CVE-2024-32642

Exploit

EPSS 0.16%
Veröffentlicht 03.12.2025 16:37:53
Zuletzt bearbeitet 05.12.2025 15:36:02
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Host header poisoning allows account takeover via password reset email

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 5

NVD 3 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Masacms ≫ Masacms Version < 7.2.8

Masacms ≫ Masacms Version >= 7.3 < 7.3.13

Masacms ≫ Masacms Version >= 7.4.0 < 7.4.6

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.16%	0.059

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-346 Origin Validation Error

The product does not properly verify that the source of data or communication is valid.

CWE-640 Weak Password Recovery Mechanism for Forgotten Password

The product contains a mechanism for users to recover or change their passwords without knowing the original password, but the mechanism is weak.

https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8

Vendor Advisory

Exploit

https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d8960

Patch

https://nvd.nist.gov/vuln/detail/CVE-2024-32642

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2024-32642

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2024-32642

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2024-32642