Plattform
php
Komponente
craftcms/cms
Behoben in
5.0.1
4.0.1
5.4.6
CVE-2024-52291 is a critical vulnerability discovered in CraftCMS that allows attackers to bypass local file system validation. This bypass is achieved through the use of a double file:// scheme, enabling malicious file overwrites and potentially unauthorized access to sensitive files. The vulnerability impacts CraftCMS versions 5.4.5.1 and earlier, and a fix is available in version 5.4.6.
The primary impact of CVE-2024-52291 is the ability for an attacker to overwrite files on the server. By manipulating the file path with the double file:// scheme, an attacker can bypass intended security checks and specify arbitrary directories as the target for uploads or modifications. This could allow them to overwrite critical configuration files, inject malicious code, or gain access to sensitive data stored on the system. In scenarios where CraftCMS is configured with allowAdminChanges enabled, the risk of RCE via SSTI payloads is significantly increased, allowing for the execution of arbitrary code on the server. The blast radius extends to any data accessible through the file system, and the potential for complete system compromise is present.
CVE-2024-52291 was publicly disclosed on November 13, 2024. Currently, there are no reports of active exploitation in the wild, but the availability of a public proof-of-concept increases the likelihood of future attacks. The vulnerability is not currently listed on the CISA KEV catalog. Given the relatively straightforward exploitation technique and the potential for RCE, it is considered a high-priority vulnerability to address.
Organizations using CraftCMS with the allowAdminChanges setting enabled are particularly at risk. Shared hosting environments where multiple users share the same server instance are also vulnerable, as an attacker could potentially exploit this vulnerability to gain access to other users' data. Legacy CraftCMS installations with outdated plugins or themes may exacerbate the risk.
• php: Examine web server access logs for requests containing the double file:// scheme.
grep 'file://file://' /var/log/apache2/access.log• php: Monitor CraftCMS configuration files for unexpected modifications, particularly those related to file upload settings.
• generic web: Scan for exposed file upload endpoints and test with crafted payloads containing the double file:// scheme to identify potential bypasses.
• generic web: Review server-side template rendering logic for potential SSTI vulnerabilities.
disclosure
Exploit-Status
EPSS
0.09% (26% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2024-52291 is to upgrade CraftCMS to version 5.4.6 or later, which contains the fix for this vulnerability. If upgrading immediately is not feasible, consider temporarily disabling the allowAdminChanges setting in the configuration file. This reduces the risk of RCE exploitation. Additionally, implement strict file upload validation and sanitization on the server to prevent malicious file uploads. Monitor file system activity for unexpected modifications or unauthorized access attempts. Web application firewalls (WAFs) can be configured to block requests containing the double file:// scheme, providing an additional layer of defense.
Actualice Craft CMS a la versión 5.4.6 o superior, o a la versión 4.12.5 o superior. Esto corrige la vulnerabilidad de omisión de validación del sistema de archivos local. Asegúrese de deshabilitar la opción `allowAdminChanges` si no es necesaria.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-52291 is a HIGH severity vulnerability in CraftCMS that allows attackers to bypass file system validation using a double file:// scheme, potentially leading to file overwrites and unauthorized access.
Yes, if you are running CraftCMS version 5.4.5.1 or earlier, you are affected by this vulnerability. Upgrade to 5.4.6 to mitigate the risk.
The recommended fix is to upgrade CraftCMS to version 5.4.6 or later. As a temporary workaround, disable the allowAdminChanges setting in your configuration file.
While no active exploitation campaigns have been confirmed, the vulnerability's ease of exploitation makes it a high-priority concern. Monitor your systems for suspicious activity.
Refer to the official CraftCMS security advisory for detailed information and updates: https://craftcms.com/docs/5.x/security/
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.