CVE-2022-45046 - Vulnerability Details - OpenCVE

Description

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

Published: 2022-12-05

Score: n/a

EPSS: n/a

KEV: No

Impact:

Action:

Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

No data.

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2022-7756	DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.
Github GHSA	GHSA-w66j-xc7r-m2jv	camel-ldap component allows LDAP Injection when using the filter option

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

No EPSS score available.

Key SSVC decision points have not yet been added.

References

Link	Providers
https://camel.apache.org/security/CVE-2022-45046.html
https://nvd.nist.gov/vuln/detail/CVE-2022-45046
https://www.cve.org/CVERecord?id=CVE-2022-45046

History

No history.

Subscriptions

No data.

MITRE

Status: REJECTED

Assigner: apache

Published: 2022-12-05T00:00:00.000Z

Updated: 2022-12-19T16:24:37.230Z

Reserved: 2022-11-08T00:00:00.000Z

Link: CVE-2022-45046

Vulnrichment

No data.

NVD

Status : Rejected

Published: 2022-12-05T14:15:10.090

Modified: 2023-11-07T03:54:29.393

Link: CVE-2022-45046

Redhat

Severity :

Publid Date: 2022-12-05T00:00:00Z

Links: CVE-2022-45046 - Bugzilla

OpenCVE Enrichment

No data.

Weaknesses

CWE-90

{"acknowledgement": "Red Hat would like to thank 4ra1n (Chaitin Tech) for reporting this issue.", "bugzilla": {"description": "camel-ldap: LDAP Injection on camel-ldap component when using the filter option", "id": "2150871", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2150871"}, "csaw": false, "cwe": "CWE-90", "details": ["This flaw targets the camel-ldap package. According to the maintainers this CVE should be retracted soon."], "mitigation": {"lang": "en:us", "value": "Maintainers have added a documentation detail regarding LDAP Injection in Camel LDAP component. Please check the link for more information. \nhttps://github.com/apache/camel/blob/3ea0740370bb436dcf70b91dcbfb4e2177fca797/components/camel-ldap/src/main/docs/ldap-component.adoc"}, "name": "CVE-2022-45046", "package_state": [{"cpe": "cpe:/a:redhat:camel_spring_boot:3", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat build of Apache Camel for Spring Boot 3"}, {"cpe": "cpe:/a:redhat:quarkus:2", "fix_state": "Not affected", "package_name": "io.quarkus.platform-quarkus-platform-config", "product_name": "Red Hat build of Quarkus"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "com.redhat.fuse.eap-fuse-eap", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.wildfly.camel.example-example-camel", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:jboss_fuse:7", "fix_state": "Not affected", "package_name": "org.wildfly.camel-wildfly-camel", "product_name": "Red Hat Fuse 7"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.camel.kafkaconnector-camel-kafka-connector-aggregator", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:integration:1", "fix_state": "Not affected", "package_name": "org.apache.camel.quarkus-camel-quarkus", "product_name": "Red Hat Integration Camel K 1"}, {"cpe": "cpe:/a:redhat:camel_quarkus:2", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat Integration Camel Quarkus 1"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "com.redhat.fuse.eap-fuse-eap", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse:6", "fix_state": "Not affected", "package_name": "org.jboss.fuse.bom-jboss-fuse-parent", "product_name": "Red Hat JBoss Fuse 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "com.redhat.fuse.eap-fuse-eap", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "org.apache.camel-camel", "product_name": "Red Hat JBoss Fuse Service Works 6"}, {"cpe": "cpe:/a:redhat:jboss_fuse_service_works:6", "fix_state": "Not affected", "package_name": "org.jboss.fuse.bom-jboss-fuse-parent", "product_name": "Red Hat JBoss Fuse Service Works 6"}], "public_date": "2022-12-05T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2022-45046\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-45046\nhttps://camel.apache.org/security/CVE-2022-45046.html"]}