CVE-2024-46986

Опубликовано: 18 сент. 2024

Источник: nvd

CVSS3: 9.9

EPSS Критический

Описание

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. An arbitrary file write vulnerability accessible via the upload method of the MediaController allows authenticated users to write arbitrary files to any location on the web server Camaleon CMS is running on (depending on the permissions of the underlying filesystem). E.g. This can lead to a delayed remote code execution in case an attacker is able to write a Ruby file into the config/initializers/ subfolder of the Ruby on Rails application. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Ссылки

https://codeql.github.com/codeql-query-help/ruby/rb-path-injection
Third Party Advisory
https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-wmjg-vqhv-q5p5
Exploit
Third Party Advisory
https://owasp.org/www-community/attacks/Path_Traversal
Issue Tracking
https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS
https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released
Patch

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*

Версия до 2.8.2 (исключая)

EPSS

Процентиль: 100%

0.92294

Критический

9.9 Critical

CVSS3

Дефекты

CWE-74

CWE-22

Связанные уязвимости

GHSA-wmjg-vqhv-q5p5

CVSS3: 8.8

github

больше 1 года назад

Camaleon CMS affected by arbitrary file write to RCE (GHSL-2024-182)