CVE-2022-4244 — plexus-codehaus vulnerable to directory traversal

Description

A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with "dot-dot-slash (../)" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

How to fix CVE-2022-4244

To remediate CVE-2022-4244, upgrade the affected package to a fixed version below.

—upgrade to 3.0.24-1 or later
—upgrade to 3.0.24 or later

Is CVE-2022-4244 being exploited?

Low — EPSS is 0.3%, meaning exploitation activity has not been observed at scale.

Affected packages (2)

from 0, < 3.0.24-1
from 0, < 3.0.24

CVSS scores

Source	Version	Severity	Vector
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

References (9)

ADVISORYnvd.nist.gov/vuln/detail/CVE-2022-4244
ADVISORYsecurity-tracker.debian.org/tracker/CVE-2022-4244
WEBaccess.redhat.com/errata/RHSA-2023:2135
WEBaccess.redhat.com/errata/RHSA-2023:3906
WEB