Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
prionPRIOn knowledge basePRION:CVE-2024-28198
HistoryMar 11, 2024 - 8:15 p.m.

Design/Logic Flaw

2024-03-1120:15:00
PRIOn knowledge base
www.prio-n.com
9
openolat
e-learning platform
ssrf vulnerability
version 18.1.x
version 18.2.x
upgrade
draw.io
rest api
security

4.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.

Related

cve 1
cvelist 1
nvd 1
osv 1
cve
cve
CVE-2024-28198
2024-03-11 20:15:07
cvelist
cvelist
CVE-2024-28198 XML external entity (XXE) injection in OpenOLAT
2024-03-11 19:38:26
nvd
nvd
CVE-2024-28198
2024-03-11 20:15:07
osv
osv
CVE-2024-28198
2024-03-11 20:15:07

4.8 Medium

AI Score

Confidence

High

0.0005 Low

EPSS

Percentile

18.1%

JSON
Related for PRION:CVE-2024-28198
cve1cvelist1nvd1osv1