

Timeline

PublishedSep 25

Latest updateJan 16

Description

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

▶NVDcodehaus-plexus/plexus-utils< 3.0.24

▶NVDredhat/integration_camel_k< 1.10.1

🔴Vulnerability Details

CVEList

Codehaus-plexus: directory traversal↗2023-09-25

▶

OSV

CVE-2022-4244: A flaw was found in codeplex-codehaus↗2023-09-25

▶

GHSA

plexus-codehaus vulnerable to directory traversal↗2023-09-25

▶

OSV

plexus-codehaus vulnerable to directory traversal↗2023-09-25

▶

📋Vendor Advisories

Atlassian

CVE-2022-4244: Info Disclosure org.codehaus.plexus:plexus-utils Dependency in Bamboo Data Center and Server↗2024-01-16

▶

Red Hat

codehaus-plexus: Directory Traversal↗2022-12-01

▶

Debian

CVE-2022-4244: plexus-utils2 - A flaw was found in codeplex-codehaus. A directory traversal attack (also known ...↗2022

▶