Quarkus CORS Filter Bypass: Invalid Origin Allowed For Simple GET/POST
CVE-2022-4147 Published on December 6, 2022

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property and have no ReadableStream object used in the request.

NVD

Vulnerability Analysis

CVE-2022-4147 can be exploited with network access, requires user interaction. This vulnerability is consided to have a high level of attack complexity. The potential impact of an exploit of this vulnerability is considered to be very high.

Attack Vector:

NETWORK

Attack Complexity:

HIGH

Privileges Required:

NONE

User Interaction:

REQUIRED

Scope:

UNCHANGED

Confidentiality Impact:

HIGH

Integrity Impact:

HIGH

Availability Impact:

HIGH

Weakness Type

CWE-1026

Products Associated with CVE-2022-4147

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2022-4147 are published in these products:

Quarkus

Red Hat Quarkus

Exploit Probability

EPSS

0.46%

Percentile

63.55%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.

Quarkus CORS Filter Bypass: Invalid Origin Allowed For Simple GET/POSTCVE-2022-4147 Published on December 6, 2022

Vulnerability Analysis

Weakness Type

Products Associated with CVE-2022-4147

Exploit Probability

Quarkus CORS Filter Bypass: Invalid Origin Allowed For Simple GET/POST
CVE-2022-4147 Published on December 6, 2022