Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.
History

Wed, 13 Nov 2024 19:15:00 +0000

Type Values Removed Values Added
First Time appeared Craftcms
Craftcms craft Cms
CPEs cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
Vendors & Products Craftcms
Craftcms craft Cms
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'poc', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Wed, 13 Nov 2024 16:30:00 +0000

Type Values Removed Values Added
Description Craft is a content management system (CMS). The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function within a system notification template, the attacker can exfiltrate the Base64-encoded file content through a triggered system email notification. Once the email is received, the Base64 payload can be decoded, allowing the attacker to read arbitrary files on the server. This is fixed in 5.4.9 and 4.12.8.
Title Craft Allows Attackers to Read Arbitrary System Files
Weaknesses CWE-22
CWE-552
References
Metrics cvssV3_1

{'score': 7.7, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published: 2024-11-13T16:08:32.698Z

Updated: 2024-11-13T18:53:58.779Z

Reserved: 2024-11-06T19:00:26.394Z

Link: CVE-2024-52292

cve-icon Vulnrichment

Updated: 2024-11-13T18:53:53.857Z

cve-icon NVD

Status : Received

Published: 2024-11-13T17:15:12.303

Modified: 2024-11-13T17:15:12.303

Link: CVE-2024-52292

cve-icon Redhat

No data.