Instituto Nacional de ciberseguridad. Sección Incibe
Instituto Nacional de Ciberseguridad. Sección INCIBE-CERT

Go to Calendar     Go to Press Room     Go to Newsletters subscription

Search

Path traversal vulnerability in Chameleon Power products

Posted date 22/11/2023
Identificador
INCIBE-2023-0515
Importance
4 - High
Affected Resources
  • Chameleon Power framework, 1.0 version.
Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects Chameleon Power framework, which has been discovered by Daniel Martínez Adan (adon90), member of Holcim EDC.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

  • CVE-2023-6252: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-35.
Solution

There is no reported solution at this time.

Detail
  • CVE-2023-6252: path traversal vulnerability affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.
References list
Vendor website
Etiquetas