CVE-2022-31195 : What You Need to Know

Understanding CVE-2022-31195

This CVE involves a path traversal vulnerability in the Simple Archive Format (SAF) package import functionality in DSpace, an open source repository application.

What is CVE-2022-31195?

In DSpace versions >= 6.0 and < 6.4, and >= 4.0 and < 5.11, the ItemImportServiceImpl is vulnerable to a path traversal issue. It allows a specially privileged user to create files or directories in areas where the Tomcat/DSpace user has write access.

The Impact of CVE-2022-31195

The vulnerability can be exploited by users with special privileges, like Administrators or those with command-line access, affecting XMLUI, JSPUI, and command-line functionalities. The CVSS base score of 7.2 denotes a high severity level with confidentiality, integrity, and availability impact.

Technical Details of CVE-2022-31195

Vulnerability Description

The vulnerability arises from improper validation of paths, enabling the creation of files/directories by malicious SAF packages in server locations with write privileges.

Affected Systems and Versions

DSpace versions >= 6.0 and < 6.4, and >= 4.0 and < 5.11 are impacted by this vulnerability.

Exploitation Mechanism

Users with specific privileges can exploit the vulnerability to create files/directories through SAF packages.

Mitigation and Prevention

Immediate Steps to Take

Users are recommended to upgrade DSpace to a non-vulnerable version. Additionally, blocking access to specific URL paths related to batch imports can mitigate risks.

Long-Term Security Practices

Practicing the principle of least privilege, ensuring user trust before importing SAF packages, and ongoing security monitoring are essential for long-term security.

Patching and Updates

Regularly updating DSpace to the latest secure versions and following security advisories are crucial to prevent exploitation of known vulnerabilities.