CVE-2022-2712

In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
Configurations

Configuration 1 (hide)

cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:*

History

21 Nov 2024, 07:01

Type Values Removed Values Added
References () https://bugs.eclipse.org/580502 - () https://bugs.eclipse.org/580502 -
CVSS v2 : unknown
v3 : 7.5
v2 : unknown
v3 : 6.5
Summary
  • (es) En las versiones 5.1.0 a 6.2.5 de Eclipse GlassFish, existe una vulnerabilidad en relative path traversal porque no filtra la ruta de solicitud que comienza con './'. Una explotación exitosa podría permitir que un atacante remoto no autenticado acceda a datos críticos, como archivos de configuración y código fuente de aplicaciones implementadas.

Information

Published : 2023-01-27 10:15

Updated : 2024-11-21 07:01


NVD link : CVE-2022-2712

Mitre link : CVE-2022-2712

CVE.ORG link : CVE-2022-2712


JSON object : View

Products Affected

eclipse

  • glassfish
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')