CVE-2022-2712

MEDIUM

Eclipse Glassfish < 6.2.5 - Path Traversal

Title source: rule

Description

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

Exploits (1)

nomisec

by shoucheng3 · poc

https://github.com/shoucheng3/eclipse-ee4j__glassfish_CVE-2022-2712_6-2-5

View on nomisec

References (1)

[Various Sources] https://bugs.eclipse.org/580502

Scores

CVSS v3 6.5

EPSS 0.0061

EPSS Percentile 69.8%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (2)

eclipse/glassfish 5.1.0 - 6.2.5

org.glassfish.main.web/web 5.1.0 - 7.0.0Maven

Published Jan 27, 2023

Tracked Since Feb 18, 2026