9.8
CVE-2022-24830
- EPSS 2.87%
- Veröffentlicht 14.05.2022 00:15:07
- Zuletzt bearbeitet 21.11.2024 06:51:11
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginPath Traversal in OpenClinica
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Openclinica ≫ Openclinica Version < 3.13.1
Openclinica ≫ Openclinica Version >= 3.15 < 3.16.2
Openclinica ≫ Openclinica Version3.14
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.87% | 0.85 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
| security-advisories@github.com | 6.5 | 2.8 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
|
CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
https://github.com/OpenClinica/OpenClinica/commit/6f864e86543f903bd20d6f9fc7056115106441f3
https://github.com/OpenClinica/OpenClinica/security/advisories/GHSA-9rrv-prff-qph7