Back to search
CVE-2019-0226
Published: May 9, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.
| Vendor | Product | Versions |
|---|---|---|
Apache | Karaf | affected prior to 4.2.5 |
References
[karaf-dev] 20190506 [SECURITY] New security advisory for CVE-2019-0226 released for Apache Karaf
mailing-list
x_refsource_MLIST
[karaf-commits] 20200612 [karaf-site] branch trunk updated: Publish CVE-2020-11980
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now