Headline

CVE-2022-24830

OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade.

2 years ago

CVE

Open in Source

#vulnerability #java #rce

Package

OpenClinica (None)

Patched versions

3.13.1, 3.14.1, 3.16.2

Impact

The following vulnerabilities were identified by CodeQL and can be found here:

https://lgtm.com/projects/g/OpenClinica/OpenClinica/alerts/?mode=list&tag=security&id=java%2Fpath-injection

A summary of the above can be found below.

The following endpoints contain path traversal vulnerabilities.

Arbitrary File Read Vulnerabilities

They allow an attacker to arbitrarily download any file from a system running OpenClinica. This allows an attacker to steal any information/files stored on a system running OpenClinica.

The following endpoints are impacted:

/forms/migrate/{filename}/downloadLogFile
- Source:
  
  File fileToDownload = new File(logFileName);
/DownloadVersionSpreadSheet via the fileName form post parameter
- For users with the permissions: 'system admin’, STUDYDIRECTOR, or COORDINATOR
- Source:
  
  excelFile = new File(dir + excelFileName);
  
  // backwards compat
  
  File oldExcelFile = new File(dir + oldExcelFileName);

Arbitrary File Write Vulnerabilities

The following allow an attacker to upload any file they wish to any directory they wish on a system running OpenClinica. This can lead to remote code execution in certain environments.

/openrosa/{studyOID}/submission by modifying the studyOID with a path traversal payload.
- Source:
  
  if (!new File(dir).exists()) new File(dir).mkdirs();

Patches

6f864e8

Workarounds

Is there a way for users to fix or remediate the vulnerability without upgrading?
No

References