PT-2023-15892 · Jatos · Jatos
Published
2023-01-06
·
Updated
2024-05-17
·
CVE-2022-4878
CVSS v3.1
5.3
Medium
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
JATOS versions prior to 3.7.5-alpha
Description
A critical vulnerability has been found in JATOS, affecting the
ZipUtil function of the ZIP Handler component. This issue leads to path traversal.Recommendations
For versions prior to 3.7.5-alpha, upgrade to version 3.7.5-alpha to address this issue. As a temporary workaround, consider disabling the
ZipUtil function until the patch is applied. Restrict access to the ZIP Handler component to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Jatos