CVE-2022-4244

moderate-risk

Published 2023-09-25

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

Do I need to act?

0.27% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (2)

Plexus-Utils

Integration Camel K

Affected Vendors

Redhat Codehaus-Plexus

References (8)

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:2135

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:3906

Third Party Advisory https://access.redhat.com/security/cve/CVE-2022-4244

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2149841

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:2135

Third Party Advisory https://access.redhat.com/errata/RHSA-2023:3906

Third Party Advisory https://access.redhat.com/security/cve/CVE-2022-4244

Issue Tracking https://bugzilla.redhat.com/show_bug.cgi?id=2149841

/ 100

moderate-risk

Severity 26/34 · High

Exploitability 1/34 · Minimal

Exposure 7/34 · Low