Description

Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.

INFO

Published Date :

2024-09-03T19:43:07.417Z

Last Modified :

2024-09-03T20:23:59.611Z

Source :

GitHub_M
AFFECTED PRODUCTS

The following products are affected by CVE-2024-45391 vulnerability.

Vendors Products
Ssw
  • Tinacms\/cli
REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2024-45391.

URL Resource
https://github.com/tinacms/tinacms/commit/110f1ceea4574d636a64526648f7c8bf6539b26a cve-icon cve-icon
https://github.com/tinacms/tinacms/pull/4758 cve-icon cve-icon
https://github.com/tinacms/tinacms/security/advisories/GHSA-4qrm-9h4r-v2fx cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact