Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.
History

No history.

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2019-05-09T13:31:47

Updated: 2024-08-04T17:44:15.370Z

Reserved: 2018-11-14T00:00:00

Link: CVE-2019-0226

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2019-05-09T14:29:00.243

Modified: 2024-11-21T04:16:32.257

Link: CVE-2019-0226

cve-icon Redhat

No data.