Apache · Apache Karaf · CVE-2022-22932
**Name of the Vulnerable Software and Affected Versions**
Apache Karaf versions prior to 4.2.15
Apache Karaf versions prior to 4.3.6
**Description**
The issue is related to partial path traversal in Apache Karaf obr:* commands and the run goal on the karaf-maven-plugin, allowing an attacker to break out of the expected folder. The risk is considered low because obr:* commands are not commonly used and the entry point is set by the user.
**Recommendations**
For versions prior to 4.2.15, upgrade to 4.2.15 or later as soon as possible, or use the correct path.
For versions prior to 4.3.6, upgrade to 4.3.6 or later as soon as possible, or use the correct path.