Description
The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.
Published: 2026-01-29
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: Directory Traversal – Potential Local File Access
Action: Apply Patch
AI Analysis

Impact

The vulnerability arises from the concatenation of the $uri and $args variables in the Nginx configuration file of Open Security Issue Management (OSIM). This concatenation allows an attacker to craft query parameters that traverse directory boundaries, leading to a directory traversal flaw (CWE-22). The flaw can enable access to arbitrary files on the filesystem, potentially exposing sensitive data or configuration files.

Affected Systems

Red Hat Open Security Issue Management (OSIM) versions earlier than 2025.9.0 are affected. Users of these releases should verify their installed version against the stated cutoff.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, yet the EPSS score is reported as less than 1%, suggesting a low probability of exploitation in the short term. The vulnerability is not currently listed in the CISA KEV catalog. Based on the description, the likely attack vector is remote, involving HTTP requests that supply crafted query parameters to the Nginx server. Successful exploitation would require the attacker to reach the OSIM instance and supply the malicious parameters, after which the server may serve files outside the intended directory scope.

Generated by OpenCVE AI on April 18, 2026 at 14:35 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade OSIM to version 2025.9.0 or later, which removes the vulnerable $uri$args concatenation.
  • If upgrading is not immediately possible, modify the Nginx configuration to eliminate or sanitize the $uri$args concatenation, ensuring that query parameters cannot influence filesystem paths.
  • Restrict access to the OSIM instance by requiring authentication and by applying path‑based access controls to limit exposure of sensitive directories.

Generated by OpenCVE AI on April 18, 2026 at 14:35 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 10 Mar 2026 17:45:00 +0000

Type Values Removed Values Added
First Time appeared Redhat open Security Issue Management
CPEs cpe:2.3:a:redhat:open_security_issue_management:*:*:*:*:*:*:*:*
Vendors & Products Redhat open Security Issue Management

Fri, 30 Jan 2026 09:00:00 +0000

Type Values Removed Values Added
First Time appeared Redhat
Redhat osim
Vendors & Products Redhat
Redhat osim

Thu, 29 Jan 2026 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Thu, 29 Jan 2026 14:15:00 +0000

Type Values Removed Values Added
Description The $uri$args concatenation in nginx configuration file present in Open Security Issue Management (OSIM) prior v2025.9.0 allows path traversal attacks via query parameters.
Title osim: Path Traversal via query parameters in Nginx configuration
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Redhat Open Security Issue Management Osim
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat-cnalr

Published:

Updated: 2026-01-29T16:44:01.819Z

Reserved: 2026-01-29T13:25:57.791Z

Link: CVE-2026-1616

cve-icon Vulnrichment

Updated: 2026-01-29T15:56:27.067Z

cve-icon NVD

Status : Analyzed

Published: 2026-01-29T14:16:13.457

Modified: 2026-03-10T17:45:05.300

Link: CVE-2026-1616

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-18T14:45:03Z

Weaknesses