CVE-2022-2712
MEDIUMEclipse GlassFish 5.1.0-6.2.5 - Unauthenticated Path Traversal via Relative Path
Title source: llmDescription
In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
References (1)
Core 1
Core References
Various Sources
https://bugs.eclipse.org/580502
Scores
CVSS v3
6.5
EPSS
0.0061
EPSS Percentile
70.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
CISA SSVC
Vulnrichment
Exploitation
none
Automatable
no
Technical Impact
partial
Details
CWE
CWE-22
Status
published
Products (2)
eclipse/glassfish
5.1.0 - 6.2.5
org.glassfish.main.web/web
5.1.0 - 7.0.0Maven
Published
Jan 27, 2023
Tracked Since
Feb 18, 2026