CVE-2022-4878

CVSS V2 None CVSS V3 None
Description
A vulnerability classified as critical has been found in JATOS. Affected is the function ZipUtil of the file modules/common/app/utils/common/ZipUtil.java of the component ZIP Handler. The manipulation leads to path traversal. Upgrading to version 3.7.5-alpha is able to address this issue. The name of the patch is 2b42519f309d8164e8811392770ce604cdabb5da. It is recommended to upgrade the affected component. The identifier of this vulnerability is VDB-217548.
Overview
  • CVE ID
  • CVE-2022-4878
  • Assigner
  • cna@vuldb.com
  • Vulnerability Status
  • Analyzed
  • Published Version
  • 2023-01-06T10:15:10
  • Last Modified Date
  • 2023-01-12T13:56:09
Weakness Enumerations
CWE URL
CWE-22 http://cwe.mitre.org/data/definitions/22.html
CPE Configuration (Product)
CPE Vulnerable Operator Version Start Version End
cpe:2.3:a:jatos:jatos:*:*:*:*:*:*:*:* 1 OR 3.7.5
References
Reference URL Reference Tags
https://github.com/JATOS/JATOS/commit/2b42519f309d8164e8811392770ce604cdabb5da
https://github.com/JATOS/JATOS/releases/tag/v3.7.5-alpha
https://vuldb.com/?ctiid.217548
https://vuldb.com/?id.217548
Sources
Source Name Source URL
NIST https://nvd.nist.gov/vuln/detail/CVE-2022-4878
MITRE https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-4878
History
Created Old Value New Value Data Type Notes
2023-01-06 10:17:59 Added to TrackCVE
2023-01-06 10:18:00 Weakness Enumeration new
2023-01-06 14:17:00 2023-01-06T13:56:14 CVE Modified Date updated
2023-01-06 14:17:00 Received Awaiting Analysis Vulnerability Status updated
2023-01-06 14:17:03 CVSS V3 information new
2023-01-06 14:17:03 CVSS V2 information new
2023-01-10 18:20:22 Awaiting Analysis Undergoing Analysis Vulnerability Status updated
2023-01-10 18:20:25 CVSS V3 information new
2023-01-10 18:20:25 CVSS V2 information new
2023-01-12 14:15:15 2023-01-12T13:56:09 CVE Modified Date updated
2023-01-12 14:15:15 Undergoing Analysis Analyzed Vulnerability Status updated
2023-01-12 14:15:18 CPE Information updated
2023-01-12 14:15:18 CVSS V3 information new
2023-01-12 14:15:18 CVSS V2 information new