Cloud Vulnerability DB
A community-led vulnerabilities database
Vulnerability DatabaseCVE-2022-38723
CVE-2022-38723:
Java vulnerability analysis and mitigation
Overview
Gravitee API Management before version 3.15.13 was found to contain a path traversal vulnerability through HTML injection. The vulnerability was initially discovered and patched in 2019, but the fix was not completely effective. A new patch was released in version 3.15.13 that successfully addresses the issue (GitHub Advisory, Gravitee Community).
Technical details
The vulnerability exists in the Email service of Gravitee API Management, where anonymous users can exploit a combination of HTML injection and path traversal via the /management/users/register endpoint to read arbitrary files on the system (GitHub Gist).
Impact
The vulnerability allows unauthorized users to read arbitrary files on the system, potentially exposing sensitive information and configuration data (GitHub Gist).
Mitigation and workarounds
Users should upgrade to Gravitee API Management version 3.15.13 or later to address this vulnerability. The patch in this version has been confirmed to effectively remove the security flaw (GitHub Gist).
Additional resources
Source: This report was generated using AI
Related Java vulnerabilities:
Free Vulnerability Assessment
Benchmark your Cloud Security Posture
Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.
Additional Wiz resources
Get a personalized demo
Ready to see Wiz in action?
"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management