CVE-2022-44749 Opening workflows from untrusted resources may override arbitrary file system contents

🗓️ 24 Nov 2022 06:39:22Reported by KNIMEType

CVE-2022-44749: Zip-Slip vulnerability in KNIME Analytics Platfor

Reporter	Title	Published	Views	Family All 9
Circl	CVE-2022-44749	24 Nov 202212:24	–	circl
CNNVD	Knime Analytics Platform 路径遍历漏洞	24 Nov 202200:00	–	cnnvd
CVE	CVE-2022-44749	24 Nov 202206:39	–	cve
EUVD	EUVD-2022-47681	3 Oct 202520:07	–	euvd
NVD	CVE-2022-44749	24 Nov 202207:15	–	nvd
OSV	CVE-2022-44749	24 Nov 202207:15	–	osv
Prion	Directory traversal	24 Nov 202207:15	–	prion
Positive Technologies	PT-2022-27299 · Knime · Knime Analytics Platform	24 Nov 202200:00	–	ptsecurity
Vulnrichment	CVE-2022-44749 Opening workflows from untrusted resources may override arbitrary file system contents	24 Nov 202206:39	–	vulnrichment

[
  {
    "defaultStatus": "unaffected",
    "product": "KNIME Analytics Platform",
    "vendor": "KNIME",
    "versions": [
      {
        "lessThan": "4.5.3",
        "status": "affected",
        "version": "4.5.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.6.4",
        "status": "affected",
        "version": "4.6.0",
        "versionType": "semver"
      },
      {
        "lessThan": "4.4.5",
        "status": "affected",
        "version": "3.2.0",
        "versionType": "semver"
      }
    ]
  }
]

Source	Link
knime	www.knime.com/security/advisories

24 Nov 2022 06:39Current

7.6High risk

Vulners AI Score7.6

CVSS 3.15.5

EPSS0.00056

CWE-22