CVE-2024-28198

low-risk

Published 2024-03-11

OpenOlat is an open source web-based e-learning platform for teaching, learning, assessment and communication. By manually manipulating http requests when using the draw.io integration it is possible to read arbitrary files as the configured system user and SSRF. The problem is fixed in version 18.1.6 and 18.2.2. It is advised to upgrade to the latest version of 18.1.x or 18.2.x. Users unable to upgrade may work around this issue by disabling the Draw.io module or the entire REST API which will secure the system.

Do I need to act?

0.11% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.6/10 Medium

NETWORK / HIGH complexity

Affected Products (1)

Openolat

Affected Vendors

Frentix

References (6)

Patch https://github.com/OpenOLAT/OpenOLAT/commit/23e6212e9412c3b099436159b8c8935321c9...

Vendor Advisory https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-pqvm-h9mg-434c

Broken Link https://track.frentix.com/issue/OO-7553/XXE-injection-in-draw.io-endpoint

Patch https://github.com/OpenOLAT/OpenOLAT/commit/23e6212e9412c3b099436159b8c8935321c9...

Vendor Advisory https://github.com/OpenOLAT/OpenOLAT/security/advisories/GHSA-pqvm-h9mg-434c

Broken Link https://track.frentix.com/issue/OO-7553/XXE-injection-in-draw.io-endpoint

/ 100

low-risk

Severity 15/34 · Moderate

Exploitability 0/34 · Minimal

Exposure 5/34 · Minimal