Impact
By providing a filename that contains a relative path as a parameter in some REST methods it is possible to create directory structures and write files anywhere on the target system.
The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user.
The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls.
Patches
The problem is fixed in version 15.5.12 and 16.0.5. It is advised to upgrade to version 16.0.x
Workarounds
The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk.
References
https://jira.openolat.org/browse/OO-5819 (only visible to members of the OpenOlat partner program)
For more information
If you have any questions or comments about this advisory:
Email us at contact@openolat.org
Impact
By providing a filename that contains a relative path as a parameter in some REST methods it is possible to create directory structures and write files anywhere on the target system.
The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user.
The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls.
Patches
The problem is fixed in version 15.5.12 and 16.0.5. It is advised to upgrade to version 16.0.x
Workarounds
The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk.
References
https://jira.openolat.org/browse/OO-5819 (only visible to members of the OpenOlat partner program)
For more information
If you have any questions or comments about this advisory:
Email us at contact@openolat.org