OpenSatKit Directory Traversal Vulnerability Allowing Arbitrary File Access or Deletion
Vulnerability
A directory traversal vulnerability exists in OpenSatKit version 2.2.1. The application allows users to specify arbitrary file paths for various file manipulation operations, such as copying, deleting, concatenating, and compressing files. These operations are executed using OS abstraction layer functions that do not properly validate the supplied file paths, enabling attackers to traverse directories outside the intended scope. This vulnerability could lead to unauthorized access to sensitive system paths or allow the deletion of critical files.
Impact
Exploitation of this vulnerability could result in unauthorized access to sensitive information or the deletion of arbitrary files, potentially disrupting normal application or system operations.
Reproduction
The vulnerability can be reproduced by sending a telecommand that includes a crafted file path with directory traversal sequences (such as '../') that escape the intended directory boundaries. The 'FileUtil_GetFileInfo' function will then be bypassed, allowing access to sensitive system paths or manipulation of files outside the application's scope.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.