CVE-2024-46987

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2024-46987

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-46987.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-46987

Aliases

GHSA-cp65-5m9r-vc2c

Published

2024-09-18T18:15:07Z

Modified

2024-10-08T04:23:11.268577Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N CVSS Calculator

Summary

[none]

Details

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's downloadprivatefile method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

References

Affected packages

Git / github.com/owen2345/camaleon-cms

Affected ranges

Type: GIT
Repo: https://github.com/owen2345/camaleon-cms
Events: Introduced

feccb96e542319ed608acd3a16fa5d92f13ede67

Fixed

b450c33929ed4f88ac40d8c59c3991da687d02a7

Affected versions

2.*

2.8.0

2.8.1