Broken Access Control in Opal filesystem's copy functionality exposes all user data

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal filesystem. This also means that low-privilege users such as DataShield users can retrieve the files of other users. Version 5.1.1 contains a patch for the issue.

N/A

对路径名的限制不恰当(路径遍历)

Opal 路径遍历漏洞

Opal是Open Source Software for Epidemiology开源的一个用于生物库或流行病学研究的核心数据库应用程序。 Opal 5.1.1之前版本存在路径遍历漏洞，该漏洞源于复制父目录时可能泄露用户无权访问的文件。

N/A

N/A