The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2.
The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Wed, 16 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00182}

epss

{'score': 0.00112}


Wed, 16 Jul 2025 01:15:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache shardingsphere Elasticjob-ui
CPEs cpe:2.3:a:apache:shardingsphere_elasticjob-ui:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache shardingsphere Elasticjob-ui

Thu, 06 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 8.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}


Thu, 06 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.
Title Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC
Weaknesses CWE-913
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published:

Updated: 2025-02-06T16:25:45.921Z

Reserved: 2022-05-27T08:27:18.571Z

Link: CVE-2022-31764

cve-icon Vulnrichment

Updated: 2025-02-06T16:24:36.286Z

cve-icon NVD

Status : Analyzed

Published: 2025-02-06T15:15:10.610

Modified: 2025-07-16T01:00:27.987

Link: CVE-2022-31764

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.