Path traversal vulnerability in Chameleon Power products

Posted date 22/11/2023

Importance

4 - High

Affected Resources

Chameleon Power framework, 1.0 version.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects Chameleon Power framework, which has been discovered by Daniel Martínez Adan (adon90), member of Holcim EDC.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

CVE-2023-6252: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-35.

Solution

There is no reported solution at this time.

Detail

CVE-2023-6252: path traversal vulnerability affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.

References list

Vendor website

Etiquetas

CNA
Vulnerability