OBiBa Opal Directory Copy Function Vulnerability Allows Unauthorized File Access

A vulnerability in OBiBa's Opal application, prior to version 5.1.1, allows users to copy parent directories to the /temp/ directory, inadvertently including files that should be inaccessible. This issue affects all users, including those with low privileges, such as DataShield users, who can access files belonging to other users. The vulnerability arises from improper access controls, enabling unauthorized file access through the directory copying feature.

Impact

Exploitation of this vulnerability allows any user to access all files within the Opal filesystem, including those belonging to other users.

Reproduction

To reproduce this vulnerability, copy a parent directory from the home directory to a folder in the /temp/ directory. All files from the parent directory will be copied, including those the user should not have access to. After the copy operation, the files from the user's home directory can be accessed in the /temp/files/home directory. This vulnerability can also be reproduced by copying the entire root directory, which will extract files from the reports directory.

Remediation

Users should update to Opal version 5.1.1 or later, where this vulnerability has been patched.