CVE-2022-47878 – This vulnerability allows authenticated remote ... (How to Fix)

Q: What is the severity of CVE-2022-47878?

CVE-2022-47878 has a CVSS score of 8.8 (HIGH). This vulnerability allows authenticated remote attackers to set the default storage path to the webroot directory in Jedox installations. Subsequent file uploads can lead to remote code execution. It affects on-premises deployments of Jedox version 22.2 and earlier, but not cloud-hosted or SaaS environments.

📋 TL;DR

This vulnerability allows authenticated remote attackers to set the default storage path to the webroot directory in Jedox installations. Subsequent file uploads can lead to remote code execution. It affects on-premises deployments of Jedox version 22.2 and earlier, but not cloud-hosted or SaaS environments.

💻 Affected Systems

Products:

Jedox

Versions: 22.2 and earlier (including 2020.2.5 mentioned in CVE)

Operating Systems: All supported OS for Jedox

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects on-premises deployments. Cloud-hosted and SaaS environments are not impacted according to vendor.

📦 What is this software?

Jedox by Jedox

View all CVEs affecting Jedox →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise through remote code execution, allowing attackers to execute arbitrary commands, steal data, deploy ransomware, or pivot to other systems.

🟠

Likely Case

Unauthorized file upload leading to web shell deployment, data exfiltration, or lateral movement within the network.

🟢

If Mitigated

Limited impact with proper access controls, but potential for privilege escalation if initial access is gained.

🌐 Internet-Facing: HIGH - Internet-facing installations are directly exposed to authenticated attackers who can exploit this vulnerability.

🏢 Internal Only: MEDIUM - Internal deployments are still vulnerable to authenticated users, but attack surface is reduced compared to internet-facing systems.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access. Public proof-of-concept exists showing the attack chain from path manipulation to RCE.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 22.3 and later

Vendor Advisory: https://jedox.mantishub.io/app/issues/57238

Restart Required: Yes

Instructions:

1. Backup current Jedox installation and data. 2. Download Jedox version 22.3 or later from official vendor portal. 3. Follow vendor upgrade documentation for your specific deployment. 4. Restart Jedox services after upgrade. 5. Verify functionality post-upgrade.

🔧 Temporary Workarounds

Restrict Storage Path Configuration

all

Implement access controls to prevent unauthorized users from modifying storage path settings in the settings page.

Configure role-based access control to limit 'settings' page access to administrators only

Webroot Directory Protection

all

Implement file system permissions to prevent writing to webroot directory from Jedox application.

chmod 755 /var/www/html (Linux example)
icacls C:\inetpub\wwwroot /deny jedoxuser:W (Windows example)

🧯 If You Can't Patch

Implement strict network segmentation to isolate Jedox servers from critical systems
Deploy web application firewall (WAF) rules to detect and block path manipulation attempts

🔍 How to Verify

Check if Vulnerable:

Check Jedox version via admin interface or configuration files. Versions 22.2 or earlier are vulnerable.

Check Version:

Check Jedox version in admin panel or review installation logs for version information

Verify Fix Applied:

Verify version is 22.3 or later via admin dashboard and test that storage path cannot be set to webroot directory.

📡 Detection & Monitoring

Log Indicators:

Unauthorized modifications to storage path settings
File uploads to unusual directories (especially webroot)
Execution of unexpected system commands from Jedox process

Network Indicators:

Outbound connections from Jedox server to unknown IPs
Unusual file upload patterns to Jedox server

SIEM Query:

source="jedox" AND (event="settings_modified" OR event="file_upload" AND path="*webroot*")

📊 Metadata

CVE ID: CVE-2022-47878

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

Published: May 2, 2023

Last Updated: November 6, 2025

🔗 References

http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf Exploit,Third Party Advisory
https://jedox.mantishub.io/app/issues/57238
http://packetstormsecurity.com/files/172154/Jedox-2020.2.5-Configurable-Storage-Path-Remote-Code-Execution.html Exploit,Third Party Advisory,VDB Entry
https://docs.syslifters.com/assets/vulnerability-disclosure/Vulnerability-Disclosure-Jedox-Jedox-04-2023.pdf Exploit,Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-47878, you might also want to check these: