Remote Code Execution Vulnerability in JPress v4.2.0
CVE-2022-23330

8.8HIGH

Key Information:

Vendor: Jpress
Status: Jpress
Vendor: CVE Published:; 4 February 2022

Summary

A vulnerability in JPress v4.2.0 allows attackers to exploit a flaw in HelloWorldAddonController.java to execute arbitrary code. By delivering a specially crafted JAR package, malicious entities can gain unauthorized control over systems running this version of JPress. It is crucial for users of JPress to review their implementations and secure their environments against potential exploitations.

References

https://gitee.com/JPressProjects/jpress/issues/I4QZZ8

x_refsource_MISC

CVSS V3.1

Score:

8.8

Severity:

HIGH

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Feb 4, 2022
Vulnerability Reserved
Jan 18, 2022