Miggo Logo

CVE-2019-0226: Apache Karaf vulnerable to relative path traversal

4.9

CVSS Score
3.0

Basic Information

EPSS Score
0.81469%
Published
5/24/2022
Updated
1/28/2023
KEV Status
No
Technology
TechnologyJava

Technical Details

CVSS Vector
CVSS:3.0/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:N
Package NameEcosystemVulnerable VersionsFirst Patched Version
org.apache.karaf.config:org.apache.karaf.config.coremaven< 4.2.54.2.5

Vulnerability Intelligence
Miggo AIMiggo AI

Miggo AIRoot Cause Analysis

The vulnerability stems from insecure path handling in two entry points: 1) The JMX MBean interface (ConfigMBean#install) and 2) The Karaf shell command (config:install). Both were patched in KARAF-6230 to prevent relative path traversal by adding validation. The JIRA ticket, CVE description, and associated pull request #805 explicitly reference these components as the vulnerable points where path sanitization was missing, allowing attackers to traverse directories using '../' sequences.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

*p**** K*r** *on*i* s*rvi** provi**s * inst*ll m*t*o* (vi* s*rvi** or M***n) t**t *oul* ** us** to tr*v*l in *ny *ir**tory *n* ov*rwrit* *xistin* *il*. T** vuln*r**ility is low i* t** K*r** pro**ss us*r **s limit** p*rmission on t** *il*syst*m. *ny *

Reasoning

T** vuln*r**ility st*ms *rom ins**ur* p*t* **n*lin* in two *ntry points: *) T** JMX M***n int*r**** (`*on*i*M***n#inst*ll`) *n* *) T** K*r** s**ll *omm*n* (`*on*i*:inst*ll`). *ot* w*r* p*t**** in `K*R**-****` to pr*v*nt r*l*tiv* p*t* tr*v*rs*l *y ***