CVE-2022-23612

Exploit

EPSS 1.9%
Veröffentlicht 22.02.2022 23:15:11
Zuletzt bearbeitet 21.11.2024 06:48:55
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Directory Traversal in OpenMRS Startup Filter

OpenMRS is a patient-based medical record system focusing on giving providers a free customizable electronic medical record system. Affected versions are subject to arbitrary file exfiltration due to failure to sanitize request when satisfying GET requests for `/images` & `/initfilter/scripts`. This can allow an attacker to access any file on a system running OpenMRS that is accessible to the user id OpenMRS is running under. Affected implementations should update to the latest patch version of OpenMRS Core for the minor version they use. These are: 2.1.5, 2.2.1, 2.3.5, 2.4.5 and 2.5.3. As a general rule, this vulnerability is already mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Users on older versions of Tomcat should consider upgrading their Tomcat instance as well as their OpenMRS instance.

Betroffene Produkte Warnungen 0 Metriken 4 CWE 1 Referenzen 7

NVD 5 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openmrs ≫ Openmrs Version >= 1.6 < 2.1.5

Openmrs ≫ Openmrs Version >= 2.2.0 < 2.2.1

Openmrs ≫ Openmrs Version >= 2.3.0 < 2.3.5

Openmrs ≫ Openmrs Version >= 2.4.0 < 2.4.5

Openmrs ≫ Openmrs Version >= 2.5.0 < 2.5.3

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	1.9%	0.77

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvd@nist.gov	5	10	2.9	AV:N/AC:L/Au:N/C:P/I:N/A:N
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

https://github.com/openmrs/openmrs-core/blob/ee3373a7a775bfdfa263e2e912c72e64342fb4f0/web/src/main/java/org/openmrs/web/filter/StartupFilter.java#L123

Patch

Third Party Advisory

https://github.com/openmrs/openmrs-core/commit/db8454bf19a092a78d53ee4dba2af628b730a6e7#diff-7c64d9f61d4d4e2ddba92920d7cf63ec96091b308d43904956b3846bc0c26d80R128

Patch

Third Party Advisory

https://github.com/openmrs/openmrs-core/security/advisories/GHSA-8rgr-ww69-jv65

Patch

Third Party Advisory

Exploit

https://lgtm.com/projects/g/openmrs/openmrs-core/snapshot/fb1335c925ca4c94be5a546707b90d2c1efa4dcc/files/web/src/main/java/org/openmrs/web/filter/StartupFilter.java#L123

Patch

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2022-23612

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2022-23612

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2022-23612

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2022-23612