Report an incident
Back
  • About us
  • News
  • For experts
Report an incident
About us
About our team Contact
Baza wiedzy
Fałszywe inwestycje Uważaj na fałszywe sklepy online (Nie)bezpieczne płatności Fałszywi konsultanci Zadbaj o bezpieczne hasła i logowanie Fałszywe załączniki w mailach Fałszywe prośby o szybki przelew Fałszywe SMSy - plaga ostatnich miesięcy
Biuletyn OUCH!
Porady bezpieczeństwa OUCH!
For experts
Publications
Projects
n6 Artemis MWDB
CVD program
CVD policy Advisories

Vulnerability in Edito CMS software
02 July 2024 | CERT Polska | #vulnerability, #warning, #cve
CVE ID CVE-2024-4836
Publication date 02 July 2024
Vendor Edito
Product Edito CMS
Vulnerable versions From 3.5 through 3.25
Vulnerability type (CWE) Files or Directories Accessible to External Parties (CWE-552)
Report source Report to CERT Polska

Description

CERT Polska has received a report about a vulnerability in Edito CMS software and participated in coordination of its disclosure.

Web services managed by Edito CMS (Content Management System) in versions from 3.5 through 3.25 leak sensitive data as they allow downloading configuration files by an unauthorized user. The vulnerability has been assigned CVE-2024-4836 identifier.

The issue affects versions from 3.5 through 3.25. It was removed in releases which dates from 10th of January 2014. Higher versions are not affected. It is possible to disable access to sensitive files by using a modified configuration template provided by the vendor.

More about the coordinated vulnerability disclosure process at CERT Polska can be found at https://cert.pl/en/cvd/.