Cyber Resilience

CVE-2021-39180

High

Published: 31 August 2021

Published
31 August 2021
Modified
21 November 2024
KEV Added
Patch
CVSS Score v3.1 8.1 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
EPSS Score 0.0122 79.5th percentile
Risk Priority 17 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-39180 is a high-severity Path Traversal (CWE-22) vulnerability in Frentix Openolat. Its CVSS base score is 8.1 (High).

Operationally, ranked in the top 20.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

OpenOLAT is a web-based learning management system (LMS). A path traversal vulnerability exists in versions prior to 15.3.18, 15.5.3, and 16.0.0. Using a specially prepared ZIP file, it is possible to overwrite any file that is writable by the application…

more

server user (e.g. the tomcat user). Depending on the configuration this can be limited to files of the OpenOlat user data directory, however, if not properly set up, the attack could also be used to overwrite application server config files, java code or even operating system files. The attack could be used to corrupt or modify any OpenOlat file such as course structures, config files or temporary test data. Those attack would require in-depth knowledge of the installation and thus more theoretical. If the app server configuration allows the execution of jsp files and the path to the context is known, it is also possible to execute java code. If the app server runs with the same user that is used to deploy the OpenOlat code or has write permissions on the OpenOlat code files and the path to the context is know, code injection is possible. The attack requires an OpenOlat user account to upload a ZIP file and trigger the unzip method. It can not be exploited by unregistered users. The problem is fixed in versions 15.3.18, 15.5.3 and 16.0.0. There are no known workarounds aside from upgrading.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

frentix
openolat
≤ 15.3.18 · 15.4.0 — 15.5.3

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References