Cyber Resilience

CVE-2022-4147

High

Published: 06 December 2022

Published
06 December 2022
Modified
14 April 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0046 64.3th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2022-4147 is a high-severity an unspecified weakness vulnerability in Quarkus Quarkus. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 35.7% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

Quarkus CORS filter allows simple GET and POST requests with invalid Origin to proceed. Simple GET or POST requests made with XMLHttpRequest are the ones which have no event listeners registered on the object returned by the XMLHttpRequest upload property…

more

and have no ReadableStream object used in the request.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

quarkus
quarkus
2.0 — 2.13.5 · 2.14.0 — 2.14.2

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References