CVE-2022-4147 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2022-4147?

CVE-2022-4147 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2022-4147?

Check the references section above for vendor advisories and patch information. Affected products include: Quarkus Quarkus.

Vulnerability Description

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Quarkus	Quarkus	>= 2.0, < 2.13.5

Related Weaknesses (CWE)

CWE-1026

References

https://access.redhat.com/security/cve/CVE-2022-4147Vendor Advisory
https://access.redhat.com/security/cve/CVE-2022-4147Vendor Advisory

FAQ

What is CVE-2022-4147?

CVE-2022-4147 is a vulnerability with a CVSS score of 7.5 (HIGH). Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on th...

How severe is CVE-2022-4147?

CVE-2022-4147 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2022-4147?

Check the references section above for vendor advisories and patch information. Affected products include: Quarkus Quarkus.