CVE-2022-4147

EPSS 0.26%
Published 06.12.2022 19:15:10
Last modified 14.04.2025 18:15:25
Source secalert@redhat.com
Teams watchlist Login
Open Login

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

Affected products Warnungen 0 Metrics 3 CWE 0 References 4

Data is provided by the National Vulnerability Database (NVD)

Quarkus ≫ Quarkus Version >= 2.0 < 2.13.5

Quarkus ≫ Quarkus Version >= 2.14.0 < 2.14.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.26%	0.496

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

https://access.redhat.com/security/cve/CVE-2022-4147

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4147

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4147

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4147

EUVD