CVE-2022-31764

CVE-2022-31764: Apache ShardingSphere ElasticJob-UI allows RCE via event trace data source JDBC

Vendor Apache Software Foundation

Product Apache ShardingSphere ElasticJob-UI

Weakness CWE-913

Published February 6, 2025

Last update February 6, 2025

View on NVD All CVEs

CVSS base score

—

What the vulnerability does

Description

The Lite UI of Apache ShardingSphere ElasticJob-UI allows an attacker to perform RCE by constructing a special JDBC URL of H2 database. This issue affects Apache ShardingSphere ElasticJob-UI version 3.0.1 and prior versions. This vulnerability has been fixed in ElasticJob-UI 3.0.2. The premise of this attack is that the attacker has obtained the account and password. Otherwise, the attacker cannot perform this attack.

Key dates

Disclosure timeline

February 6, 2025 CVE published

February 6, 2025 Record updated