CVE-2021-39180

Name of the Vulnerable Software and Affected Versions OpenOLAT versions prior to 15.3.18 OpenOLAT versions prior to 15.5.3 OpenOLAT versions prior to 16.0.0

Description A path traversal vulnerability exists in OpenOLAT, a web-based learning management system. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application server user. Depending on the configuration, this can be limited to files of the OpenOlat user data directory, or it could also be used to overwrite application server config files, java code, or even operating system files. The attack could be used to corrupt or modify any OpenOlat file, such as course structures, config files, or temporary test data. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is known, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method.

Recommendations For OpenOLAT versions prior to 15.3.18, upgrade to version 15.3.18 or later. For OpenOLAT versions prior to 15.5.3, upgrade to version 15.5.3 or later. For OpenOLAT versions prior to 16.0.0, upgrade to version 16.0.0 or later.