Path Traversal Vulnerability in Eclipse GlassFish by Eclipse Foundation
CVE-2022-2712

6.5MEDIUM

Key Information:

Vendor: The Eclipse Foundation
Status: Eclipse Glassfish
Vendor: CVE Published:; 27 January 2023

🔔 Create The Eclipse Foundation Vulnerability Alert

What is CVE-2022-2712?

A path traversal vulnerability exists in Eclipse GlassFish versions 5.1.0 through 6.2.5 that allows remote unauthenticated attackers to exploit the system by manipulating relative paths. The vulnerability arises from the server's failure to adequately filter request paths starting with './', which can enable attackers to access sensitive files. This access may include critical configuration data and source code of deployed applications, thus raising significant security risks for users and applications relying on the affected versions.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

Eclipse GlassFish 5.1.0

Eclipse GlassFish <= 6.2.5

References

https://bugs.eclipse.org/580502

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Timeline

Vulnerability published
Jan 27, 2023
Vulnerability Reserved
Aug 8, 2022

JSON

The Eclipse Foundation