CVE-2024-32643 — HIGH (7.5)

Q: How severe is CVE-2024-32643?

CVE-2024-32643 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-32643?

Check the references section above for vendor advisories and patch information. Affected products include: Masacms Masacms.

Vulnerability Description

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Masacms	Masacms	< 7.2.8

Related Weaknesses (CWE)

CWE-863

References

https://github.com/MasaCMS/MasaCMS/commit/d1a2e57ef8dbc50c87b178eacc85fcccb05f5bPatch
https://github.com/MasaCMS/MasaCMS/security/advisories/GHSA-f469-jh82-97fvExploitVendor Advisory

FAQ

What is CVE-2024-32643?

CVE-2024-32643 is a vulnerability with a CVSS score of 7.5 (HIGH). Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page re...

How severe is CVE-2024-32643?

CVE-2024-32643 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-32643?

Check the references section above for vendor advisories and patch information. Affected products include: Masacms Masacms.