CVE-2022-38900

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions decode-uri-component version 0.2.0 Confluence Data Center versions 7.0.1 through 9.0.x

Description The issue is related to improper input validation, which can result in a denial of service (DoS). This can be exploited by a remote attacker, allowing them to disrupt service availability. The vulnerability has a high impact on availability but does not affect confidentiality or integrity. It requires no user interaction to be exploited.

Recommendations For decode-uri-component version 0.2.0, at the moment, there is no information about a newer version that contains a fix for this vulnerability. For Confluence Data Center versions 7.0.1 through 9.0.x, upgrade to Confluence Data Center 9.1.0 or a later version to resolve the issue. If upgrading to version 9.1.0 or later is not possible, upgrade to a release greater than or equal to 9.1.0.

Exploit

DoS

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2023:1743

ALSA-2023:6316

AZL-44976

BDU:2024-05189

CESA-2023_1743

CVE-2022-38900

GHSA-W573-4HG7-7WGQ

RHSA-2023:1533

RHSA-2023:1742

RHSA-2023:1743

RHSA-2023:1744

RHSA-2023:6316

RHSA-2023_1743

RHSA-2023_6316

RLSA-2023:1743

Affected Products

Almalinux

Centos

Confluence

Red Hat

Red Os

Rocky Linux

CVE-2022-38900

Weakness Enumeration

Related Identifiers

Affected Products

References · 65