AZL-62432

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62432.json

JSON Data

https://api.osv.dev/v1/vulns/AZL-62432

Upstream

CVE-2025-27101

Published

2025-03-11T22:15:13Z

Modified

2026-04-21T04:32:01.794562Z

Summary

CVE-2025-27101 affecting package opal 3.10.11-13

Details

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal filesystem. This also means that low-privilege users such as DataShield users can retrieve the files of other users. Version 5.1.1 contains a patch for the issue.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-27101

Affected packages

Azure Linux:3 / opal

Package

Name: opal
Purl: pkg:rpm/azure-linux/opal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.10.11-13

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-62432.json"