CVE-2025-55202

描述

The protections against path traversal attacks in the UI config module are insufficient, still partially allowing for attacks in very specific cases. The path is checked without checking for the file separator. This could allow attackers access to files within another folder which starts with the same path. For example, the default UI config directory is placed at `/etc/opencast/ui-config`. Without this patch, an attacker can get access to files in a folder `/etc/opencast/ui-config-hidden` if those files are readable by Opencast. General path traversal is not possible. For example, an attacker **cannot** exploit this to access files in `/etc/opencast/encoding` or even in `/etc/opencast/` directly. ### How dangerous is this? Theoretically, this vulnerability may be exploited to get access to some non-public files. However, given the default structure of Opencast's configuration, this is extremely unlikely to hit any users. There can be but one `ui-config` folders. This makes it quite unlikely for any user to have created an additional folder starting with `ui-config`. Users could also rename this folder, but since there is no real reason for anyone to do this, this, again is extremely unlikely to trigger this issue. ### How to fix the issue - To mitigate this, check if you have folders which start with the same path as your `ui-config` folder - A fix is available in https://github.com/opencast/opencast/pull/6979 - Updating to Opencast 17.7 or 18.1 will fix the issue

如何修補 CVE-2025-55202

要修補 CVE-2025-55202,請將受影響套件升級到下列已修補版本。

• —升級至 17.7 或更新版本

CVE-2025-55202 正在被利用嗎?

低 — EPSS 為 0.1%,目前沒有觀察到大規模利用活動。

受影響套件(1)

• from 0, < 17.7

CVSS 分數

參考連結(5)

• ADVISORYnvd.nist.gov/vuln/detail/CVE-2025-55202
• PATCHgithub.com/opencast/opencast
• WEBgithub.com/opencast/opencast/commit/e2cc65d6fbe052ebb71d9f6b583bb54b181af009
• WEBgithub.com/opencast/opencast/pull/6979