5 matches found
CVE-2025-27101
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...
CVE-2025-27792 Opal vulnerable to CSRF protection bypass
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...
CVE-2025-27792
Opal CSRF protection bypass (CVE-2025-27792) affects Opal prior to v5.1.1. The issue arises because the referrer header can be dropped in CSRF requests (e.g., via ), bypassing server checks. A patch exists in version 5.1.1. Some sources indicate PoC exploitation is possible; CVSS details in the r...
CVE-2025-27792 Opal vulnerable to CSRF protection bypass
Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...
CVE-2025-27101
CVE-2025-27101 — Opal filesystem copy path traversal / access control issue : Opal (OBiBa) before version 5.1.1 exposes files from a user’s directory when copying any parent directory to a folder under /temp/. This flaw allows any user (including low-privilege DataShield users) to access files th...