CVE-2024-46987

CVSS 3.1 Score 7.7 of 10 (high)

Details

Published Sep 18, 2024
Updated: Sep 20, 2024
CWE ID 22
CWE ID 200

Summary

CVE-2024-46987 is a path traversal vulnerability affecting the Camaleon CMS, a content management system built on Ruby on Rails, which allows authenticated users to download arbitrary files from the server depending on file permissions. This vulnerability poses a high risk of information disclosure, with a CVSS base score of 7.7, as it requires low privileges and no user interaction. The flaw is present in the MediaController's download_private_file method and has been addressed in release version 2.8.2; therefore, users are strongly advised to upgrade to this version to mitigate the risk. There are currently no known workarounds available for this issue. The potential danger includes unauthorized access to sensitive information stored on the server, which could compromise organizational security.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share