DSpace JSPUI Resumable Upload Path Traversal (CVE-2022-31194)
CVE-2022-31194 Published on August 1, 2022

Path traversal vulnerabilities in DSpace JSPUI submission upload
DSpace open source software is a repository application which provides durable access to digital resources. dspace-jspui is a UI component for DSpace. The JSPUI resumable upload implementations in SubmissionController and FileUploadRequest are vulnerable to multiple path traversal attacks, allowing an attacker to create files/directories anywhere on the server writable by the Tomcat/DSpace user, by modifying some request parameters during submission. This path traversal can only be executed by a user with special privileges (submitter rights). This vulnerability only impacts the JSPUI. Users are advised to upgrade. There are no known workarounds. However, this vulnerability cannot be exploited by an anonymous user or a basic user. The user must first have submitter privileges to at least one Collection and be able to determine how to modify the request parameters to exploit the vulnerability.

Github Repository NVD

Vulnerability Analysis

CVE-2022-31194 is exploitable with network access, and requires user privileges. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have a small impact on confidentiality and integrity, and a high impact on availability.

Attack Vector:
NETWORK
Attack Complexity:
LOW
Privileges Required:
HIGH
User Interaction:
NONE
Scope:
CHANGED
Confidentiality Impact:
LOW
Integrity Impact:
LOW
Availability Impact:
HIGH

Weakness Type

What is a Directory traversal Vulnerability?

The software uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the software does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

CVE-2022-31194 has been classified to as a Directory traversal vulnerability or weakness.


Products Associated with CVE-2022-31194

Want to know whenever a new CVE is published for Duraspace Dspace? stack.watch will email you.

Duraspace Dspace
 

Affected Versions

DSpace:

Vulnerable Packages

The following package name and versions may be associated with CVE-2022-31194

Package Manager Vulnerable Package Versions Fixed In
maven org.dspace:dspace-jspui >= 4.0, < 5.11 5.11
maven org.dspace:dspace-jspui >= 6.0, < 6.4 6.4

Exploit Probability

EPSS
0.83%
Percentile
74.89%

EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.