CVE-2022-44748 (GCVE-0-2022-44748)
Vulnerability from cvelistv5 – Published: 2022-11-24 06:36 – Updated: 2025-04-25 18:00
VLAI?
Summary
A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server's file system. This vulnerability is also known as 'Zip-Slip'.
An attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.
This can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server's file system, though.
Note that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor's operating system user.
There is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.
Severity ?
7.1 (High)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| KNIME | KNIME Server |
Affected:
4.15.0 , < 4.15.3
(semver)
Affected: 4.14.0 , < 4.14.3 (semver) Affected: 4.3.0 , < 4.13.6 (semver) |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T14:01:31.162Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "https://www.knime.com/security/advisories"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2022-44748",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-25T18:00:15.646079Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-25T18:00:24.531Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "KNIME Server",
"vendor": "KNIME",
"versions": [
{
"lessThan": "4.15.3",
"status": "affected",
"version": "4.15.0",
"versionType": "semver"
},
{
"lessThan": "4.14.3",
"status": "affected",
"version": "4.14.0",
"versionType": "semver"
},
{
"lessThan": "4.13.6",
"status": "affected",
"version": "4.3.0",
"versionType": "semver"
}
]
}
],
"datePublic": "2022-11-24T09:00:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "\u003cdiv\u003eA directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server\u0027s file system. This vulnerability is also known as \u0027Zip-Slip\u0027.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server\u0027s file system, though.\u003c/div\u003e\u003cdiv\u003eNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor\u0027s operating system user.\u003c/div\u003e\u003cdiv\u003eThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\u003cbr\u003e\u003c/div\u003e"
}
],
"value": "A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server\u0027s file system. This vulnerability is also known as \u0027Zip-Slip\u0027.\n\n\n\n\n\nAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\n\n\nThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server\u0027s file system, though.\n\nNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor\u0027s operating system user.\n\nThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\n\n\n"
}
],
"impacts": [
{
"capecId": "CAPEC-165",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-165 File Manipulation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 7.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-11-24T06:36:23.587Z",
"orgId": "296541fb-a0e3-4ca7-ab3d-683e666d143e",
"shortName": "KNIME"
},
"references": [
{
"url": "https://www.knime.com/security/advisories"
}
],
"source": {
"discovery": "INTERNAL"
},
"title": "Uploading workflows to KNIME Server may override arbitrary file system contents",
"x_generator": {
"engine": "Vulnogram 0.1.0-dev"
}
}
},
"cveMetadata": {
"assignerOrgId": "296541fb-a0e3-4ca7-ab3d-683e666d143e",
"assignerShortName": "KNIME",
"cveId": "CVE-2022-44748",
"datePublished": "2022-11-24T06:36:23.587Z",
"dateReserved": "2022-11-04T18:16:26.275Z",
"dateUpdated": "2025-04-25T18:00:24.531Z",
"requesterUserId": "520cc88b-a1c8-44f6-9154-21a4d74c769f",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.3.0\", \"versionEndExcluding\": \"4.13.6\", \"matchCriteriaId\": \"494D779C-C6DB-46F9-9A52-932BD303F938\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.14.0\", \"versionEndExcluding\": \"4.14.3\", \"matchCriteriaId\": \"0CD9DC54-5478-4D9C-987F-62BCD2E9D6B8\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"4.15.0\", \"versionEndExcluding\": \"4.15.3\", \"matchCriteriaId\": \"A57784CC-3757-4509-9491-037B3947784D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server\u0027s file system. This vulnerability is also known as \u0027Zip-Slip\u0027.\\n\\n\\n\\n\\n\\nAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\\n\\n\\nThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server\u0027s file system, though.\\n\\nNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor\u0027s operating system user.\\n\\nThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\\n\\n\\n\"}, {\"lang\": \"es\", \"value\": \"Una vulnerabilidad de directory traversal en las rutinas de extracci\\u00f3n de archivos ZIP de KNIME Server desde 4.3.0 puede provocar la sobrescritura de archivos arbitrarios en el sistema de archivos del servidor. Esta vulnerabilidad tambi\\u00e9n se conoce como \u0027Zip-slip\u0027. Un atacante puede crear un flujo de trabajo KNIME que, cuando se carga, puede sobrescribir archivos arbitrarios a los que el usuario del sistema operativo que ejecuta el proceso del servidor KNIME tiene acceso de escritura. El usuario debe estar autenticado y tener permisos para cargar archivos al servidor KNIME. Esto puede afectar la integridad de los datos (se modifica el contenido de los archivos) o provocar errores en otro software (se da\\u00f1an archivos vitales). Incluso puede conducir a la ejecuci\\u00f3n remota de c\\u00f3digo si el usuario del proceso del servidor KNIME reemplaza los archivos ejecutables y posteriormente los ejecuta. Sin embargo, en todos los casos el atacante debe conocer la ubicaci\\u00f3n de los archivos en el sistema de archivos del servidor. Tenga en cuenta que los usuarios que tienen permisos para cargar flujos de trabajo generalmente tambi\\u00e9n tienen permisos para ejecutarlos en el servidor KNIME y, por lo tanto, ya pueden ejecutar c\\u00f3digo arbitrario en el contexto del usuario del sistema operativo del ejecutor KNIME. No existe ninguna soluci\\u00f3n alternativa para evitar que se aproveche esta vulnerabilidad. Se recomiendan actualizaciones a las versiones fijas 4.13.6, 4.14.3 o 4.15.3.\"}]",
"id": "CVE-2022-44748",
"lastModified": "2024-11-21T07:28:25.270",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"security@knime.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L\", \"baseScore\": 7.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 2.8, \"impactScore\": 4.2}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.6, \"impactScore\": 5.9}]}",
"published": "2022-11-24T07:15:09.973",
"references": "[{\"url\": \"https://www.knime.com/security/advisories\", \"source\": \"security@knime.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://www.knime.com/security/advisories\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
"sourceIdentifier": "security@knime.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"security@knime.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-22\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-44748\",\"sourceIdentifier\":\"security@knime.com\",\"published\":\"2022-11-24T07:15:09.973\",\"lastModified\":\"2024-11-21T07:28:25.270\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server\u0027s file system. This vulnerability is also known as \u0027Zip-Slip\u0027.\\n\\n\\n\\n\\n\\nAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\\n\\n\\nThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server\u0027s file system, though.\\n\\nNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor\u0027s operating system user.\\n\\nThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\\n\\n\\n\"},{\"lang\":\"es\",\"value\":\"Una vulnerabilidad de directory traversal en las rutinas de extracci\u00f3n de archivos ZIP de KNIME Server desde 4.3.0 puede provocar la sobrescritura de archivos arbitrarios en el sistema de archivos del servidor. Esta vulnerabilidad tambi\u00e9n se conoce como \u0027Zip-slip\u0027. Un atacante puede crear un flujo de trabajo KNIME que, cuando se carga, puede sobrescribir archivos arbitrarios a los que el usuario del sistema operativo que ejecuta el proceso del servidor KNIME tiene acceso de escritura. El usuario debe estar autenticado y tener permisos para cargar archivos al servidor KNIME. Esto puede afectar la integridad de los datos (se modifica el contenido de los archivos) o provocar errores en otro software (se da\u00f1an archivos vitales). Incluso puede conducir a la ejecuci\u00f3n remota de c\u00f3digo si el usuario del proceso del servidor KNIME reemplaza los archivos ejecutables y posteriormente los ejecuta. Sin embargo, en todos los casos el atacante debe conocer la ubicaci\u00f3n de los archivos en el sistema de archivos del servidor. Tenga en cuenta que los usuarios que tienen permisos para cargar flujos de trabajo generalmente tambi\u00e9n tienen permisos para ejecutarlos en el servidor KNIME y, por lo tanto, ya pueden ejecutar c\u00f3digo arbitrario en el contexto del usuario del sistema operativo del ejecutor KNIME. No existe ninguna soluci\u00f3n alternativa para evitar que se aproveche esta vulnerabilidad. Se recomiendan actualizaciones a las versiones fijas 4.13.6, 4.14.3 o 4.15.3.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security@knime.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L\",\"baseScore\":7.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":2.8,\"impactScore\":4.2},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.6,\"impactScore\":5.9}]},\"weaknesses\":[{\"source\":\"security@knime.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-22\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.3.0\",\"versionEndExcluding\":\"4.13.6\",\"matchCriteriaId\":\"494D779C-C6DB-46F9-9A52-932BD303F938\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.14.0\",\"versionEndExcluding\":\"4.14.3\",\"matchCriteriaId\":\"0CD9DC54-5478-4D9C-987F-62BCD2E9D6B8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:knime:knime_server:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"4.15.0\",\"versionEndExcluding\":\"4.15.3\",\"matchCriteriaId\":\"A57784CC-3757-4509-9491-037B3947784D\"}]}]}],\"references\":[{\"url\":\"https://www.knime.com/security/advisories\",\"source\":\"security@knime.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.knime.com/security/advisories\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://www.knime.com/security/advisories\", \"tags\": [\"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T14:01:31.162Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-44748\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-04-25T18:00:15.646079Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-04-25T18:00:11.798Z\"}}], \"cna\": {\"title\": \"Uploading workflows to KNIME Server may override arbitrary file system contents\", \"source\": {\"discovery\": \"INTERNAL\"}, \"impacts\": [{\"capecId\": \"CAPEC-165\", \"descriptions\": [{\"lang\": \"en\", \"value\": \"CAPEC-165 File Manipulation\"}]}], \"metrics\": [{\"format\": \"CVSS\", \"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.1, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"NONE\"}, \"scenarios\": [{\"lang\": \"en\", \"value\": \"GENERAL\"}]}], \"affected\": [{\"vendor\": \"KNIME\", \"product\": \"KNIME Server\", \"versions\": [{\"status\": \"affected\", \"version\": \"4.15.0\", \"lessThan\": \"4.15.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.14.0\", \"lessThan\": \"4.14.3\", \"versionType\": \"semver\"}, {\"status\": \"affected\", \"version\": \"4.3.0\", \"lessThan\": \"4.13.6\", \"versionType\": \"semver\"}], \"defaultStatus\": \"unaffected\"}], \"datePublic\": \"2022-11-24T09:00:00.000Z\", \"references\": [{\"url\": \"https://www.knime.com/security/advisories\"}], \"x_generator\": {\"engine\": \"Vulnogram 0.1.0-dev\"}, \"descriptions\": [{\"lang\": \"en\", \"value\": \"A directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server\u0027s file system. This vulnerability is also known as \u0027Zip-Slip\u0027.\\n\\n\\n\\n\\n\\nAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\\n\\n\\nThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server\u0027s file system, though.\\n\\nNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor\u0027s operating system user.\\n\\nThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\\n\\n\\n\", \"supportingMedia\": [{\"type\": \"text/html\", \"value\": \"\u003cdiv\u003eA directory traversal vulnerability in the ZIP archive extraction routines of KNIME Server since 4.3.0 can result in arbitrary files being overwritten on the server\u0027s file system. This vulnerability is also known as \u0027Zip-Slip\u0027.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003e\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eAn attacker can create a KNIME workflow that, when being uploaded, can overwrite arbitrary files that the operating system user running the KNIME Server process has write access to. The user must be authenticated and have permissions to upload files to KNIME Server.\u003cbr\u003e\u003c/div\u003e\u003cdiv\u003eThis can impact data integrity (file contents are changed) or cause errors in other software (vital files being corrupted). It can even lead to remote code execution if executable files are being replaced and subsequently executed by the KNIME Server process user. In all cases the attacker has to know the location of files on the server\u0027s file system, though.\u003c/div\u003e\u003cdiv\u003eNote that users that have permissions to upload workflows usually also have permissions to run them on the KNIME Server and can therefore already execute arbitrary code in the context of the KNIME Executor\u0027s operating system user.\u003c/div\u003e\u003cdiv\u003eThere is no workaround to prevent this vulnerability from being exploited. Updates to fixed versions 4.13.6, 4.14.3, or 4.15.3 are advised.\u003cbr\u003e\u003c/div\u003e\", \"base64\": false}]}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-22\", \"description\": \"CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)\"}]}], \"providerMetadata\": {\"orgId\": \"296541fb-a0e3-4ca7-ab3d-683e666d143e\", \"shortName\": \"KNIME\", \"dateUpdated\": \"2022-11-24T06:36:23.587Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-44748\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-04-25T18:00:24.531Z\", \"dateReserved\": \"2022-11-04T18:16:26.275Z\", \"assignerOrgId\": \"296541fb-a0e3-4ca7-ab3d-683e666d143e\", \"datePublished\": \"2022-11-24T06:36:23.587Z\", \"requesterUserId\": \"520cc88b-a1c8-44f6-9154-21a4d74c769f\", \"assignerShortName\": \"KNIME\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…