{
  "threat_severity" : "Moderate",
  "public_date" : "2022-12-01T00:00:00Z",
  "bugzilla" : {
    "description" : "codehaus-plexus: Directory Traversal",
    "id" : "2149841",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2149841"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
    "status" : "verified"
  },
  "cwe" : "CWE-22",
  "details" : [ "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files.", "A flaw was found in codeplex-codehaus. A directory traversal attack (also known as path traversal) aims to access files and directories stored outside the intended folder. By manipulating files with \"dot-dot-slash (../)\" sequences and their variations or by using absolute file paths, it may be possible to access arbitrary files and directories stored on the file system, including application source code, configuration, and other critical system files." ],
  "statement" : "Red Hat Single Sign-On uses this package for testing purposes and is not delivered with the distribution. Hence not affected status.",
  "affected_release" : [ {
    "product_name" : "RHINT Camel-K-1.10.1",
    "release_date" : "2023-06-28T00:00:00Z",
    "advisory" : "RHSA-2023:3906",
    "cpe" : "cpe:/a:redhat:camel_k:1",
    "package" : "codehaus-plexus"
  }, {
    "product_name" : "RHPAM 7.13.1 async",
    "release_date" : "2023-05-04T00:00:00Z",
    "advisory" : "RHSA-2023:2135",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7.13"
  } ],
  "package_state" : [ {
    "product_name" : "A-MQ Clients 2",
    "fix_state" : "Not affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:a_mq_clients:2"
  }, {
    "product_name" : "Red Hat AMQ Broker 7",
    "fix_state" : "Not affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:amq_broker:7"
  }, {
    "product_name" : "Red Hat A-MQ Online",
    "fix_state" : "Not affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:amq_online:1"
  }, {
    "product_name" : "Red Hat build of Apache Camel for Spring Boot 3",
    "fix_state" : "Fix deferred",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:camel_spring_boot:3",
    "impact" : "low"
  }, {
    "product_name" : "Red Hat build of Apicurio Registry 2",
    "fix_state" : "Affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:service_registry:2"
  }, {
    "product_name" : "Red Hat build of Debezium 1",
    "fix_state" : "Will not fix",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:integration:1"
  }, {
    "product_name" : "Red Hat build of Quarkus",
    "fix_state" : "Not affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:quarkus:2"
  }, {
    "product_name" : "Red Hat Data Grid 8",
    "fix_state" : "Will not fix",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:8"
  }, {
    "product_name" : "Red Hat Decision Manager 7",
    "fix_state" : "Out of support scope",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_brms_platform:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 7",
    "fix_state" : "Out of support scope",
    "package_name" : "plexus-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "maven:3.6/plexus-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "fix_state" : "Not affected",
    "package_name" : "maven:3.8/plexus-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:8"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "maven:3.8/plexus-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Enterprise Linux 9",
    "fix_state" : "Not affected",
    "package_name" : "plexus-utils",
    "cpe" : "cpe:/o:redhat:enterprise_linux:9"
  }, {
    "product_name" : "Red Hat Fuse 7",
    "fix_state" : "Will not fix",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_fuse:7"
  }, {
    "product_name" : "Red Hat Integration Camel Quarkus 1",
    "fix_state" : "Will not fix",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:camel_quarkus:2"
  }, {
    "product_name" : "Red Hat JBoss Data Grid 7",
    "fix_state" : "Out of support scope",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_data_grid:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 6",
    "fix_state" : "Out of support scope",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:6"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform 7",
    "fix_state" : "Not affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_application_platform:7"
  }, {
    "product_name" : "Red Hat JBoss Enterprise Application Platform Expansion Pack",
    "fix_state" : "Affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jbosseapxp"
  }, {
    "product_name" : "Red Hat JBoss Fuse 6",
    "fix_state" : "Out of support scope",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_fuse:6"
  }, {
    "product_name" : "Red Hat JBoss Fuse Service Works 6",
    "fix_state" : "Out of support scope",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_fuse_service_works:6"
  }, {
    "product_name" : "Red Hat JBoss Web Server 3",
    "fix_state" : "Out of support scope",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:3"
  }, {
    "product_name" : "Red Hat JBoss Web Server 5",
    "fix_state" : "Not affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_web_server:5"
  }, {
    "product_name" : "Red Hat OpenShift Application Runtimes",
    "fix_state" : "Not affected",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0"
  }, {
    "product_name" : "Red Hat Process Automation 7",
    "fix_state" : "Out of support scope",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:jboss_enterprise_bpms_platform:7"
  }, {
    "product_name" : "Red Hat Single Sign-On 7",
    "fix_state" : "Not affected",
    "package_name" : "org.codehaus.plexus-plexus-utils",
    "cpe" : "cpe:/a:redhat:red_hat_single_sign_on:7"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-maven36-byte-buddy",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-maven36-maven",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-maven36-maven-archiver",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-maven36-maven-assembly-plugin",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-maven36-maven-compiler-plugin",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-maven36-maven-jar-plugin",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-maven36-maven-plugin-bundle",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-maven36-maven-remote-resources-plugin",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-maven36-maven-shade-plugin",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-maven36-maven-source-plugin",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Will not fix",
    "package_name" : "rh-maven36-maven-surefire",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat Software Collections",
    "fix_state" : "Not affected",
    "package_name" : "rh-maven36-plexus-utils",
    "cpe" : "cpe:/a:redhat:rhel_software_collections:3"
  }, {
    "product_name" : "Red Hat support for Spring Boot",
    "fix_state" : "Will not fix",
    "package_name" : "codehaus-plexus",
    "cpe" : "cpe:/a:redhat:openshift_application_runtimes:1.0"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-4244\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-4244" ],
  "name" : "CVE-2022-4244",
  "csaw" : false
}