Lucene search

[email protected]NVD:CVE-2022-2712

HistoryJan 27, 2023 - 10:15 a.m.

CVE-2022-2712

2023-01-2710:15:09

CWE-22

[email protected]

web.nvd.nist.gov

eclipse glassfish

vulnerability

relative path traversal

remote unauthenticated attacker

critical data access

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.003

Percentile

65.8%

JSON

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with ‘./’. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.

Affected configurations

Nvd

Node

eclipseglassfishRange5.1.0–6.2.5

VendorProductVersionCPE
eclipseglassfish*cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
eclipse	glassfish	*	cpe:2.3:a:eclipse:glassfish::::::::

References

bugs.eclipse.org/580502

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

AI Score

6.9

Confidence

High

EPSS

0.003

Percentile

65.8%

JSON

Related for NVD:CVE-2022-2712

prion1 osv1 cvelist1 veracode1 github1 cve1 ubuntucve1