VYPR
High severityNVD Advisory· Published Jan 27, 2022· Updated Aug 3, 2024

Local privilege escalation with FileStore

CVE-2022-23181

Description

The fix for bug CVE-2020-9484 introduced a time of check, time of use vulnerability into Apache Tomcat 10.1.0-M1 to 10.1.0-M8, 10.0.0-M5 to 10.0.14, 9.0.35 to 9.0.56 and 8.5.55 to 8.5.73 that allowed a local attacker to perform actions with the privileges of the user that the Tomcat process is using. This issue is only exploitable when Tomcat is configured to persist sessions using the FileStore.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
org.apache.tomcat:tomcatMaven
>= 10.0.0, < 10.0.1610.0.16
org.apache.tomcat:tomcatMaven
>= 9.0.0, < 9.0.589.0.58
org.apache.tomcat:tomcatMaven
< 8.5.758.5.75

Affected products

44

Patches

Vulnerability mechanics

References

9

News mentions

0

No linked articles in our index yet.