CVE-2024-46987

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://codeql.github.com/codeql-query-help/ruby/rb-path-injection	Third Party Advisory
https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c	Exploit Third Party Advisory
https://owasp.org/www-community/attacks/Path_Traversal	Issue Tracking
https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*

History

24 Sep 2024, 16:27

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~6.5~~	v2 : unknown v3 : 7.7

24 Sep 2024, 16:07

Type	Values Removed	Values Added
References	~~() https://codeql.github.com/codeql-query-help/ruby/rb-path-injection -~~	() https://codeql.github.com/codeql-query-help/ruby/rb-path-injection - Third Party Advisory
References	~~() https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c -~~	() https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c - Exploit, Third Party Advisory
References	~~() https://owasp.org/www-community/attacks/Path_Traversal -~~	() https://owasp.org/www-community/attacks/Path_Traversal - Issue Tracking
References	~~() https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released -~~	() https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released - Patch
CPE		cpe:2.3:a:tuzitio:camaleon_cms::::::::
First Time		Tuzitio camaleon Cms Tuzitio
CVSS	v2 : ~~unknown~~ v3 : ~~7.7~~	v2 : unknown v3 : 6.5

20 Sep 2024, 12:30

Type	Values Removed	Values Added
Summary		(es) Camaleon CMS es un sistema de gestión de contenido dinámico y avanzado basado en Ruby on Rails. Una vulnerabilidad de path traversal accesible a través del método download_private_file de MediaController permite a los usuarios autenticados descargar cualquier archivo en el servidor web en el que se ejecuta Camaleon CMS (según los permisos de archivo). Este problema puede provocar una divulgación de información. Este problema se ha solucionado en la versión 2.8.2. Se recomienda a los usuarios que actualicen la versión. No se conocen workarounds para esta vulnerabilidad.

18 Sep 2024, 18:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-09-18 18:15

Updated : 2024-09-24 16:27

NVD link : CVE-2024-46987

Mitre link : CVE-2024-46987

CVE.ORG link : CVE-2024-46987

JSON object : View

Products Affected

tuzitio

camaleon_cms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

7.7 /10