CVE-2024-46898 – SHIRASAGI CMS versions before 1.19.1 have a pat... (How to Fix)

Q: What is the severity of CVE-2024-46898?

CVE-2024-46898 has a CVSS score of 7.5 (HIGH). SHIRASAGI CMS versions before 1.19.1 have a path traversal vulnerability that allows attackers to read arbitrary files on the server by sending specially crafted HTTP requests. This affects all SHIRASAGI installations running vulnerable versions. Attackers can potentially access sensitive configuration files, source code, or other protected data.

📋 TL;DR

SHIRASAGI CMS versions before 1.19.1 have a path traversal vulnerability that allows attackers to read arbitrary files on the server by sending specially crafted HTTP requests. This affects all SHIRASAGI installations running vulnerable versions. Attackers can potentially access sensitive configuration files, source code, or other protected data.

💻 Affected Systems

Products:

SHIRASAGI CMS

Versions: All versions prior to v1.19.1

Operating Systems: All platforms running SHIRASAGI

Default Config Vulnerable: ⚠️ Yes

Notes: All SHIRASAGI installations using default configurations are vulnerable. The vulnerability exists in URL processing logic.

📦 What is this software?

Shirasagi by Ss Proj

View all CVEs affecting Shirasagi →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete server compromise through retrieval of sensitive files like configuration files containing database credentials, SSH keys, or other authentication secrets, leading to further system exploitation.

🟠

Likely Case

Unauthorized access to sensitive files containing application configuration, user data, or system information that could facilitate additional attacks.

🟢

If Mitigated

Limited file access restricted by file permissions and directory structures, with no critical credentials exposed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability requires crafting HTTP requests with path traversal sequences. No authentication is required to exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: v1.19.1

Vendor Advisory: https://www.ss-proj.org/

Restart Required: Yes

Instructions:

1. Backup your SHIRASAGI installation and database. 2. Update to SHIRASAGI v1.19.1 or later using git pull or package update. 3. Restart the application server. 4. Verify the fix by checking the version.

🔧 Temporary Workarounds

Web Application Firewall (WAF) Rules

all

Implement WAF rules to block path traversal patterns in URLs

File Permission Restrictions

linux

Restrict file system permissions to limit accessible directories

chmod 750 /path/to/shirasagi/files
chown www-data:www-data /path/to/shirasagi

🧯 If You Can't Patch

Implement strict input validation to reject URLs containing path traversal sequences (../, ..\)
Deploy a reverse proxy or WAF with rules to detect and block path traversal attempts

🔍 How to Verify

Check if Vulnerable:

Check if SHIRASAGI version is below 1.19.1 by examining the application version in admin panel or checking gemfile.lock

Check Version:

grep -r 'shirasagi' Gemfile.lock | grep -o '[0-9]\+\.[0-9]\+\.[0-9]\+'

Verify Fix Applied:

After updating, verify version is 1.19.1 or higher and test that path traversal attempts return proper error responses

📡 Detection & Monitoring

Log Indicators:

HTTP requests containing ../ or ..\ sequences
Unusual file access patterns in application logs
404 errors for files that shouldn't be accessible

Network Indicators:

HTTP requests with encoded path traversal sequences (%2e%2e%2f)
Multiple failed file access attempts from single IP

SIEM Query:

source="web_logs" AND (url="*../*" OR url="*..\\*" OR url="*%2e%2e%2f*")

📊 Metadata

CVE ID: CVE-2024-46898

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE: CWE-22

Published: October 15, 2024

Last Updated: October 17, 2024

🔗 References

https://github.com/shirasagi/shirasagi/commit/5ac4685d7e4330f949f13219069107fc5d768934 Patch
https://jvn.jp/en/jp/JVN58721679/ Third Party Advisory
https://www.ss-proj.org/ Product

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-46898, you might also want to check these: