{"vulnerability": "CVE-2022-22932", "sightings": [{"uuid": "b1482f67-875a-4be2-bcd7-d4e1611d67ff", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22932", "type": "seen", "source": "https://t.me/cibsecurity/36292", "content": "\u203c CVE-2022-22932 \u203c\n\nApache Karaf obr:* commands and run goal on the karaf-maven-plugin have partial path traversal which allows to break out of expected folder. The risk is low as obr:* commands are not very used and the entry is set by user. This has been fixed in revision: https://gitbox.apache.org/repos/asf?p=karaf.git;h=36a2bc4 https://gitbox.apache.org/repos/asf?p=karaf.git;h=52b70cf Mitigation: Apache Karaf users should upgrade to 4.2.15 or 4.3.6 or later as soon as possible, or use correct path. JIRA Tickets: https://issues.apache.org/jira/browse/KARAF-7326\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2022-01-26T14:19:28.000000Z"}, {"uuid": "9534fac8-b0be-4b24-91e1-b0a4cbfdfdf9", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2022-22932", "type": "seen", "source": "https://bsky.app/profile/beikokucyber.bsky.social/post/3lwwto2wof32w", "content": "", "creation_timestamp": "2025-08-21T21:02:34.404418Z"}]}