Apache Karaf Config service provides a install method (via service or MBean) that could be used to travel in any directory and overwrite existing file. The vulnerability is low if the Karaf process user has limited permission on the filesystem. Any Apache Karaf version before 4.2.5 is impacted. User should upgrade to Apache Karaf 4.2.5 or later.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2019-05-09T13:31:47
Updated: 2024-08-04T17:44:15.370Z
Reserved: 2018-11-14T00:00:00
Link: CVE-2019-0226
Vulnrichment
No data.
NVD
Status : Modified
Published: 2019-05-09T14:29:00.243
Modified: 2024-11-21T04:16:32.257
Link: CVE-2019-0226
Redhat
No data.