CVE-2022-44635
CVSS V2 None
CVSS V3 None
Description
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgrade to 1.8.1.
Overview
- CVE ID
- CVE-2022-44635
- Assigner
- security@apache.org
- Vulnerability Status
- Analyzed
- Published Version
- 2022-11-29T15:15:10.897
- Last Modified Date
- 2022-12-01T21:24:36.790
Weakness Enumerations
CPE Configuration (Product)
| CPE | Vulnerable | Operator | Version Start | Version End |
|---|---|---|---|---|
| cpe:2.3:a:apache:fineract:*:*:*:*:*:*:*:* | 1 | OR | 1.8.1 |
References
| Reference URL | Reference Tags |
|---|---|
| http://www.openwall.com/lists/oss-security/2022/11/29/3 | Mailing List Third Party Advisory |
| https://lists.apache.org/thread/t8q6fmh3o6yqmy69qtqxppk9yg9wfybg | Mailing List Vendor Advisory |
Sources
| Source Name | Source URL |
|---|---|
| NIST | https://nvd.nist.gov/vuln/detail/CVE-2022-44635 |
| MITRE | https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-44635 |
History
| Created | Old Value | New Value | Data Type | Notes |
|---|---|---|---|---|
| 2022-12-07 18:05:29 | Added to TrackCVE |