CVE-2021-41242

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2021-41242
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-41242.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2021-41242
Aliases
  • GHSA-62hv-rfp4-hmrm
Published
2021-12-10T23:15:09Z
Modified
2024-05-30T03:17:23.421506Z
Severity
  • 8.1 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H CVSS Calculator
Summary
[none]
Details

OpenOlat is a web-basedlearning management system. A path traversal vulnerability exists in OpenOlat prior to versions 15.5.12 and 16.0.5. By providing a filename that contains a relative path as a parameter in some REST methods, it is possible to create directory structures and write files anywhere on the target system. The attack could be used to write files anywhere in the web root folder or outside, depending on the configuration of the system and the properly configured permission of the application server user. The attack requires an OpenOlat user account, an enabled REST API and the rights on a business object to call the vulnerable REST calls. The problem is fixed in version 15.5.12 and 16.0.5. There is a workaround available. The vulnerability requires the REST module to be enabled. Disabling the REST module or limiting the REST module via some firewall or web-server access rules to be accessed only be trusted systems will mitigate the risk.

References

Affected packages

Git / github.com/openolat/openolat

Affected ranges

Type
GIT
Repo
https://github.com/openolat/openolat
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

OLAT-7.*

OLAT-7.1.0

OpenOLAT_10.*

OpenOLAT_10.0.0
OpenOLAT_10.0.1
OpenOLAT_10.0.2
OpenOLAT_10.0.3
OpenOLAT_10.0.4
OpenOLAT_10.0.5
OpenOLAT_10.0.6
OpenOLAT_10.0.7
OpenOLAT_10.0.8
OpenOLAT_10.0.9
OpenOLAT_10.1.0
OpenOLAT_10.1.1
OpenOLAT_10.1.2
OpenOLAT_10.1.3
OpenOLAT_10.2.0
OpenOLAT_10.2.1
OpenOLAT_10.2.2
OpenOLAT_10.2.3
OpenOLAT_10.2.4
OpenOLAT_10.2.5
OpenOLAT_10.3.0
OpenOLAT_10.3.1
OpenOLAT_10.3.2
OpenOLAT_10.3.3
OpenOLAT_10.3.4
OpenOLAT_10.3.5
OpenOLAT_10.3.6
OpenOLAT_10.3.7
OpenOLAT_10.3.8
OpenOLAT_10.4.0
OpenOLAT_10.4.1
OpenOLAT_10.4.10
OpenOLAT_10.4.11
OpenOLAT_10.4.2
OpenOLAT_10.4.3
OpenOLAT_10.4.4
OpenOLAT_10.4.5
OpenOLAT_10.4.6
OpenOLAT_10.4.7
OpenOLAT_10.4.8
OpenOLAT_10.4.9
OpenOLAT_10.5.0
OpenOLAT_10.5.1
OpenOLAT_10.5.2
OpenOLAT_10.5.3
OpenOLAT_10.5.4
OpenOLAT_10.5.5
OpenOLAT_10.5.6
OpenOLAT_10.5.7
OpenOLAT_10.5.8
OpenOLAT_10.5.9

OpenOLAT_11.*

OpenOLAT_11.0.10
OpenOLAT_11.0.2
OpenOLAT_11.0.3
OpenOLAT_11.0.4
OpenOLAT_11.0.5
OpenOLAT_11.0.6
OpenOLAT_11.0.7
OpenOLAT_11.0.8
OpenOLAT_11.0.9
OpenOLAT_11.0_0
OpenOLAT_11.0_1
OpenOLAT_11.1.0
OpenOLAT_11.1.1
OpenOLAT_11.1.2
OpenOLAT_11.2.0
OpenOLAT_11.2.1
OpenOLAT_11.2.2
OpenOLAT_11.2.3
OpenOLAT_11.2.4
OpenOLAT_11.3.0
OpenOLAT_11.3.1
OpenOLAT_11.3.2
OpenOLAT_11.3.3
OpenOLAT_11.4.0
OpenOLAT_11.4.1
OpenOLAT_11.4.2
OpenOLAT_11.4.3
OpenOLAT_11.5.0
OpenOLAT_11.5.1
OpenOLAT_11.5.2
OpenOLAT_11.5.3
OpenOLAT_11.5.4
OpenOLAT_11.5.5

OpenOLAT_12.*

OpenOLAT_12.0.0
OpenOLAT_12.0.1
OpenOLAT_12.0.2
OpenOLAT_12.1.0
OpenOLAT_12.1.1
OpenOLAT_12.1.2
OpenOLAT_12.1.3
OpenOLAT_12.1.4
OpenOLAT_12.1.5
OpenOLAT_12.2.0
OpenOLAT_12.2.1
OpenOLAT_12.2.2
OpenOLAT_12.2.3
OpenOLAT_12.2.4
OpenOLAT_12.2.5
OpenOLAT_12.2.6
OpenOLAT_12.2.7
OpenOLAT_12.2.8
OpenOLAT_12.3.0
OpenOLAT_12.3.1
OpenOLAT_12.3.2
OpenOLAT_12.3.3
OpenOLAT_12.4.0
OpenOLAT_12.4.1
OpenOLAT_12.4.2
OpenOLAT_12.4.3a
OpenOLAT_12.5.0
OpenOLAT_12.5.1
OpenOLAT_12.5.10
OpenOLAT_12.5.11
OpenOLAT_12.5.12
OpenOLAT_12.5.13
OpenOLAT_12.5.14
OpenOLAT_12.5.15
OpenOLAT_12.5.16
OpenOLAT_12.5.17
OpenOLAT_12.5.18
OpenOLAT_12.5.19
OpenOLAT_12.5.2
OpenOLAT_12.5.20
OpenOLAT_12.5.21
OpenOLAT_12.5.22
OpenOLAT_12.5.23
OpenOLAT_12.5.24
OpenOLAT_12.5.25
OpenOLAT_12.5.26
OpenOLAT_12.5.3
OpenOLAT_12.5.4
OpenOLAT_12.5.5
OpenOLAT_12.5.6
OpenOLAT_12.5.7
OpenOLAT_12.5.8
OpenOLAT_12.5.9

OpenOLAT_13.*

OpenOLAT_13.0.0
OpenOLAT_13.0.0beta1
OpenOLAT_13.0.0beta3
OpenOLAT_13.0.0beta4
OpenOLAT_13.0.0beta5
OpenOLAT_13.0.0beta6
OpenOLAT_13.0.0beta7
OpenOLAT_13.0.0beta8
OpenOLAT_13.0.0beta9
OpenOLAT_13.0.1
OpenOLAT_13.0.2
OpenOLAT_13.0.3
OpenOLAT_13.1.0
OpenOLAT_13.1.1
OpenOLAT_13.1.2
OpenOLAT_13.2.0
OpenOLAT_13.2.1
OpenOLAT_13.2.2
OpenOLAT_13.2.3
OpenOLAT_13.2.4
OpenOLAT_13.2.5
OpenOLAT_13.2.6
OpenOLAT_13.2.7
OpenOLAT_13.2.8

OpenOLAT_14.*

OpenOLAT_14.0.0
OpenOLAT_14.0.2
OpenOLAT_14.0.3
OpenOLAT_14.0.4
OpenOLAT_14.01
OpenOLAT_14.1.0
OpenOLAT_14.1.1
OpenOLAT_14.1.2
OpenOLAT_14.1.3
OpenOLAT_14.1.4
OpenOLAT_14.1.5
OpenOLAT_14.1.6
OpenOLAT_14.1.7
OpenOLAT_14.2.0
OpenOLAT_14.2.1
OpenOLAT_14.2.10
OpenOLAT_14.2.11
OpenOLAT_14.2.12
OpenOLAT_14.2.13
OpenOLAT_14.2.14
OpenOLAT_14.2.15
OpenOLAT_14.2.16
OpenOLAT_14.2.17
OpenOLAT_14.2.18
OpenOLAT_14.2.2
OpenOLAT_14.2.3
OpenOLAT_14.2.4
OpenOLAT_14.2.5
OpenOLAT_14.2.6
OpenOLAT_14.2.7
OpenOLAT_14.2.8
OpenOLAT_14.2.9

OpenOLAT_15.*

OpenOLAT_15.0.0
OpenOLAT_15.0.1
OpenOLAT_15.0.2
OpenOLAT_15.0.3
OpenOLAT_15.0.4
OpenOLAT_15.0.5
OpenOLAT_15.0.6
OpenOLAT_15.1.0
OpenOLAT_15.1.1
OpenOLAT_15.1.2
OpenOLAT_15.1.3
OpenOLAT_15.1.4
OpenOLAT_15.2.0
OpenOLAT_15.2.1
OpenOLAT_15.2.10
OpenOLAT_15.2.11
OpenOLAT_15.2.12
OpenOLAT_15.2.2
OpenOLAT_15.2.3
OpenOLAT_15.2.4
OpenOLAT_15.2.5
OpenOLAT_15.2.6
OpenOLAT_15.2.7
OpenOLAT_15.2.8
OpenOLAT_15.2.9
OpenOLAT_15.3.0
OpenOLAT_15.3.1
OpenOLAT_15.3.10
OpenOLAT_15.3.11
OpenOLAT_15.3.12
OpenOLAT_15.3.13
OpenOLAT_15.3.14
OpenOLAT_15.3.15
OpenOLAT_15.3.16
OpenOLAT_15.3.17
OpenOLAT_15.3.2
OpenOLAT_15.3.3
OpenOLAT_15.3.4
OpenOLAT_15.3.5
OpenOLAT_15.3.6
OpenOLAT_15.3.7
OpenOLAT_15.3.8
OpenOLAT_15.3.9
OpenOLAT_15.4.0
OpenOLAT_15.4.1
OpenOLAT_15.4.2
OpenOLAT_15.4.3
OpenOLAT_15.4.4
OpenOLAT_15.4.5
OpenOLAT_15.4.6
OpenOLAT_15.4.7
OpenOLAT_15.5.0
OpenOLAT_15.5.1
OpenOLAT_15.5.10
OpenOLAT_15.5.11
OpenOLAT_15.5.2
OpenOLAT_15.5.3
OpenOLAT_15.5.4
OpenOLAT_15.5.5
OpenOLAT_15.5.6
OpenOLAT_15.5.7
OpenOLAT_15.5.8
OpenOLAT_15.5.9
OpenOLAT_15.pre.0.a
OpenOLAT_15.pre.1
OpenOLAT_15.pre.2
OpenOLAT_15.pre.3
OpenOLAT_15.pre.4
OpenOLAT_15.pre.5
OpenOLAT_15.pre.6
OpenOLAT_15.pre.7
OpenOLAT_15.pre.8
OpenOLAT_15.pre.9

OpenOLAT_8.*

OpenOLAT_8.0
OpenOLAT_8.0.2
OpenOLAT_8.0.3
OpenOLAT_8.1
OpenOLAT_8.1.1
OpenOLAT_8.1.2
OpenOLAT_8.1.3
OpenOLAT_8.1.4
OpenOLAT_8.2.0
OpenOLAT_8.2.0beta
OpenOLAT_8.2.0beta2
OpenOLAT_8.2.1
OpenOLAT_8.3.0
OpenOLAT_8.3.1
OpenOLAT_8.3.2
OpenOLAT_8.3.3
OpenOLAT_8.3.4
OpenOLAT_8.3.5
OpenOLAT_8.4.0
OpenOLAT_8.4.0beta
OpenOLAT_8.4.1
OpenOLAT_8.4.2
OpenOLAT_8.4.3
OpenOLAT_8.4.4

OpenOLAT_9.*

OpenOLAT_9.0.0
OpenOLAT_9.0.1
OpenOLAT_9.0.2
OpenOLAT_9.0.3
OpenOLAT_9.0.4
OpenOLAT_9.0.5
OpenOLAT_9.0.6
OpenOLAT_9.1.0
OpenOLAT_9.1.1
OpenOLAT_9.1.2
OpenOLAT_9.2.0
OpenOLAT_9.2.1
OpenOLAT_9.3.0
OpenOLAT_9.3.1
OpenOLAT_9.3.2
OpenOLAT_9.3.3
OpenOLAT_9.3.4
OpenOLAT_9.3.5
OpenOLAT_9.4.0
OpenOLAT_9.4.1
OpenOLAT_9.4.2
OpenOLAT_9.4.3
OpenOLAT_9.4.4