Login Sign Up

CVE-2022-31503

9.3 CRITICAL
Path Traversal

📋 TL;DR

This vulnerability allows attackers to perform absolute path traversal attacks in Orchest versions before 2022.05.0. By exploiting unsafe usage of Flask's send_file function, attackers can access arbitrary files on the server filesystem. This affects all deployments running vulnerable Orchest versions.

💻 Affected Systems

Products:
  • Orchest
Versions: All versions before 2022.05.0
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: All deployments of affected Orchest versions are vulnerable by default.

📦 What is this software?

Orchest by Orchest

View all CVEs affecting Orchest →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through reading sensitive files like SSH keys, configuration files, or database credentials, potentially leading to remote code execution.

🟠

Likely Case

Unauthorized access to sensitive application files, configuration data, and potentially user data stored on the server filesystem.

🟢

If Mitigated

Limited impact with proper file permissions and network segmentation, though file disclosure remains possible.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

The vulnerability is straightforward to exploit with publicly available information about the unsafe send_file usage.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v2022.05.0

Vendor Advisory: https://github.com/orchest/orchest/releases/tag/v2022.05.0

Restart Required: Yes

Instructions:

1. Backup your Orchest data and configuration. 2. Update to Orchest v2022.05.0 or later. 3. Restart the Orchest service. 4. Verify the fix by checking the version and testing path traversal attempts.

🔧 Temporary Workarounds

Network Segmentation

all

Restrict network access to Orchest instances to trusted networks only

File Permission Hardening

linux

Set strict file permissions on sensitive directories and files

chmod 600 /path/to/sensitive/files
chown root:root /path/to/sensitive/directories

🧯 If You Can't Patch

  • Implement strict network access controls to limit exposure
  • Deploy web application firewall with path traversal protection rules

🔍 How to Verify

Check if Vulnerable:

Check if Orchest version is earlier than 2022.05.0

Check Version:

Check Orchest web interface or deployment configuration for version information

Verify Fix Applied:

Confirm version is 2022.05.0 or later and test path traversal attempts return appropriate errors

📡 Detection & Monitoring

Log Indicators:

  • Unusual file access patterns in application logs
  • Multiple failed path traversal attempts
  • Access to files outside expected directories

Network Indicators:

  • HTTP requests with ../ patterns or absolute paths
  • Unusual file download patterns

SIEM Query:

source="orchest" AND (url="*../*" OR url="*/etc/*" OR url="*/root/*")

📊 Metadata

CVE ID: CVE-2022-31503
CVSS v3 Score: 9.3 (CRITICAL)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:L
CWE: CWE-22
Published: July 11, 2022
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2022-31503, you might also want to check these:

CVE-2024-43955 10.0

CVE-2024-43955 is an unauthenticated path traversal vulnerability in the Droip WordPress plugin that...

Same vulnerability type (CWE-22)
CVE-2025-54261 10.0

This critical path traversal vulnerability in Adobe ColdFusion allows attackers to escape restricted...

Same vulnerability type (CWE-22)
CVE-2024-40628 10.0

This critical vulnerability in JumpServer allows attackers to read arbitrary files from the Celery c...

Same vulnerability type (CWE-22)