PT-2024-31595 · Unknown · @Tinacms/Cli
Mattsbennett
·
Published
2024-09-03
·
Updated
2024-09-12
·
CVE-2024-45391
CVSS v4.0
8.7
High
| Vector | AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N |
Name of the Vulnerable Software and Affected Versions
@tinacms/cli versions prior to 1.6.2
Description
Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2.
Recommendations
For versions prior to 1.6.2, upgrade to version 1.6.2 and rotate the search token to fix the issue properly.
As a temporary workaround, consider rotating the search token immediately to minimize the risk of exploitation.
Exploit
Fix
Information Disclosure
Cleartext Storage of Sensitive Information
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
@Tinacms/Cli