CVE-2019-0226
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.
Published at
2019-05-09
983 days ago
Modified
2020-06-12
583 days ago
2019
Year
The year of the turtle
https://lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266@%3Ccommits.karaf.apache.org%3E
MLIST:[karaf-commits] 20200612 [karaf-site] branch trunk updated: Publish CVE-2020-11980
https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E
MLIST:[karaf-dev] 20190506 [SECURITY] New security advisory for CVE-2019-0226 released for Apache Karaf
Vulnerability RAW
{
"Title": {
"_text": "CVE-2019-0226"
},
"Notes": {
"Note": [
{
"_text": "Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later."
},
{
"_text": "2019-05-09"
},
{
"_text": "2020-06-12"
}
]
},
"CVE": {
"_text": "CVE-2019-0226"
},
"References": {
"Reference": [
{
"URL": {
"_text": "https://lists.apache.org/thread.html/r218c7e017af0a860ae21bf7ab77520fd2070c8f52db680eeec03a266@%3Ccommits.karaf.apache.org%3E"
},
"Description": {
"_text": "MLIST:[karaf-commits] 20200612 [karaf-site] branch trunk updated: Publish CVE-2020-11980"
}
},
{
"URL": {
"_text": "https://lists.apache.org/thread.html/1baa6f1df0e95fb1cd679067117354af2ab4423277d9a0ff6e8bf790@%3Cdev.karaf.apache.org%3E"
},
"Description": {
"_text": "MLIST:[karaf-dev] 20190506 [SECURITY] New security advisory for CVE-2019-0226 released for Apache Karaf"
}
}
]
}
}