CVE-2023-32322

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2023-32322

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32322.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2023-32322

Aliases

GHSA-28j3-84m7-gpjp

Published

2023-05-18T16:34:52.766Z

Modified

2026-04-10T04:58:36.006275Z

Severity

4.9 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Arbitrary file read in Ombi

Details

Ombi is an open source application which allows users to request specific media from popular self-hosted streaming servers. Versions prior to 4.38.2 contain an arbitrary file read vulnerability where an Ombi administrative user may access files available to the Ombi server process on the host operating system. Ombi administrators may not always be local system administrators and so this may violate the security expectations of the system. The arbitrary file read vulnerability was present in ReadLogFile and Download endpoints in SystemControllers.cs as the parameter logFileName is not sanitized before being combined with the Logs directory. When using Path.Combine(arg1, arg2, arg3), an attacker may be able to escape to folders/files outside of Path.Combine(arg1, arg2) by using ".." in arg3. In addition, by specifying an absolute path for arg3, Path.Combine will completely ignore the first two arguments and just return just arg3. This vulnerability can lead to information disclosure. The Ombi documentation suggests running Ombi as a Service with Administrator privileges. An attacker targeting such an application may be able to read the files of any Windows user on the host machine and certain system files. This issue has been addressed in commit b8a8f029 and in release version 4.38.2. Users are advised to upgrade. There are no known workarounds for this vulnerability. This issue is also tracked as GHSL-2023-088.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/32xxx/CVE-2023-32322.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-22"
    ]
}

References

Affected packages

Git / github.com/ombi-app/ombi

Affected ranges

Type: GIT
Repo: https://github.com/ombi-app/ombi
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

01b71b075252b48fea098570bc1cc51c9e74f302

Affected versions

Ombi-v3.*

Ombi-v3.0.2881

Ombi-v3.0.2948

PlexRequests-v1.*

PlexRequests-v1.10.1086

PlexRequests-v1.6.219

PlexRequests-v1.7.407

v1.*

v1.1

v1.10.0

v1.10.1

v1.2.0

v1.2.1

v1.3.0

v1.4.0

v1.4.1

v1.5.0

v1.5.1

v1.5.2

v1.6.0

v1.6.1

v1.7

v1.7.0

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.8.0

v1.8.1

v1.8.2

v1.8.3

v1.8.4

v1.9.0

v1.9.1

v1.9.2

v1.9.3

v1.9.4

v1.9.5

v1.9.6

v1.9.7

v2.*

v2.0

v2.0.0

v2.0.1

v2.1.0

v2.2.0

v2.2.1

v4.*

v4.0.1009

v4.0.1011

v4.0.1035

v4.0.1036

v4.0.1037

v4.0.1039

v4.0.1040

v4.0.1062

v4.0.1067

v4.0.1078

v4.0.1080

v4.0.1085

v4.0.1112

v4.0.1116

v4.0.1117

v4.0.1118

v4.0.1119

v4.0.1120

v4.0.1122

v4.0.1128

v4.0.1131

v4.0.1132

v4.0.1133

v4.0.1134

v4.0.1135

v4.0.1136

v4.0.1139

v4.0.1150

v4.0.1151

v4.0.1152

v4.0.1153

v4.0.1154

v4.0.1155

v4.0.1156

v4.0.1203

v4.0.1204

v4.0.1222

v4.0.1255

v4.0.1256

v4.0.1257

v4.0.1259

v4.0.1260

v4.0.1261

v4.0.1262

v4.0.1275

v4.0.1277

v4.0.1282

v4.0.1286

v4.0.1290

v4.0.1292

v4.0.1299

v4.0.1309

v4.0.1313

v4.0.1314

v4.0.1324

v4.0.1328

v4.0.1329

v4.0.1332

v4.0.1333

v4.0.1334

v4.0.1336

v4.0.1339

v4.0.1340

v4.0.1345

v4.0.1347

v4.0.1348

v4.0.1349

v4.0.1350

v4.0.1351

v4.0.1353

v4.0.1354

v4.0.1358

v4.0.1370

v4.0.1375

v4.0.1396

v4.0.1398

v4.0.1403

v4.0.1404

v4.0.1412

v4.0.1421

v4.0.1422

v4.0.1423

v4.0.1424

v4.0.1425

v4.0.1431

v4.0.1440

v4.0.1442

v4.0.1443

v4.0.1446

v4.0.1447

v4.0.1448

v4.0.1449

v4.0.1466

v4.0.1470

v4.0.1474

v4.0.1475

v4.0.1476

v4.0.1477

v4.0.1482

v4.0.1483

v4.0.1487

v4.0.1488

v4.0.1499

v4.0.1506

v4.0.1510

v4.0.1599

v4.0.1601

v4.0.1602

v4.0.994

v4.0.999

v4.10.0

v4.10.1

v4.10.3

v4.10.4

v4.11.0

v4.11.1

v4.11.5

v4.11.7

v4.11.8

v4.12.0

v4.12.3

v4.12.4

v4.12.7

v4.13.0

v4.13.2

v4.14.0

v4.14.1

v4.14.3

v4.14.4

v4.15.0

v4.15.2

v4.15.3

v4.15.4

v4.15.5

v4.15.6

v4.16.0

v4.16.1

v4.16.13

v4.16.14

v4.16.15

v4.16.16

v4.16.17

v4.16.2

v4.16.5

v4.16.6

v4.16.7

v4.17.0

v4.18.0

v4.19.0

v4.19.1

v4.2.10

v4.2.11

v4.2.12

v4.2.13

v4.2.2

v4.2.3

v4.2.4

v4.2.5

v4.2.6

v4.20.0

v4.20.1

v4.20.2

v4.20.3

v4.20.4

v4.21.0

v4.21.1

v4.21.2

v4.22.0

v4.22.1

v4.22.2

v4.22.3

v4.22.4

v4.23.0

v4.23.1

v4.23.2

v4.24.0

v4.25.0

v4.25.1

v4.26.0

v4.27.0

v4.27.1

v4.27.2

v4.27.6

v4.27.7

v4.27.8

v4.28.0

v4.28.1

v4.29.0

v4.29.2

v4.29.3

v4.3.0

v4.3.1

v4.3.2

v4.30.0

v4.31.0

v4.32.0

v4.32.1

v4.32.2

v4.32.3

v4.33.0

v4.35.12

v4.35.13

v4.35.15

v4.35.16

v4.35.18

v4.35.2

v4.35.3

v4.35.4

v4.35.5

v4.35.6

v4.35.7

v4.35.8

v4.35.9

v4.36.1

v4.37.2

v4.37.3

v4.38.0

v4.38.1

v4.4.0

v4.6.0

v4.6.1

v4.6.2

v4.6.3

v4.6.4

v4.6.5

v4.7.0

v4.7.11

v4.7.3

v4.7.4

v4.7.8

v4.9.1

v4.9.2

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-32322.json"