CVE-2022-45129

Common vulnerabilities & exposures (CVE)

CVE database CVE database blogpost Release & EoL database

Published at: - 10-11-2022 07:15

Last modified: - 20-01-2023 03:49

Total changes: - 3

Description

Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.

Common Vulnerability Scoring System (CVSS)

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Low

Attack complexity

Network

Attack vector

None

Availability

High

Confidentiality

None

Integrity

None

Privileges required

Unchanged

Scope

None

User interaction

7.5

Base score

3.9

3.6

Exploitability score

Impact score

Verification logic

Reference

https://github.com/payara/Payara/commit/cccdfddeda71c78ae7b3179db5429e1bb8a56b2e
https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html
https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release
https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html
https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html
20221115 SEC Consult SA-20221114-0 :: Path Traversal Vulnerability in Payara Platform-Mailing List, Third Party Advisory
http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html

Keywords

CVE-2022-45129

Common vulnerabilities & exposures (CVE)

Description

Common Vulnerability Scoring System (CVSS)

Verification logic

Reference

NVD

CVE-2022-45129

CVE

Common vulnerabilities & exposures

CVSS

Common vulnerability scoring system

Security

Vulnerabilities

Exposures