CVE-2024-46987

Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability.

CVSS v3 7.7 HIGH

7.7^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.1 / Impact : 4.0

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope CHANGED

References

Link	Resource
https://codeql.github.com/codeql-query-help/ruby/rb-path-injection	Third Party Advisory
https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c	Exploit Third Party Advisory
https://owasp.org/www-community/attacks/Path_Traversal	Issue Tracking
https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS
https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released	Patch

Configurations

Configuration 1 (hide)

cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*

History

17 Apr 2025, 19:15

Type	Values Removed	Values Added
References		() https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS -

Information

Published : 2024-09-18 18:15

Updated : 2025-04-17 19:15

NVD link : CVE-2024-46987

Mitre link : CVE-2024-46987

CVE.ORG link : CVE-2024-46987

JSON object : View

Products Affected

tuzitio

camaleon_cms

CWE

CWE-22

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CWE-200

Exposure of Sensitive Information to an Unauthorized Actor

{"id": "CVE-2024-46987", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "CHANGED", "version": "3.1", "baseScore": 7.7, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 4.0, "exploitabilityScore": 3.1}]}, "published": "2024-09-18T18:15:07.440", "references": [{"url": "https://codeql.github.com/codeql-query-help/ruby/rb-path-injection", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c", "tags": ["Exploit", "Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://owasp.org/www-community/attacks/Path_Traversal", "tags": ["Issue Tracking"], "source": "security-advisories@github.com"}, {"url": "https://securitylab.github.com/advisories/GHSL-2024-182_GHSL-2024-186_Camaleon_CMS", "source": "security-advisories@github.com"}, {"url": "https://www.reddit.com/r/rails/comments/1exwtdm/camaleon_cms_281_has_been_released", "tags": ["Patch"], "source": "security-advisories@github.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-22"}, {"lang": "en", "value": "CWE-200"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-22"}]}], "descriptions": [{"lang": "en", "value": "Camaleon CMS is a dynamic and advanced content management system based on Ruby on Rails. A path traversal vulnerability accessible via MediaController's download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions). This issue may lead to Information Disclosure. This issue has been addressed in release version 2.8.2. Users are advised to upgrade. There are no known workarounds for this vulnerability."}, {"lang": "es", "value": "Camaleon CMS es un sistema de gesti\u00f3n de contenido din\u00e1mico y avanzado basado en Ruby on Rails. Una vulnerabilidad de path traversal accesible a trav\u00e9s del m\u00e9todo download_private_file de MediaController permite a los usuarios autenticados descargar cualquier archivo en el servidor web en el que se ejecuta Camaleon CMS (seg\u00fan los permisos de archivo). Este problema puede provocar una divulgaci\u00f3n de informaci\u00f3n. Este problema se ha solucionado en la versi\u00f3n 2.8.2. Se recomienda a los usuarios que actualicen la versi\u00f3n. No se conocen workarounds para esta vulnerabilidad."}], "lastModified": "2025-04-17T19:15:59.520", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:tuzitio:camaleon_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E62BEDCB-380F-464A-AE80-BB11A1FC2BE6", "versionEndExcluding": "2.8.2", "versionStartIncluding": "2.8.0"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}