CVE-2022-4322 MEDIUM

CVE-2022-4322: maku-boot Scheduled Task AbstractScheduleJob.java doExecute injection

Vendor Unspecified

Product maku-boot

Weakness CWE-707

Published December 7, 2022

Last update April 15, 2025

View on NVD All CVEs

CVSS base score

6.3/10

Attack vector Network

Attack complexity Low

Privileges required Low

User interaction None

Confidentiality Low

Integrity Low

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L

What the vulnerability does

Description

A vulnerability, which was classified as critical, was found in maku-boot up to 2.2.0. This affects the function doExecute of the file AbstractScheduleJob.java of the component Scheduled Task Handler. The manipulation leads to injection. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The name of the patch is 446eb7294332efca2bfd791bc37281cedac0d0ff. It is recommended to apply a patch to fix this issue. The identifier VDB-215013 was assigned to this vulnerability.

Key dates

Disclosure timeline

December 7, 2022 CVE published

April 15, 2025 Record updated

Identifiers

CVE CVE-2022-4322

CWE CWE-707

CVSS 6.3 / MEDIUM

Affected versions

Vendor Unspecified

Product maku-boot

Affected 2.0

Vendor Unspecified

Product maku-boot

Affected 2.1

Vendor Unspecified

Product maku-boot

Affected 2.2