7.5
CVE-2024-45391
- EPSS 0.31%
- Veröffentlicht 03.09.2024 20:15:08
- Zuletzt bearbeitet 13.03.2026 19:37:28
- Quelle security-advisories@github.com
- CVE-Watchlists
- Unerledigt
LoginTina search token leak via lock file in TinaCMS
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ssw ≫ Tinacms/cli SwPlatformnode.js Version < 1.6.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.31% | 0.22 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
| security-advisories@github.com | 7.5 | 3.9 | 3.6 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
|
CWE-200 Exposure of Sensitive Information to an Unauthorized Actor
The product exposes sensitive information to an actor that is not explicitly authorized to have access to that information.
CWE-312 Cleartext Storage of Sensitive Information
The product stores sensitive information in cleartext within a resource that might be accessible to another control sphere.
https://github.com/tinacms/tinacms/commit/110f1ceea4574d636a64526648f7c8bf6539b26a
https://github.com/tinacms/tinacms/pull/4758
https://github.com/tinacms/tinacms/security/advisories/GHSA-4qrm-9h4r-v2fx