Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Broken Access Control in Opal filesystem's copy functionality exposes all user data
Vulnerability Description
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal filesystem. This also means that low-privilege users such as DataShield users can retrieve the files of other users. Version 5.1.1 contains a patch for the issue.
CVSS Information
N/A
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Vulnerability Title
Opal 路径遍历漏洞
Vulnerability Description
Opal是Open Source Software for Epidemiology开源的一个用于生物库或流行病学研究的核心数据库应用程序。 Opal 5.1.1之前版本存在路径遍历漏洞,该漏洞源于复制父目录时可能泄露用户无权访问的文件。
CVSS Information
N/A
Vulnerability Type
N/A