CVE-2024-46987 is a high-severity path traversal vulnerability found in Tuzitio's Camaleon CMS, a content management system based on Ruby on Rails. This vulnerability allows authenticated users to exploit the MediaController's download_private_file method to download arbitrary files from the server, contingent on file permissions. The risk to organizations includes potential information disclosure, which could lead to unauthorized access to sensitive data. Given the nature of this vulnerability, organizations should prioritize patching immediately.
The vulnerability has been assigned a CVSS score of 7.7, classifying it as high severity. This rating reflects the low attack complexity and the requirement for low privileges to exploit the vulnerability, indicating that it can be easily targeted by unauthorized users. The urgency for defenders is underscored by the fact that there are no known workarounds available, making prompt remediation critical.
Tuzitio has released version 2.8.2 to address this issue, and users of Camaleon CMS are strongly advised to upgrade to this version to mitigate the risks associated with this vulnerability.
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
.webp)