CVE-2022-45046 - Vulnerability Details - OpenCVE

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

No data.

No data.

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-7756	DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Github GHSA	GHSA-w66j-xc7r-m2jv	camel-ldap component allows LDAP Injection when using the filter option

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://camel.apache.org/security/CVE-2022-45046.html
https://nvd.nist.gov/vuln/detail/CVE-2022-45046
https://www.cve.org/CVERecord?id=CVE-2022-45046

History

No history.

Projects

Sign in to view the affected projects.

MITRE

Status: REJECTED

Assigner: apache

Published: 2022-12-05T00:00:00

Updated: 2022-12-19T16:24:37.230Z

Reserved: 2022-11-08T00:00:00

Link: CVE-2022-45046

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2022-12-05T14:15:10.090

Modified: 2023-11-07T03:54:29.393

Link: CVE-2022-45046

Redhat

Severity :

Publid Date: 2022-12-05T00:00:00Z

Links: CVE-2022-45046 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-90

{"acknowledgement": "Red Hat would like to thank 4ra1n (Chaitin Tech) for reporting this issue.", "bugzilla": {"description": "camel-ldap: LDAP Injection on camel-ldap component when using the filter option", "id": "2150871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150871"}, "csaw": false, "cwe": "CWE-90", "details": ["This flaw targets the camel-ldap package. According to the maintainers this CVE should be retracted soon."], "mitigation": {"lang": "en:us", "value": "Maintainers have added a documentation detail regarding LDAP Injection in Camel LDAP component. Please check the link for more information. \nhttps://github.com/apache/camel/blob/3ea0740370bb436dcf70b91dcbfb4e2177fca797/components/camel-ldap/src/main/docs/ldap-component.adoc"}, "name": "CVE-2022-45046", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "io.quarkus.platform-quarkus-platform-config", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "com.redhat.fuse.eap-fuse-eap", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.wildfly.camel.example-example-camel", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.wildfly.camel-wildfly-camel", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.camel.kafkaconnector-camel-kafka-connector-aggregator", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.camel.quarkus-camel-quarkus", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "com.redhat.fuse.eap-fuse-eap", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "org.jboss.fuse.bom-jboss-fuse-parent", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "com.redhat.fuse.eap-fuse-eap", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "org.jboss.fuse.bom-jboss-fuse-parent", "product_name": "Red Hat JBoss Fuse Service Works 6"}], "public_date": "2022-12-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-45046\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45046\nhttps://camel.apache.org/security/CVE-2022-45046.html"]}