Vulnerability Details : CVE-2021-41152
OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary.
Vulnerability category: Directory traversal
Products affected by CVE-2021-41152
- cpe:2.3:a:frentix:openolat:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2021-41152
0.54%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 65 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-41152
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
4.0
|
MEDIUM | AV:N/AC:L/Au:S/C:P/I:N/A:N |
8.0
|
2.9
|
NIST | |
|
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
3.1
|
4.0
|
NIST | |
|
7.7
|
HIGH | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N |
3.1
|
4.0
|
GitHub, Inc. |
CWE ids for CVE-2021-41152
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.Assigned by:
- nvd@nist.gov (Primary)
- security-advisories@github.com (Secondary)
-
The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize sequences such as ".." that can resolve to a location that is outside of that directory.Assigned by: security-advisories@github.com (Secondary)
References for CVE-2021-41152
-
https://github.com/OpenOLAT/OpenOLAT/commit/418bb509ffcb0e25ab4390563c6c47f0458583eb
OO-5696: validate file selections against current container · OpenOLAT/OpenOLAT@418bb50 · GitHubPatch;Third Party Advisory
-
https://jira.openolat.org/browse/OO-5696
Log in - OpenOlat Issue ManagementPermissions Required;Vendor Advisory
-
https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-m8j5-837g-2p3f
Path Traversal in Folder Component Leading to Local File Inclusion · Advisory · OpenOLAT/OpenOLAT · GitHubThird Party Advisory
Jump to