CVE-2018-8041 - OpenCVE

Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal.

No CVSS v3.1

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact None

Availability Impact None

User Interaction None

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Apache	Camel

Configuration 1 [-]

OR	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel::::::::
	cpe:2.3:a:apache:camel:2.22.0:::::::*

References

Link	Resource
http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2	Mailing List Vendor Advisory
http://www.securityfocus.com/bid/105352	Third Party Advisory VDB Entry
https://access.redhat.com/errata/RHSA-2018:3768	Third Party Advisory
https://issues.apache.org/jira/browse/CAMEL-12630	Issue Tracking Vendor Advisory
https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E
https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apache

Published: 2018-07-09T00:00:00

Updated: 2019-05-24T10:06:03

Reserved: 2018-03-09T00:00:00

Link: CVE-2018-8041

JSON object: View

NVD Information

Status : Modified

Published: 2018-09-17T14:29:00.920

Modified: 2023-11-07T03:01:23.447

Link: CVE-2018-8041

JSON object: View

Redhat Information

No data.

CWE

CWE-22

{"containers": {"cna": {"affected": [{"product": "Apache Camel", "vendor": "Apache Software Foundation", "versions": [{"status": "affected", "version": "Camel 2.20.0 to 2.20.3, Camel 2.21.0 to 2.21.1 and Camel 2.22.0"}]}], "datePublic": "2018-07-09T00:00:00", "descriptions": [{"lang": "en", "value": "Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal."}], "problemTypes": [{"descriptions": [{"description": "Path traversal", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-05-24T10:06:03", "orgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "shortName": "apache"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2"}, {"name": "105352", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/105352"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://issues.apache.org/jira/browse/CAMEL-12630"}, {"name": "RHSA-2018:3768", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E"}, {"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security@apache.org", "DATE_PUBLIC": "2018-07-09T00:00:00", "ID": "CVE-2018-8041", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Apache Camel", "version": {"version_data": [{"version_value": "Camel 2.20.0 to 2.20.3, Camel 2.21.0 to 2.21.1 and Camel 2.22.0"}]}}]}, "vendor_name": "Apache Software Foundation"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Path traversal"}]}]}, "references": {"reference_data": [{"name": "http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2", "refsource": "CONFIRM", "url": "http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2"}, {"name": "105352", "refsource": "BID", "url": "http://www.securityfocus.com/bid/105352"}, {"name": "https://issues.apache.org/jira/browse/CAMEL-12630", "refsource": "CONFIRM", "url": "https://issues.apache.org/jira/browse/CAMEL-12630"}, {"name": "RHSA-2018:3768", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"name": "[camel-commits] 20190430 svn commit: r1044347 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0194.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d@%3Ccommits.camel.apache.org%3E"}, {"name": "[camel-commits] 20190524 svn commit: r1045395 - in /websites/production/camel/content: cache/main.pageCache security-advisories.data/CVE-2019-0188.txt.asc security-advisories.html", "refsource": "MLIST", "url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf@%3Ccommits.camel.apache.org%3E"}]}}}}, "cveMetadata": {"assignerOrgId": "f0158376-9dc2-43b6-827c-5f631a4d8d09", "assignerShortName": "apache", "cveId": "CVE-2018-8041", "datePublished": "2018-07-09T00:00:00", "dateReserved": "2018-03-09T00:00:00", "dateUpdated": "2019-05-24T10:06:03", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "matchCriteriaId": "77DC87FC-1992-4B37-A31C-89C60FA9C687", "versionEndIncluding": "2.20.3", "versionStartIncluding": "2.20.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:camel:*:*:*:*:*:*:*:*", "matchCriteriaId": "465471D1-913F-4DD3-A7FB-FB9BF084C664", "versionEndIncluding": "2.21.1", "versionStartIncluding": "2.21.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:apache:camel:2.22.0:*:*:*:*:*:*:*", "matchCriteriaId": "910FA499-DF14-410C-83D5-1CFD6C36B105", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Apache Camel's Mail 2.20.0 through 2.20.3, 2.21.0 through 2.21.1 and 2.22.0 is vulnerable to path traversal."}, {"lang": "es", "value": "Apache Camel's Mail, desde la versi\u00f3n 2.20.0 hasta la 2.20.3, de la versi\u00f3n 2.21.0 hasta la 2.21.1 y desde la 2.22.0 es vulnerable a un salto de directorio."}], "id": "CVE-2018-8041", "lastModified": "2023-11-07T03:01:23.447", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2018-09-17T14:29:00.920", "references": [{"source": "security@apache.org", "tags": ["Mailing List", "Vendor Advisory"], "url": "http://camel.apache.org/security-advisories.data/CVE-2018-8041.txt.asc?version=1&modificationDate=1536746339000&api=v2"}, {"source": "security@apache.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/105352"}, {"source": "security@apache.org", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2018:3768"}, {"source": "security@apache.org", "tags": ["Issue Tracking", "Vendor Advisory"], "url": "https://issues.apache.org/jira/browse/CAMEL-12630"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/2318d7f7d87724d8716cd650c21b31cb06e4d34f6d0f5ee42f28fdaf%40%3Ccommits.camel.apache.org%3E"}, {"source": "security@apache.org", "url": "https://lists.apache.org/thread.html/b4014ea7c5830ca1fc28edd5cafedfe93ad4af2d9e69c961c5def31d%40%3Ccommits.camel.apache.org%3E"}], "sourceIdentifier": "security@apache.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}]}