CVE-2024-27292

EPSS 69.49%
Veröffentlicht 21.03.2024 02:52:19
Zuletzt bearbeitet 02.09.2025 13:37:21
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Docassemble unauthorized access through URL manipulation

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Jhpyle ≫ Docassemble Version >= 1.4.53 < 1.4.97

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	69.49%	0.993

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CWE-706 Use of Incorrectly-Resolved Name or Reference

The product uses a name or reference to access a resource, but the name/reference resolves to a resource that is outside of the intended control sphere.

https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9

Patch

https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv

Third Party Advisory

https://nvd.nist.gov/vuln/detail/CVE-2024-27292

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-27292

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-27292

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-27292