GHSA-cp65-5m9r-vc2c: Camaleon CMS vulnerable to arbitrary path traversal (GHSL-2024-183)

September 18, 2024

A path traversal vulnerability accessible via MediaController’s download_private_file method allows authenticated users to download any file on the web server Camaleon CMS is running on (depending on the file permissions).

References

github.com/advisories/GHSA-cp65-5m9r-vc2c
github.com/owen2345/camaleon-cms
github.com/owen2345/camaleon-cms/commit/071b1b09d6d61ab02a5960b1ccafd9d9c2155a3e
github.com/owen2345/camaleon-cms/security/advisories/GHSA-cp65-5m9r-vc2c

Code Behaviors & Features

Detect and mitigate GHSA-cp65-5m9r-vc2c with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →