Vulnerabilities > CVE-2022-45129 - Files or Directories Accessible to External Parties vulnerability in Payara
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
Payara before 2022-11-04, when deployed to the root context, allows attackers to visit META-INF and WEB-INF, a different vulnerability than CVE-2022-37422. This affects Payara Platform Community before 4.1.2.191.38, 5.x before 5.2022.4, and 6.x before 6.2022.1, and Payara Platform Enterprise before 5.45.0.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html
- http://packetstormsecurity.com/files/169864/Payara-Platform-Path-Traversal.html
- http://seclists.org/fulldisclosure/2022/Nov/11
- http://seclists.org/fulldisclosure/2022/Nov/11
- https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release
- https://blog.payara.fish/whats-new-in-the-november-2022-payara-platform-release
- https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html
- https://docs.payara.fish/community/docs/6.2022.1/Release%20Notes/Release%20Notes%206.2022.1.html
- https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html
- https://docs.payara.fish/community/docs/Release%20Notes/Release%20Notes%205.2022.4.html
- https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html
- https://docs.payara.fish/enterprise/docs/Release%20Notes/Release%20Notes%205.45.0.html
- https://github.com/payara/Payara/commit/cccdfddeda71c78ae7b3179db5429e1bb8a56b2e
- https://github.com/payara/Payara/commit/cccdfddeda71c78ae7b3179db5429e1bb8a56b2e