7.5

CVSS Score

Basic Information

CVE ID

CVE-2022-4244

GHSA ID

GHSA-g6ph-x5wf-g337

EPSS Score

CWE

CWE-22

Published

9/25/2023

Updated

5/3/2024

KEV Status

Technology

Java

Concerned about an active attack path?

Talk to our security experts and see Miggo in action.

Miggo Vulnerability Database

→

CVE-2022-4244

CVE-2022-4244:
plexus-codehaus vulnerable to directory traversal

A flaw was found in plexus-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with dot-dot-slash (../) sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.

(GitHub Advisory)

7.5

CVSS Score

Basic Information

CVE ID

CVE-2022-4244

GHSA ID

GHSA-g6ph-x5wf-g337

EPSS Score

CWE

CWE-22

Published

9/25/2023

Updated

5/3/2024

KEV Status

Technology

Java

Technical Details

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Package Name	Ecosystem	Vulnerable Versions	First Patched Version
org.codehaus.plexus:plexus-utils	maven	< 3.0.24	3.0.24

Vulnerability Intelligence
Miggo AI

Root Cause Analysis

The commit 33a2853df8185b4519b1b8bfae284f03392618ef explicitly adds a security check to the extractFile method in Expand.java to prevent directory traversal. This matches the CVE description about improper path limitation and corresponds to the patched version 3.0.24. The vulnerability existed because the method previously used FileUtils.resolveFile without validating if the resulting path remained within the target directory.

Vulnerable functions

Only Mi**o us*rs **n s** t*is s**tion

WAF Protection Rules

WAF Rule

* *l*w w*s *oun* in pl*xus-*o****us. * *ir**tory tr*v*rs*l *tt**k (*lso known *s p*t* tr*v*rs*l) *ims to ****ss *il*s *n* *ir**tori*s stor** outsi** t** int*n*** *ol**r. *y m*nipul*tin* *il*s wit* *ot-*ot-sl*s* (`../`) s*qu*n**s *n* t**ir v*ri*tions

Reasoning

T** *ommit **************************************** *xpli*itly ***s * s**urity ****k to t** *xtr**t*il* m*t*o* in *xp*n*.j*v* to pr*v*nt *ir**tory tr*v*rs*l. T*is m*t***s t** *V* **s*ription **out improp*r p*t* limit*tion *n* *orr*spon*s to t** p*t**

7.5

Basic Information

Concerned about an active attack path?

CVE-2022-4244: plexus-codehaus vulnerable to directory traversal

7.5

Basic Information

Technical Details

Vulnerability IntelligenceMiggo AI

Root Cause Analysis

Vulnerable functions

WAF Protection Rules

WAF Rule

Reasoning

CVE-2022-4244:
plexus-codehaus vulnerable to directory traversal

Vulnerability Intelligence
Miggo AI