{"containers": {"cna": {"affected": [{"product": "OpenOLAT", "vendor": "OpenOLAT", "versions": [{"status": "affected", "version": "< 15.5.8"}]}], "descriptions": [{"lang": "en", "value": "OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}, {"descriptions": [{"cweId": "CWE-23", "description": "CWE-23: Relative Path Traversal", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2021-10-18T20:55:12", "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "shortName": "GitHub_M"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-m8j5-837g-2p3f"}, {"tags": ["x_refsource_MISC"], "url": "https://github.com/OpenOLAT/OpenOLAT/commit/418bb509ffcb0e25ab4390563c6c47f0458583eb"}, {"tags": ["x_refsource_MISC"], "url": "https://jira.openolat.org/browse/OO-5696"}], "source": {"advisory": "GHSA-m8j5-837g-2p3f", "discovery": "UNKNOWN"}, "title": "Path Traversal in Folder Component Leading to Local File Inclusion", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "security-advisories@github.com", "ID": "CVE-2021-41152", "STATE": "PUBLIC", "TITLE": "Path Traversal in Folder Component Leading to Local File Inclusion"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "OpenOLAT", "version": {"version_data": [{"version_value": "< 15.5.8"}]}}]}, "vendor_name": "OpenOLAT"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}, {"description": [{"lang": "eng", "value": "CWE-23: Relative Path Traversal"}]}]}, "references": {"reference_data": [{"name": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-m8j5-837g-2p3f", "refsource": "CONFIRM", "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-m8j5-837g-2p3f"}, {"name": "https://github.com/OpenOLAT/OpenOLAT/commit/418bb509ffcb0e25ab4390563c6c47f0458583eb", "refsource": "MISC", "url": "https://github.com/OpenOLAT/OpenOLAT/commit/418bb509ffcb0e25ab4390563c6c47f0458583eb"}, {"name": "https://jira.openolat.org/browse/OO-5696", "refsource": "MISC", "url": "https://jira.openolat.org/browse/OO-5696"}]}, "source": {"advisory": "GHSA-m8j5-837g-2p3f", "discovery": "UNKNOWN"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T02:59:31.617Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-m8j5-837g-2p3f"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://github.com/OpenOLAT/OpenOLAT/commit/418bb509ffcb0e25ab4390563c6c47f0458583eb"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://jira.openolat.org/browse/OO-5696"}]}]}, "cveMetadata": {"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa", "assignerShortName": "GitHub_M", "cveId": "CVE-2021-41152", "datePublished": "2021-10-18T20:55:12", "dateReserved": "2021-09-15T00:00:00", "dateUpdated": "2024-08-04T02:59:31.617Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:frentix:openolat:*:*:*:*:*:*:*:*", "matchCriteriaId": "0785A83C-365A-4FBE-A8CB-DD5002F0CA90", "versionEndExcluding": "15.5.8", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "OpenOlat is a web-based e-learning platform for teaching, learning, assessment and communication, an LMS, a learning management system. In affected versions by manipulating the HTTP request an attacker can modify the path of a requested file download in the folder component to point to anywhere on the target system. The attack could be used to read any file accessible in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account or the enabled guest user feature together with the usage of the folder component in a course. The attack does not allow writing of arbitrary files, it allows only reading of files and also only ready of files that the attacker knows the exact path which is very unlikely at least for OpenOlat data files. The problem is fixed in version 15.5.8 and 16.0.1 It is advised to upgrade to version 16.0.x. There are no known workarounds to fix this problem, an upgrade is necessary."}, {"lang": "es", "value": "OpenOlat es una plataforma de e-learning basada en la web para la ense\u00f1anza, el aprendizaje, la evaluaci\u00f3n y la comunicaci\u00f3n, un LMS, un sistema de administraci\u00f3n de aprendizaje. En las versiones afectadas, al manipular la petici\u00f3n HTTP, un atacante puede modificar la ruta de descarga de un archivo solicitado en el componente de carpetas para que apunte a cualquier lugar del sistema de destino. El ataque podr\u00eda ser usado para leer cualquier archivo accesible en la carpeta root de la web o fuera de ella, dependiendo de la configuraci\u00f3n del sistema y del permiso debidamente configurado del usuario del servidor de aplicaciones. El ataque requiere una cuenta de usuario de OpenOlat o la funci\u00f3n de usuario invitado habilitada junto con el uso del componente de la carpeta en un curso. El ataque no permite la escritura de archivos arbitrarios, s\u00f3lo permite la lectura de archivos y tambi\u00e9n s\u00f3lo lista de archivos que el atacante conoce la ruta exacta, lo cual es muy poco probable al menos para los archivos de datos de OpenOlat. El problema se ha corregido en las versiones 15.5.8 y 16.0.1. Se aconseja actualizar a la versi\u00f3n 16.0.x. No se presentan soluciones conocidas para corregir este problema, es necesario actualizar"}], "id": "CVE-2021-41152", "lastModified": "2021-10-22T13:52:17.507", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "SINGLE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:S/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 8.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.7, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.1, "impactScore": 4.0, "source": "security-advisories@github.com", "type": "Secondary"}]}, "published": "2021-10-18T21:15:08.143", "references": [{"source": "security-advisories@github.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/OpenOLAT/OpenOLAT/commit/418bb509ffcb0e25ab4390563c6c47f0458583eb"}, {"source": "security-advisories@github.com", "tags": ["Third Party Advisory"], "url": "https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-m8j5-837g-2p3f"}, {"source": "security-advisories@github.com", "tags": ["Permissions Required", "Vendor Advisory"], "url": "https://jira.openolat.org/browse/OO-5696"}], "sourceIdentifier": "security-advisories@github.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-23"}], "source": "security-advisories@github.com", "type": "Secondary"}]}

{}