Vulnerabilites related to owen2345 - camaleon-cms
cve-2024-46986
Vulnerability from cvelistv5
Published
2024-09-18 17:14
Modified
2024-09-18 19:01
Severity ?
EPSS score ?
Summary
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5 | x_refsource_CONFIRM | |
| https://codeql.github.com/codeql-query-help/ruby/rb-path-injection | x_refsource_MISC | |
| https://owasp.org/www-community/attacks/Path_Traversal | x_refsource_MISC | |
| https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| owen2345 | camaleon-cms |
Version: < 2.8.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "camaleon_cms",
"vendor": "tuzitio",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46986",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T19:00:17.229195Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T19:01:11.521Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "camaleon-cms",
"vendor": "owen2345",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 10,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-74",
"description": "CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component (\u0027Injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:14:09.127Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5"
},
{
"name": "https://codeql.github.com/codeql-query-help/ruby/rb-path-injection",
"tags": [
"x_refsource_MISC"
],
"url": "https://codeql.github.com/codeql-query-help/ruby/rb-path-injection"
},
{
"name": "https://owasp.org/www-community/attacks/Path_Traversal",
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/Path_Traversal"
},
{
"name": "https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released"
}
],
"source": {
"advisory": "GHSA-wmjg-vqhv-q5p5",
"discovery": "UNKNOWN"
},
"title": "Arbitrary file write leading to RCE in Camaleon CMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46986",
"datePublished": "2024-09-18T17:14:09.127Z",
"dateReserved": "2024-09-16T16:10:09.018Z",
"dateUpdated": "2024-09-18T19:01:11.521Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
cve-2024-46987
Vulnerability from cvelistv5
Published
2024-09-18 17:15
Modified
2024-09-18 18:59
Severity ?
EPSS score ?
Summary
Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.
References
| ▼ | URL | Tags |
|---|---|---|
| https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c | x_refsource_CONFIRM | |
| https://codeql.github.com/codeql-query-help/ruby/rb-path-injection | x_refsource_MISC | |
| https://owasp.org/www-community/attacks/Path_Traversal | x_refsource_MISC | |
| https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released | x_refsource_MISC |
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| owen2345 | camaleon-cms |
Version: < 2.8.2 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "camaleon_cms",
"vendor": "tuzitio",
"versions": [
{
"lessThan": "2.8.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-46987",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-09-18T18:57:11.155462Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T18:59:41.388Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "camaleon-cms",
"vendor": "owen2345",
"versions": [
{
"status": "affected",
"version": "\u003c 2.8.2"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController\u0027s download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.7,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-200",
"description": "CWE-200: Exposure of Sensitive Information to an Unauthorized Actor",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22: Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-18T17:15:45.829Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c"
},
{
"name": "https://codeql.github.com/codeql-query-help/ruby/rb-path-injection",
"tags": [
"x_refsource_MISC"
],
"url": "https://codeql.github.com/codeql-query-help/ruby/rb-path-injection"
},
{
"name": "https://owasp.org/www-community/attacks/Path_Traversal",
"tags": [
"x_refsource_MISC"
],
"url": "https://owasp.org/www-community/attacks/Path_Traversal"
},
{
"name": "https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released",
"tags": [
"x_refsource_MISC"
],
"url": "https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released"
}
],
"source": {
"advisory": "GHSA-cp65-5m9r-vc2c",
"discovery": "UNKNOWN"
},
"title": "Arbitrary path traversal in Camaleon CMS"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-46987",
"datePublished": "2024-09-18T17:15:45.829Z",
"dateReserved": "2024-09-16T16:10:09.019Z",
"dateUpdated": "2024-09-18T18:59:41.388Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}