PT-2022-25243 · Apache+6 · Apache Xml Graphics Batik+7

Chudypb

Published

2022-09-22

Updated

2025-07-20

CVE-2022-40146

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache XML Graphics Batik version 1.14 Confluence Data Center and Server versions 7.13.0 through 7.19.0

Description A Server-Side Request Forgery (SSRF) vulnerability in Batik of Apache XML Graphics allows an attacker to access files using a Jar url. This issue can be exploited by an unauthenticated attacker to expose assets in the environment susceptible to exploitation, which has a high impact on confidentiality.

Recommendations For Apache XML Graphics Batik version 1.14, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Confluence Data Center and Server versions 7.13.0 through 7.19.0, upgrade to a release greater than or equal to 7.19.16.

Exploit

SSRF

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-918

Related Identifiers

CVE-2022-40146

DLA-3619-1

DLA-4243-1

GHSA-H4QG-P7R2-CPG3

MGASA-2024-0068

OESA-2023-1651

OPENSUSE-SU-2024:12363-1

SUSE-SU-2024:0777-1

SUSE-SU-2024_0777-1

USN-6117-1

ZDI-22-1327

Affected Products

Apache Xml Graphics Batik

Astra Linux

Confluence

Debian

Jira

Linuxmint

Suse

Ubuntu

PT-2022-25243 · Apache+6 · Apache Xml Graphics Batik+7

CVE-2022-40146

Weakness Enumeration

Related Identifiers

Affected Products

References · 70