CVE-2022-24830: Path Traversal in OpenClinica
First published: Fri May 13 2022(Updated: )
OpenClinica is an open source software for Electronic Data Capture (EDC) and Clinical Data Management (CDM). OpenClinica prior to version 3.16 is vulnerable to path traversal in multiple endpoints, leading to arbitrary file read/write, and potential remote code execution. There are no known workarounds. This issue has been patched and users are recommended to upgrade.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| OpenClinica | <3.13.1 | |
| OpenClinica | >=3.15<3.16.2 | |
| OpenClinica | =3.14 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2022-24830?
CVE-2022-24830 has a medium severity rating due to its potential for arbitrary file read/write and remote code execution.
How do I fix CVE-2022-24830?
To fix CVE-2022-24830, upgrade OpenClinica to version 3.16 or later.
What are the affected versions for CVE-2022-24830?
CVE-2022-24830 affects OpenClinica versions prior to 3.16, including versions 3.13.1 and 3.14.
Can CVE-2022-24830 lead to remote code execution?
Yes, CVE-2022-24830 can potentially lead to remote code execution due to path traversal vulnerabilities.
What type of vulnerability is CVE-2022-24830?
CVE-2022-24830 is a path traversal vulnerability affecting multiple endpoints in OpenClinica.
- agent/references
- agent/type
- agent/remedy
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/last-modified-date
- agent/severity
- agent/weakness
- agent/author
- agent/description
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/openclinica
- canonical/openclinica
- version/openclinica/3.15
- version/openclinica/3.14