GHSA-vx6p-q4gj-x6xx

Опубликовано: 24 мая 2022

Источник: github

Github: Прошло ревью

CVSS3: 4.9

Описание

Camaleon CMS vulnerable to Server-Side Request Forgery

In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

Ссылки

Пакеты

Наименование

camaleon_cms

rubygems

Затронутые версииВерсия исправления

>= 2.1.2.0, < 2.6.0.1

2.6.0.1

EPSS

Процентиль: 55%

0.00324

Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2021-25972

Дефекты

CWE-918

Связанные уязвимости

CVE-2021-25972

CVSS3: 4.9

nvd

больше 4 лет назад

In Camaleon CMS, versions 2.1.2.0 to 2.6.0, are vulnerable to Server-Side Request Forgery (SSRF) in the media upload feature, which allows admin users to fetch media files from external URLs but fails to validate URLs referencing to localhost or other internal servers. This allows attackers to read files stored in the internal server.

EPSS

Процентиль: 55%

0.00324

Низкий

4.9 Medium

CVSS3

CVE ID

CVE-2021-25972

Дефекты

CWE-918