Broken Access Control in Opal filesystem's copy functionality exposes all user data 漏洞信息(CVE-2025-27101)

一、漏洞 CVE-2025-27101 基础信息

美国国家漏洞数据库 NVD

漏洞标题

Broken Access Control in Opal filesystem's copy functionality exposes all user data

来源：美国国家漏洞数据库 NVD

漏洞描述信息

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of the application are impacted, as this is exploitable by any user to reveal all files in the opal filesystem. This also means that low-privilege users such as DataShield users can retrieve the files of other users. Version 5.1.1 contains a patch for the issue.

来源：美国国家漏洞数据库 NVD

CVSS信息

N/A

来源：美国国家漏洞数据库 NVD

漏洞类别

对路径名的限制不恰当(路径遍历)

来源：美国国家漏洞数据库 NVD

二、漏洞 CVE-2025-27101 的公开POC

#	POC 描述	源链接	神龙链接

三、漏洞 CVE-2025-27101 的情报信息

https://github.com/obiba/opal/security/advisories/GHSA-rxmx-gqjj-vhv8 x_refsource_CONFIRM
https://github.com/obiba/opal/commit/fca7dc9c8348064741b2e8b2c31b66660a935743 x_refsource_MISC
https://nvd.nist.gov/vuln/detail/CVE-2025-27101

一、 漏洞 CVE-2025-27101 基础信息

漏洞标题

漏洞描述信息

CVSS信息

漏洞类别

二、漏洞 CVE-2025-27101 的公开POC

三、漏洞 CVE-2025-27101 的情报信息

一、漏洞 CVE-2025-27101 基础信息