In Eclipse GlassFish versions 5.1.0 to 6.2.5, there is a vulnerability in relative path traversal because it does not filter request path starting with './'. Successful exploitation could allow an remote unauthenticated attacker to access critical data, such as configuration files and deployed application source code.
References
Link | Resource |
---|---|
https://bugs.eclipse.org/580502 |
Configurations
History
07 Nov 2023, 03:46
Type | Values Removed | Values Added |
---|---|---|
References | () https://bugs.eclipse.org/580502 - |
06 Feb 2023, 19:38
Type | Values Removed | Values Added |
---|---|---|
References | (CONFIRM) https://bugs.eclipse.org/580502 - Permissions Required, Vendor Advisory | |
CPE | cpe:2.3:a:eclipse:glassfish:*:*:*:*:*:*:*:* | |
CWE | CWE-22 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
First Time |
Eclipse glassfish
Eclipse |
27 Jan 2023, 10:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-01-27 10:15
Updated : 2023-12-10 14:48
NVD link : CVE-2022-2712
Mitre link : CVE-2022-2712
CVE.ORG link : CVE-2022-2712
JSON object : View
Products Affected
eclipse
- glassfish
CWE
CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')