CVE-2024-45391

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Sep 3, 2024
CWE ID 200

Summary

CVE-2024-45391 affects Tina CMS versions prior to 1.6.2, where a vulnerability allows search tokens to be leaked through the lock file (tina-lock.json). This issue poses a high risk to organizations using Tina-enabled websites with search functionality, as it can lead to unauthorized access to sensitive data. To remediate this vulnerability, administrators must upgrade to @tinacms/cli version 1.6.2 and rotate any exposed search tokens immediately. The exploitability score for this vulnerability is 3.9, indicating a low attack complexity and high confidentiality impact. Failure to address this issue could result in significant data exposure due to the network-based attack vector with no required user interaction.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share