CVE-2022-4244

HIGH

plexus-utils < 3.0.24 - Path Traversal via Dot-Dot-Slash Sequences

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2022-4244. PoCs published by shoucheng3.

AI-analyzed exploit summary This repository appears to be a writeup or documentation for CVE-2022-4244, focusing on the Plexus-Utils library. The provided code snippets are part of the library's source code, not an exploit PoC.

Description

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Exploits (1)

nomisec WRITEUP
by shoucheng3 · poc
https://github.com/shoucheng3/codehaus-plexus__plexus-utils_CVE-2022-4244_3-0-23

This repository appears to be a writeup or documentation for CVE-2022-4244, focusing on the Plexus-Utils library. The provided code snippets are part of the library's source code, not an exploit PoC.

Classification
Writeup 90%
Attack Type
Other
Complexity
Trivial
Reliability
Theoretical
Target: Plexus-Utils (version not explicitly stated)
No auth needed
Prerequisites: Access to the vulnerable library
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (4)

Core 4
Core References
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:2135
Third Party Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2023:3906
Third Party Advisory vdb-entry x_refsource_redhat
https://access.redhat.com/security/cve/CVE-2022-4244
Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat
https://bugzilla.redhat.com/show_bug.cgi?id=2149841

Scores

CVSS v3 7.5
EPSS 0.0029
EPSS Percentile 53.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CISA SSVC

Vulnrichment
Exploitation poc
Automatable yes
Technical Impact partial

Details

CWE
CWE-22
Status published
Products (3)
codehaus-plexus/plexus-utils < 3.0.24
org.codehaus.plexus/plexus-utils 0 - 3.0.24Maven
redhat/integration_camel_k < 1.10.1
Published Sep 25, 2023
Tracked Since Feb 18, 2026