CVE-2024-45391

HIGH EPSS 22.2%
Published Sep 3, 20241y ago · Modified Jun 17, 20261w ago
7.5 CVSS 3.1
High
Find Similar
Published Sep 3, 2024 1y ago
Last Modified Jun 17, 2026 1w ago

Description

Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.

CVSS Details

Base Score
7.5
Exploitability
3.9
Impact
3.6
Vector string
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality High
Integrity None
Availability None

Threat Intelligence

EPSS Exploit Probability
22.2% percentile
Exploit & Patch Status
No Known Exploit
Patch Available

Weaknesses 2

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor Information Exposure
CWE-312

Affected Products 1

VendorProductVersionRange
sswtinacms\/cli* <1.6.2

References 3

  • github.com https://github.com/tinacms/tinacms/commit/110f1ceea4574d636a64526648f7c8bf6539b26a
    Patch
  • github.com https://github.com/tinacms/tinacms/pull/4758
    Issue Tracking
  • github.com https://github.com/tinacms/tinacms/security/advisories/GHSA-4qrm-9h4r-v2fx
    Vendor Advisory

Remediation

  • github.com https://github.com/tinacms/tinacms/commit/110f1ceea4574d636a64526648f7c8bf6539b26a
    Patch