CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents

🗓️ 24 Nov 2022 06:36:23Reported by KNIMEType

CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents. Directory traversal vulnerability in ZIP archive extraction routines since 4.3.0 release can lead to 'Zip-Slip' attack

Reporter	Title	Published	Views	Family All 8
Circl	CVE-2022-44748	24 Nov 202212:24	–	circl
CNNVD	Knime Server 路径遍历漏洞	24 Nov 202200:00	–	cnnvd
CVE	CVE-2022-44748	24 Nov 202206:36	–	cve
EUVD	EUVD-2022-47680	3 Oct 202520:07	–	euvd
NVD	CVE-2022-44748	24 Nov 202207:15	–	nvd
Prion	Directory traversal	24 Nov 202207:15	–	prion
Positive Technologies	PT-2022-27298 · Knime · Knime Server	24 Nov 202200:00	–	ptsecurity
Vulnrichment	CVE-2022-44748 Uploading workflows to KNIME Server may override arbitrary file system contents	24 Nov 202206:36	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "KNIME Server",
    "vendor": "KNIME",
    "versions": [
      {
        "lessThan": "4.15.3",
        "status": "affected",
        "version": "4.15.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.14.3",
        "status": "affected",
        "version": "4.14.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.13.6",
        "status": "affected",
        "version": "4.3.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
knime	www.knime.com/security/advisories

24 Nov 2022 06:36Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.1

EPSS0.04168

CWE-22