Description

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.

INFO

Published Date :

2025-02-06T14:23:03.166Z

Last Modified :

2025-02-06T16:25:45.921Z

Source :

apache
AFFECTED PRODUCTS

The following products are affected by CVE-2022-31764 vulnerability.

Vendors Products
Apache
  • Shardingsphere Elasticjob-ui
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2022-31764.

URL Resource
https://lists.apache.org/thread/pg0k223m4hsnnzg4nh7lxvdxxgbkrlqb cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact