OliveTin allows the execution of predefined shell commands through a web interface. When the saveLogs feature is enabled, log files are created on disk using a filename that incorporates the user-supplied UniqueTrackingId field from the StartAction API request. This value is used directly in a file path without any validation or sanitization, which permits directory traversal sequences such as ../../../. An attacker can exploit this flaw to write files to arbitrary locations on the host filesystem, potentially installing malicious binaries or modifying critical system files. The weakness aligns with Path Traversal (CWE-22).

Any OliveTin installation running a version earlier than 3000.11.2 with the saveLogs option enabled is vulnerable. The issue is independent of the operating system because the path resolution occurs within the OliveTin process itself.

The vulnerability carries a CVSS score of 8.5, indicating high severity. Its exploitation probability is measured at less than 1% and it is not listed in the Known Exploited Vulnerabilities catalog, suggesting it has not been widely used by adversaries yet. However, the potential impact of creating or overw arbitrary files represents a serious confidentiality, integrity, and availability risk. The attack vector is remote, requiring only network access to the OliveTin service and the ability to send a crafted API request. Immediate remediation is advised to prevent possible compromise.