Login Sign Up

CVE-2022-23612

7.5 HIGH
Path Traversal

📋 TL;DR

CVE-2022-23612 is a path traversal vulnerability in OpenMRS that allows attackers to exfiltrate arbitrary files from the server. The vulnerability affects OpenMRS versions before 2.1.5, 2.2.1, 2.3.5, 2.4.5, and 2.5.3 due to insufficient input sanitization in image and script request handlers. Any OpenMRS implementation running affected versions is vulnerable to file disclosure.

💻 Affected Systems

Products:
  • OpenMRS Core
Versions: All versions before 2.1.5, 2.2.1, 2.3.5, 2.4.5, and 2.5.3
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Vulnerability is mitigated by Tomcat's URL normalization in Tomcat 7.0.28+. Older Tomcat versions remain fully vulnerable.

📦 What is this software?

Openmrs by Openmrs

View all CVEs affecting Openmrs →

Openmrs by Openmrs

View all CVEs affecting Openmrs →

Openmrs by Openmrs

View all CVEs affecting Openmrs →

Openmrs by Openmrs

View all CVEs affecting Openmrs →

Openmrs by Openmrs

View all CVEs affecting Openmrs →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise through exfiltration of sensitive files like configuration files, database credentials, SSH keys, and patient medical records.

🟠

Likely Case

Exfiltration of configuration files containing database credentials, API keys, and sensitive system information leading to further attacks.

🟢

If Mitigated

Limited file access restricted by Tomcat's URL normalization (Tomcat 7.0.28+) or proper file system permissions.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires only HTTP GET requests to vulnerable endpoints with path traversal sequences.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.1.5, 2.2.1, 2.3.5, 2.4.5, or 2.5.3 depending on minor version

Vendor Advisory: https://github.com/openmrs/openmrs-core/security/advisories/GHSA-8rgr-ww69-jv65

Restart Required: Yes

Instructions:

1. Identify your OpenMRS minor version. 2. Update to the corresponding patch version: 2.1.x → 2.1.5, 2.2.x → 2.2.1, 2.3.x → 2.3.5, 2.4.x → 2.4.5, 2.5.x → 2.5.3. 3. Restart the OpenMRS application server.

🔧 Temporary Workarounds

Tomcat Upgrade

linux

Upgrade Tomcat to version 7.0.28 or later to leverage built-in URL normalization that mitigates the vulnerability.

apt-get update && apt-get install tomcat7

Web Application Firewall

all

Deploy WAF rules to block path traversal patterns in requests to /images and /initfilter/scripts endpoints.

🧯 If You Can't Patch

  • Implement strict file system permissions to limit OpenMRS process access to only necessary directories.
  • Deploy network segmentation to restrict access to OpenMRS instances from untrusted networks.

🔍 How to Verify

Check if Vulnerable:

Check if OpenMRS version is below the patched versions: 2.1.5, 2.2.1, 2.3.5, 2.4.5, or 2.5.3.

Check Version:

Check OpenMRS web interface or application.properties file for version information.

Verify Fix Applied:

Verify OpenMRS version matches patched version and test with path traversal payloads to /images and /initfilter/scripts endpoints.

📡 Detection & Monitoring

Log Indicators:

  • HTTP GET requests containing '../' sequences to /images or /initfilter/scripts endpoints
  • Unusual file access patterns from OpenMRS process

Network Indicators:

  • HTTP requests with path traversal payloads (../, ..\, encoded variants)
  • Unusual outbound data transfers following suspicious requests

SIEM Query:

source="openmrs" AND (url_path="/images" OR url_path="/initfilter/scripts") AND (request_uri="*../*" OR request_uri="*..\\*")

📊 Metadata

CVE ID: CVE-2022-23612
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-22
Published: February 22, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-23612, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)