{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-02T07:27:29.939","vulnerabilities":[{"cve":{"id":"CVE-2022-22932","sourceIdentifier":"security@apache.org","published":"2022-01-26T11:15:09.583","lastModified":"2024-11-21T06:47:38.223","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326"},{"lang":"es","value":"Los comandos de Apache Karaf obr:* y el objetivo de ejecución en el karaf-maven-plugin tienen un salto de ruta parcial que permite salirse de la carpeta esperada. El riesgo es bajo ya que los comandos obr:* no son muy usados y la entrada es establecida por el usuario. Esto ha sido corregido en la revisión: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigación: Los usuarios de Apache Karaf deben actualizar a versiones 4.2.15 o 4.3.6 o posteriores lo antes posible, o usar la ruta correcta. Entradas de JIRA: https://issues.apache.org/jira/browse/KARAF-7326"}],"metrics":{"cvssMetricV31":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:N/A:N","baseScore":5.0,"accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"NONE","availabilityImpact":"NONE"},"baseSeverity":"MEDIUM","exploitabilityScore":10.0,"impactScore":2.9,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-22"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*","versionEndExcluding":"4.2.15","matchCriteriaId":"B465DE0D-5C3B-4D0E-8A6B-503D8E710BF9"},{"vulnerable":true,"criteria":"cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*","versionStartIncluding":"4.3.0","versionEndExcluding":"4.3.6","matchCriteriaId":"66C13A93-7FBA-4B73-A3F1-20E204A34006"}]}]}],"references":[{"url":"https://karaf.apache.org/security/cve-2022-22932.txt","source":"security@apache.org","tags":["Vendor Advisory"]},{"url":"https://karaf.apache.org/security/cve-2022-22932.txt","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}