Lucene search

Ubuntu.comUB:CVE-2022-2712

HistoryJan 27, 2023 - 12:00 a.m.

CVE-2022-2712

2023-01-2700:00:00

ubuntu.com

cve-2022-2712

relative path traversal

unauthenticated attacker

critical data access

configuration files

source code

unix

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

65.8%

JSON

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in
relative path traversal because it does not filter request path starting
with ‘./’. Successful exploitation could allow an remote unauthenticated
attacker to access critical data, such as configuration files and deployed
application source code.

OSVersionArchitecturePackageVersionFilename
ubuntu18.04noarchglassfish< anyUNKNOWN
ubuntu16.04noarchglassfish< anyUNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	18.04	noarch	glassfish	< any	UNKNOWN
ubuntu	16.04	noarch	glassfish	< any	UNKNOWN

References

launchpad.net/bugs/cve/CVE-2022-2712

nvd.nist.gov/vuln/detail/CVE-2022-2712

security-tracker.debian.org/tracker/CVE-2022-2712

www.cve.org/CVERecord?id=CVE-2022-2712

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

EPSS

0.003

Percentile

65.8%

JSON

Related for UB:CVE-2022-2712