6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-0191

GHSA ID

GHSA-869j-5855-hjpm

EPSS Score

0.89326%

CWE

CWE-22

Published

3/25/2019

Updated

1/9/2023

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2019-0191

CVE-2019-0191: Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf

Apache Karaf kar deployer reads .kar archives and extracts the paths from the "repository/" and "resources/" entries in the zip file. It then writes out the content of these paths to the Karaf repo and resources directories. However, it doesn't do any validation on the paths in the zip file. This means that a malicious user could craft a .kar file with ".." directory names and break out of the directories to write arbitrary content to the filesystem. This is the "Zip-slip" vulnerability - https://snyk.io/research/zip-slip-vulnerability. This vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf releases prior 4.2.3 is impacted.

(GitHub Advisory)

6.5

CVSS Score

3.0

Basic Information

CVE ID

CVE-2019-0191

GHSA ID

GHSA-869j-5855-hjpm

EPSS Score

0.89326%

CWE

CWE-22

Published

3/25/2019

Updated

1/9/2023

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.apache.karaf:karaf	maven	< 4.2.3	4.2.3
org.apache.karaf:apache-karaf	maven	< 4.2.3	4.2.3

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The vulnerability centers on insecure path handling during KAR archive extraction. Based on: 1) CVE description specifying processing of 'repository/' and 'resources/' entries 2) Standard Zip-slip vulnerability patterns involving zip entry name validation 3) Karaf's architecture where KarDeployer handles KAR file deployment. The extractResources and extractRepository methods are explicitly mentioned in the vulnerability description as processing vulnerable paths. The writeEntry method (likely an inner class method) would be responsible for the actual file write operations using untrusted paths. These functions would appear in stack traces during malicious KAR file processing as they handle the path concatenation and file write operations without validation in vulnerable versions.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** K*r** k*r **ploy*r r***s .k*r *r**iv*s *n* *xtr**ts t** p*t*s *rom t** "r*pository/" *n* "r*sour**s/" *ntri*s in t** zip *il*. It t**n writ*s out t** *ont*nt o* t**s* p*t*s to t** K*r** r*po *n* r*sour**s *ir**tori*s. *ow*v*r, it *o*sn't *o *n

Reasoning

T** vuln*r**ility **nt*rs on ins**ur* p*t* **n*lin* *urin* K*R *r**iv* *xtr**tion. **s** on: *) *V* **s*ription sp**i*yin* pro**ssin* o* 'r*pository/' *n* 'r*sour**s/' *ntri*s *) St*n**r* Zip-slip vuln*r**ility p*tt*rns involvin* zip *ntry n*m* v*li*

6.5

Basic Information

Concerned about an active attack path?

CVE-2019-0191: Moderate severity vulnerability that affects org.apache.karaf:apache-karaf and org.apache.karaf:karaf

6.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

Vulnerability Intelligence
Miggo AI