CVE-2024-32642 — HIGH (8.8)

Q: How severe is CVE-2024-32642?

CVE-2024-32642 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-32642?

Check the references section above for vendor advisories and patch information. Affected products include: Masacms Masacms.

Vulnerability Description

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset email. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

CVSS Score

8.8

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Masacms	Masacms	< 7.2.8

Related Weaknesses (CWE)

CWE-346 CWE-640

References

https://github.com/MasaCMS/MasaCMS/commit/7541b9c99fb9e32d1de6f2658750525cec1d89Patch
https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-qjm6-c8hx-ffh8ExploitVendor Advisory

FAQ

What is CVE-2024-32642?

CVE-2024-32642 is a vulnerability with a CVSS score of 8.8 (HIGH). Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, there is vulnerable to host header poisoning which allows account takeover via password reset emai...

How severe is CVE-2024-32642?

CVE-2024-32642 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-32642?

Check the references section above for vendor advisories and patch information. Affected products include: Masacms Masacms.