CVE-2022-4244

HIGH

Codehaus-plexus Plexus-utils < 3.0.24 - Path Traversal

Title source: rule

Description

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Exploits (1)

nomisec WRITEUP

by shoucheng3 · poc

https://github.com/shoucheng3/codehaus-plexus__plexus-utils_CVE-2022-4244_3-0-23

View Code ZIP pw:eip

References (4)

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2023:2135

[Third Party Advisory] https://access.redhat.com/errata/RHSA-2023:3906

[Third Party Advisory] https://access.redhat.com/security/cve/CVE-2022-4244

[Issue Tracking, Third Party Advisory] https://bugzilla.redhat.com/show_bug.cgi?id=2149841

Scores

CVSS v3 7.5

EPSS 0.0027

EPSS Percentile 50.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

CWE

CWE-22

Status published

Products (3)

codehaus-plexus/plexus-utils < 3.0.24

org.codehaus.plexus/plexus-utils 0 - 3.0.24Maven

redhat/integration_camel_k < 1.10.1

Published Sep 25, 2023

Tracked Since Feb 18, 2026