Main Vulnerability Database Vulnerabilities #VU73175

#VU73175 Path traversal in AWS SDK for Java - CVE-2022-31159

Published: March 8, 2023

Vulnerability identifier: #VU73175

Vulnerability risk: Medium

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2022-31159

CWE-ID: CWE-22

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
AWS SDK for Java

Software vendor:
Amazon Web Services

Description

The vulnerability allows a remote user to perform directory traversal attacks.

The vulnerability exists due to input validation error when processing directory traversal sequences within the downloadDirectory() method in in the AWS S3 TransferManager component. A remote user can send a specially crafted HTTP request and read arbitrary files on the system.

Remediation

Install update from vendor's website.

External links

https://github.com/aws/aws-sdk-java/security/advisories/GHSA-c28r-hw5m-5gv3

#VU73175 Path traversal in AWS SDK for Java - CVE-2022-31159

Description

Remediation

External links

Please verify you're human