Impact
The following vulnerabilities were identified by CodeQL and can be found here:
A summary of the above can be found below.
The following endpoints contain path traversal vulnerabilities.
Arbitrary File Read Vulnerabilities
They allow an attacker to arbitrarily download any file from a system running OpenClinica. This allows an attacker to steal any information/files stored on a system running OpenClinica.
The following endpoints are impacted:
/forms/migrate/{filename}/downloadLogFile
- Source:
|
File fileToDownload = new File(logFileName); |
/DownloadVersionSpreadSheet via the fileName form post parameter
- For users with the permissions: 'system admin',
STUDYDIRECTOR, or COORDINATOR
- Source:
|
excelFile = new File(dir + excelFileName); |
|
// backwards compat |
|
File oldExcelFile = new File(dir + oldExcelFileName); |
Arbitrary File Write Vulnerabilities
The following allow an attacker to upload any file they wish to any directory they wish on a system running OpenClinica. This can lead to remote code execution in certain environments.
/openrosa/{studyOID}/submission by modifying the studyOID with a path traversal payload.
- Source:
|
if (!new File(dir).exists()) new File(dir).mkdirs(); |
Patches
6f864e8
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No
References
Impact
The following vulnerabilities were identified by CodeQL and can be found here:
A summary of the above can be found below.
The following endpoints contain path traversal vulnerabilities.
Arbitrary File Read Vulnerabilities
They allow an attacker to arbitrarily download any file from a system running OpenClinica. This allows an attacker to steal any information/files stored on a system running OpenClinica.
The following endpoints are impacted:
/forms/migrate/{filename}/downloadLogFileOpenClinica/web/src/main/java/org/akaza/openclinica/controller/BatchCRFMigrationController.java
Line 129 in e46944f
/DownloadVersionSpreadSheetvia thefileNameform post parameterSTUDYDIRECTOR, orCOORDINATOROpenClinica/web/src/main/java/org/akaza/openclinica/control/admin/DownloadVersionSpreadSheetServlet.java
Lines 93 to 95 in e46944f
Arbitrary File Write Vulnerabilities
The following allow an attacker to upload any file they wish to any directory they wish on a system running OpenClinica. This can lead to remote code execution in certain environments.
/openrosa/{studyOID}/submissionby modifying thestudyOIDwith a path traversal payload.OpenClinica/web/src/main/java/org/akaza/openclinica/controller/openrosa/OpenRosaSubmissionController.java
Line 108 in e46944f
Patches
6f864e8
Workarounds
Is there a way for users to fix or remediate the vulnerability without upgrading?
No
References