CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda

CVE-2023-6905

CVE-2023-6903

CVE-2023-6904

CVE-2023-3907

Path traversal vulnerability in Chalemelon Power framework, affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.

Affected Resources

*   Chameleon Power framework, 1.0 version.

Description

INCIBE has coordinated the publication of one vulnerabilitiy that affects Chameleon Power framework, which has been discovered by Daniel Martínez Adan (adon90), member of Holcim EDC.

This vulnerabilitiy has been assigned the following code, CVSS v3.1 base score, CVSS vector string, and CWE vulnerability type:

*   CVE-2023-6252: CVSS v3.1: 7.5 | CVSS: AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N | CWE-35.

Solution

There is no reported solution at this time.

Detail

*   **CVE-2023-6252**: path traversal vulnerability affecting the getImage parameter. This vulnerability could allow a remote user to read files located on the server and gain access to sensitive information such as configuration files.

Headline

CVE-2023-6252: Path traversal vulnerability in Chameleon Power products

CVE: Latest News