Lucene search

RubySecRUBY:CAMALEON_CMS-2021-25972

HistoryMay 23, 2022 - 9:00 p.m.

Camaleon CMS vulnerable to Server-Side Request Forgery

2022-05-2321:00:00

RubySec

github.com

camaleon cms

server-side request forgery

vulnerability

media upload

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

JSON

In Camaleon CMS, versions 2.1.2.0 through 2.6.0, are vulnerable to Server-Side
Request Forgery (SSRF) in the media upload feature, which allows admin users to
fetch media files from external URLs but fails to validate URLs referencing to localhost
or other internal servers. This allows attackers to read files stored in the internal
server.

Affected configurations

Vulners

Node

rubycamaleon_cmsRange≤2.6.0.1

VendorProductVersionCPE
rubycamaleon_cms*cpe:2.3:a:ruby:camaleon_cms:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ruby	camaleon_cms	*	cpe:2.3:a:ruby:camaleon_cms::::::::

References

github.com/owen2345/camaleon-cms/commit/5a252d537411fdd0127714d66c1d76069dc7e190

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:S/C:P/I:N/A:N

CVSS3

4.9

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

JSON

Related for RUBY:CAMALEON_CMS-2021-25972