Page 2 of 13 results (0.003 seconds)

CVSS: 8.8EPSS: 0%CPEs: 1EXPL: 0

In Karaf, JMX authentication takes place using JAAS and authorization takes place using ACL files. By default, only an "admin" can actually invoke on an MBean. However there is a vulnerability there for someone who is not an admin, but has a "viewer" role. In the 'etc/jmx.acl.cfg', such as role can call get*. It's possible to authenticate as a viewer role + invokes on the MLet getMBeansFromURL method, which goes off to a remote server to fetch the desired MBean, which is then registered in Karaf. • http://karaf.apache.org/security/cve-2020-11980.txt https://access.redhat.com/security/cve/CVE-2020-11980 https://bugzilla.redhat.com/show_bug.cgi?id=1850450 • CWE-918: Server-Side Request Forgery (SSRF) •

CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0

Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later. En el servicio Apache Karaf Config proporciona un método de instalación (por medio de service o MBean) que se podría usar para viajar en cualquier directorio y sobrescribir el archivo se presentante. • https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790%40%3Cdev.karaf.apache.org%3E https://lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266%40%3Ccommits.karaf.apache.org%3E • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 0

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. • http://www.securityfocus.com/bid/107462 https://lists.apache.org/thread.html/6856aa7ed7dd805eaf65d0e5e95027dda3b2307aacd1ab4a838c5cd1%40%3Cuser.karaf.apache.org%3E https://lists.apache.org/thread.html/cef9a2d4b547625e5214684283ac5c59c9d9740e092e777dc3f85070%40%3Ccommits.karaf.apache.org%3E • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •

CVSS: 9.8EPSS: 0%CPEs: 4EXPL: 1

Apache Karaf provides a features deployer, which allows users to "hot deploy" a features XML by dropping the file directly in the deploy folder. The features XML is parsed by XMLInputFactory class. Apache Karaf XMLInputFactory class doesn't contain any mitigation codes against XXE. This is a potential security risk as an user can inject external XML entities in Apache Karaf version prior to 4.1.7 or 4.2.2. It has been fixed in Apache Karaf 4.1.7 and 4.2.2 releases. • https://github.com/brianwrf/CVE-2018-11788 http://karaf.apache.org/security/cve-2018-11788.txt http://www.securityfocus.com/bid/106479 • CWE-611: Improper Restriction of XML External Entity Reference •

CVSS: 9.0EPSS: 0%CPEs: 1EXPL: 0

In Apache Karaf prior to 4.2.0 release, if the sshd service in Karaf is left on so an administrator can manage the running instance, any user with rights to the Karaf console can pivot and read/write any file on the file system to which the Karaf process user has access. This can be locked down a bit by using chroot to change the root directory to protect files outside of the Karaf install directory; it can be further locked down by defining a security manager policy that limits file system access to those directories beneath the Karaf home that are necessary for the system to run. However, this still allows anyone with ssh access to the Karaf process to read and write a large number of files as the Karaf process user. En Apache Karaf en versiones anteriores a la 4.2.0, si el servicio sshd en Karaf se deja activo para que un administrador pueda gestionar la instancia en ejecución, cualquier usuario con derechos en la consola Karaf puede pivotar y leer/escribir cualquier archivo en el sistema de archivos al que el usuario del proceso Karaf tiene acceso. Esto puede bloquearse parcialmente empleando chroot para cambiar el directorio root para proteger archivos fuera del directorio de instalación de Karaf; puede bloquearse aún más definiendo una política de gestión de seguridad que limite el acceso del sistema de archivos a esos directorios en el inicio de Karaf que son necesarios para que el sistema se ejecute. • http://karaf.apache.org/security/cve-2018-11786.txt https://issues.apache.org/jira/browse/KARAF-5427 https://lists.apache.org/thread.html/5b7ac762c6bbe77ac5d9389f093fc6dbf196c36d788e3d7629e6c1d9%40%3Cdev.karaf.apache.org%3E • CWE-269: Improper Privilege Management •