CVE-2022-4244: Codehaus-plexus: directory traversal

Q: What is CVE-2022-4244?

CVE-2022-4244 is a vulnerability that allows directory traversal attacks in plexus-codehaus.

Q: What is a directory traversal attack?

A directory traversal attack, also known as a path traversal attack, aims to access files and directories stored outside the intended folder.

Q: What is the severity of CVE-2022-4244?

CVE-2022-4244 has a severity rating of 7.5 (High).

Q: Which software is affected by CVE-2022-4244?

The affected software includes codehaus-plexus version up to 3.0.24, Codehaus-plexus Project Codehaus-plexus up to version 3.0.24, Redhat Integration Camel K up to version 1.10.1, and org.codehaus.plexus:plexus-utils up to version 3.0.24.

Q: How can the CVE-2022-4244 vulnerability be fixed?

To fix the CVE-2022-4244 vulnerability, update the affected software to version 3.0.24 or later.

Published Dec 1, 2022

Updated

A Directory Traversal attack (also known as path traversal) aims to access files and directories that are stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and its variations, or by using absolute file paths, it may be possible to access arbitrary files and directories stored on file system, including application source code, configuration, and other critical system files.

https://security.snyk.io/vuln/SNYK-JAVA-ORGCODEHAUSPLEXUS-31521

Other sources

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

— MITRE

A flaw was found in plexus-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with dot-dot-slash (../) sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

— GitHub

Plexus Plexus-Utils could allow a local attacker to traverse directories on the system, caused by a flaw in org.codehaus.plexus.util. An attacker could use a specially-crafted archive file containing "dot dot" sequences (/../) to write arbitrary files on the system.

— IBM

Affected Software

7 affected componentsFixes available

redhat/codehaus-plexus<3.0.24

3.0.24

maven/org.codehaus.plexus:plexus-utils<3.0.24

3.0.24

Codehaus-plexus Project Codehaus-plexus<3.0.24

redhat Integration Camel K<1.10.1

IBM Cognos Controller<=11.0.0 - 11.0.1 FP3

IBM Controller<=11.1.0

Codehaus-plexus Plexus-utils<3.0.24

Event History

Sep 25, 2023

CVE Published

via MITRE·07:20 PM

Data Sourced

via MITRE·07:20 PM

DescriptionSeverityWeakness

Advisory Published

via GitHub·09:30 PM

Feb 18, 2025

Data Sourced

via IBM·12:00 AM

DescriptionAffected Software

Parent advisories

This vulnerability appears in the following advisories.

IBM-7183597

Frequently Asked Questions

What is CVE-2022-4244?

CVE-2022-4244 is a vulnerability that allows directory traversal attacks in plexus-codehaus.

What is a directory traversal attack?

A directory traversal attack, also known as a path traversal attack, aims to access files and directories stored outside the intended folder.

What is the severity of CVE-2022-4244?