CVE-2022-4147

EPSS 0.26%
Veröffentlicht 06.12.2022 19:15:10
Zuletzt bearbeitet 14.04.2025 18:15:25
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 0 Referenzen 4

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Quarkus ≫ Quarkus Version >= 2.0 < 2.13.5

Quarkus ≫ Quarkus Version >= 2.14.0 < 2.14.2

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.26%	0.496

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.5	1.6	5.9	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

https://access.redhat.com/security/cve/CVE-2022-4147

Vendor Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-4147

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-4147

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-4147

EUVD