CVE-2019-15630 – org.mule.runtime:mule

Package

Manager: maven
Name: org.mule.runtime:mule
Vulnerable Version: >=3.0.0 <=4.1.5

Severity

Level: High

CVSS v3.1: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00429 pctl0.61673

Details

Mule modules contain Directory Traversal Directory Traversal in APIkit, http-connector, and OAuth2 Provider modules in Mulesoft 3.x, 4.x and Mulesoft API Gateway (all versions) released before August 1, 2019 allow remote attackers to read files accessible to the Mule process.

Metadata

Created: 2022-05-24T16:55:15Z
Modified: 2023-09-25T19:47:00Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-mwh9-gr45-xvv4/GHSA-mwh9-gr45-xvv4.json
CWE IDs: ["CWE-22"]
Alternative ID: GHSA-mwh9-gr45-xvv4
Finding: F063
Auto approve: 1