CVE-2022-31195: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in DSpace DSpace
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path "/xmlui", then you'd need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path "/jspui", then you'd need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability.
AI Analysis
Technical Summary
CVE-2022-31195 is a path traversal vulnerability (CWE-22) affecting DSpace, an open-source repository application widely used for managing and providing durable access to digital resources. The vulnerability exists in the ItemImportServiceImpl component, which handles the import of Simple Archive Format (SAF) packages. Specifically, a malicious SAF package can exploit insufficient validation of file paths to cause files or directories to be created outside the intended restricted directory. This can lead to arbitrary file creation or overwriting anywhere the Tomcat/DSpace user has write permissions on the server. The vulnerability affects multiple user interfaces of DSpace, including XMLUI, JSPUI, and command-line tools. However, exploitation requires elevated privileges: only users with administrative rights or command-line access to the server can import SAF packages and thus trigger the vulnerability. Consequently, the attack surface is limited to trusted users or insiders with elevated access. The vulnerability affects DSpace versions >=4.0 and <5.11, and >=6.0 and <6.4. No known exploits have been reported in the wild to date. Mitigation includes upgrading to fixed versions and restricting access to administrative batch import URL paths (e.g., /admin/batchimport or /dspace-admin/batchimport) to prevent unauthorized use of the import functionality. The risk is mitigated if administrative users do not import untrusted SAF packages, as the vulnerability depends on the content of the imported archive. Overall, this vulnerability represents a moderate risk primarily due to its requirement for privileged access and the potential for arbitrary file creation on the server, which could lead to further compromise if exploited by a malicious insider or through credential compromise.
Potential Impact
For European organizations using affected versions of DSpace, this vulnerability could allow an attacker with administrative or command-line access to create or overwrite files arbitrarily on the server hosting the repository. This could lead to unauthorized modification of repository data, insertion of malicious files, or disruption of service. Given that DSpace is often used by academic institutions, research organizations, and cultural heritage institutions across Europe, exploitation could compromise the integrity and availability of valuable digital assets. Additionally, if the server is shared or integrated with other systems, arbitrary file writes could facilitate privilege escalation or lateral movement within the network. However, the impact is limited by the prerequisite of elevated access, reducing the likelihood of external attackers exploiting this vulnerability directly. Insider threats or attackers who have already compromised administrative credentials pose the primary risk. The potential impact on confidentiality is moderate, as the vulnerability does not directly expose data but could be leveraged to implant backdoors or manipulate files. Integrity and availability impacts are more significant, as unauthorized file creation or modification could corrupt repository contents or disrupt services.
Mitigation Recommendations
1. Upgrade DSpace to a version >=5.11 or >=6.4 where this vulnerability is patched. 2. Restrict access to administrative batch import URLs by implementing strict network-level controls such as IP whitelisting or VPN-only access to /admin/batchimport and /dspace-admin/batchimport endpoints. 3. Enforce strong authentication and authorization controls for administrative users to prevent credential compromise. 4. Implement rigorous auditing and monitoring of SAF package imports to detect suspicious or unauthorized activity. 5. Use file system permissions to limit the write capabilities of the Tomcat/DSpace user to only necessary directories, minimizing the impact of arbitrary file creation. 6. Educate administrative users on the risks of importing untrusted SAF packages and enforce policies to validate package contents before import. 7. Consider deploying web application firewalls (WAFs) with custom rules to block suspicious requests targeting batch import paths. 8. Regularly review and update server and application configurations to adhere to the principle of least privilege and minimize attack surface.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Sweden, Belgium, Poland, Austria
CVE-2022-31195: CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in DSpace DSpace
Description
DSpace open source software is a repository application which provides durable access to digital resources. In affected versions the ItemImportServiceImpl is vulnerable to a path traversal vulnerability. This means a malicious SAF (simple archive format) package could cause a file/directory to be created anywhere the Tomcat/DSpace user can write to on the server. However, this path traversal vulnerability is only possible by a user with special privileges (either Administrators or someone with command-line access to the server). This vulnerability impacts the XMLUI, JSPUI and command-line. Users are advised to upgrade. As a basic workaround, users may block all access to the following URL paths: If you are using the XMLUI, block all access to /admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path "/xmlui", then you'd need to block access to /xmlui/admin/batchimport. If you are using the JSPUI, block all access to /dspace-admin/batchimport path (this is the URL of the Admin Batch Import tool). Keep in mind, if your site uses the path "/jspui", then you'd need to block access to /jspui/dspace-admin/batchimport. Keep in mind, only an Administrative user or a user with command-line access to the server is able to import/upload SAF packages. Therefore, assuming those users do not blindly upload untrusted SAF packages, then it is unlikely your site could be impacted by this vulnerability.
AI-Powered Analysis
Technical Analysis
CVE-2022-31195 is a path traversal vulnerability (CWE-22) affecting DSpace, an open-source repository application widely used for managing and providing durable access to digital resources. The vulnerability exists in the ItemImportServiceImpl component, which handles the import of Simple Archive Format (SAF) packages. Specifically, a malicious SAF package can exploit insufficient validation of file paths to cause files or directories to be created outside the intended restricted directory. This can lead to arbitrary file creation or overwriting anywhere the Tomcat/DSpace user has write permissions on the server. The vulnerability affects multiple user interfaces of DSpace, including XMLUI, JSPUI, and command-line tools. However, exploitation requires elevated privileges: only users with administrative rights or command-line access to the server can import SAF packages and thus trigger the vulnerability. Consequently, the attack surface is limited to trusted users or insiders with elevated access. The vulnerability affects DSpace versions >=4.0 and <5.11, and >=6.0 and <6.4. No known exploits have been reported in the wild to date. Mitigation includes upgrading to fixed versions and restricting access to administrative batch import URL paths (e.g., /admin/batchimport or /dspace-admin/batchimport) to prevent unauthorized use of the import functionality. The risk is mitigated if administrative users do not import untrusted SAF packages, as the vulnerability depends on the content of the imported archive. Overall, this vulnerability represents a moderate risk primarily due to its requirement for privileged access and the potential for arbitrary file creation on the server, which could lead to further compromise if exploited by a malicious insider or through credential compromise.
Potential Impact
For European organizations using affected versions of DSpace, this vulnerability could allow an attacker with administrative or command-line access to create or overwrite files arbitrarily on the server hosting the repository. This could lead to unauthorized modification of repository data, insertion of malicious files, or disruption of service. Given that DSpace is often used by academic institutions, research organizations, and cultural heritage institutions across Europe, exploitation could compromise the integrity and availability of valuable digital assets. Additionally, if the server is shared or integrated with other systems, arbitrary file writes could facilitate privilege escalation or lateral movement within the network. However, the impact is limited by the prerequisite of elevated access, reducing the likelihood of external attackers exploiting this vulnerability directly. Insider threats or attackers who have already compromised administrative credentials pose the primary risk. The potential impact on confidentiality is moderate, as the vulnerability does not directly expose data but could be leveraged to implant backdoors or manipulate files. Integrity and availability impacts are more significant, as unauthorized file creation or modification could corrupt repository contents or disrupt services.
Mitigation Recommendations
1. Upgrade DSpace to a version >=5.11 or >=6.4 where this vulnerability is patched. 2. Restrict access to administrative batch import URLs by implementing strict network-level controls such as IP whitelisting or VPN-only access to /admin/batchimport and /dspace-admin/batchimport endpoints. 3. Enforce strong authentication and authorization controls for administrative users to prevent credential compromise. 4. Implement rigorous auditing and monitoring of SAF package imports to detect suspicious or unauthorized activity. 5. Use file system permissions to limit the write capabilities of the Tomcat/DSpace user to only necessary directories, minimizing the impact of arbitrary file creation. 6. Educate administrative users on the risks of importing untrusted SAF packages and enforce policies to validate package contents before import. 7. Consider deploying web application firewalls (WAFs) with custom rules to block suspicious requests targeting batch import paths. 8. Regularly review and update server and application configurations to adhere to the principle of least privilege and minimize attack surface.
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- GitHub_M
- Date Reserved
- 2022-05-18T00:00:00.000Z
- Cisa Enriched
- true
Threat ID: 682d9844c4522896dcbf397c
Added to database: 5/21/2025, 9:09:24 AM
Last enriched: 6/23/2025, 1:05:30 AM
Last updated: 8/18/2025, 11:28:29 PM
Views: 16
Related Threats
CVE-2025-55455: n/a
HighCVE-2025-8193
UnknownCVE-2025-9356: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-9355: Stack-based Buffer Overflow in Linksys RE6250
HighCVE-2025-43761: CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') in Liferay Portal
MediumActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.