CVE-2024-52291

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2024-52291
Craft is a content management system (CMS). A vulnerability in CraftCMS allows an attacker to bypass local file system validation by utilizing a double file:// scheme (e.g., file://file:////). This enables the attacker to specify sensitive folders as the file system, leading to potential file overwriting through malicious uploads, unauthorized access to sensitive files, and, under certain conditions, remote code execution (RCE) via Server-Side Template Injection (SSTI) payloads. Note that this will only work if you have an authenticated administrator account with allowAdminChanges enabled. This is fixed in 5.4.6 and 4.12.5.

7.2 /10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 1.2 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required HIGH

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q Exploit Vendor Advisory
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*
History

19 Nov 2024, 18:06

Type Values Removed Values Added
First Time Craftcms craft Cms
Craftcms
CVSS v2 : unknown
v3 : 8.4 		v2 : unknown
v3 : 7.2
CPE cpe:2.3:a:craftcms:craft_cms:4.0.0:rc3:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:5.0.0:rc1:*:*:*:*:*:*
References () https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q - () https://github.com/craftcms/cms/security/advisories/GHSA-jrh5-vhr9-qh7q - Exploit, Vendor Advisory

15 Nov 2024, 14:00

Type Values Removed Values Added
Summary
  • (es) Craft es un sistema de gestión de contenido (CMS). Una vulnerabilidad en CraftCMS permite a un atacante eludir la validación del sistema de archivos local mediante un esquema file:// doble (por ejemplo, file://file:////). Esto permite al atacante especificar carpetas confidenciales como sistema de archivos, lo que lleva a una posible sobrescritura de archivos mediante cargas maliciosas, acceso no autorizado a archivos confidenciales y, en determinadas condiciones, ejecución remota de código (RCE) mediante payloads de Server-Side Template Injection (SSTI). Tenga en cuenta que esto solo funcionará si tiene una cuenta de administrador autenticada con allowAdminChanges habilitado. Esto se solucionó en 5.4.6 y 4.12.5.

13 Nov 2024, 17:15

Type Values Removed Values Added
New CVE
Information

Published : 2024-11-13 17:15

Updated : 2024-11-19 18:06

NVD link : CVE-2024-52291

Mitre link : CVE-2024-52291

CVE.ORG link : CVE-2024-52291

JSON object : View

Products Affected

craftcms

  • craft_cms
CWE
CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')