PT-2019-11200 · Apache · Apache Karaf

Published

2019-05-09

Updated

2022-05-24

CVE-2019-0226

CVSS v2.0

5.5

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:P/A:P

Name of the Vulnerable Software and Affected Versions: Apache Karaf versions prior to 4.2.5

Description: The Apache Karaf Config service has a method that can be exploited to access and overwrite files in any directory. The severity of this issue is mitigated if the Karaf process user has limited filesystem permissions.

Recommendations: For versions prior to 4.2.5, upgrade to Apache Karaf 4.2.5 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2019-0226

GHSA-FJW4-39PG-VF4F

Affected Products

Apache Karaf

PT-2019-11200 · Apache · Apache Karaf

CVE-2019-0226

Weakness Enumeration

Related Identifiers

Affected Products

References · 10