Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
Fixes

Solution

No solution given by the vendor.


Workaround

No workaround given by the vendor.

History

Thu, 12 Sep 2024 20:30:00 +0000

Type Values Removed Values Added
First Time appeared Tina
Tina tina
Weaknesses CWE-312
CPEs cpe:2.3:a:tina:tina:*:*:*:*:*:*:*:*
Vendors & Products Tina
Tina tina

Tue, 03 Sep 2024 21:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Tue, 03 Sep 2024 20:00:00 +0000

Type Values Removed Values Added
Description Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) prior to version 1.6.2 that use a search token may be vulnerable to the search token being leaked via lock file (tina-lock.json). Administrators of Tina-enabled websites with search setup should rotate their key immediately. This issue has been patched in @tinacms/cli version 1.6.2. Upgrading and rotating the search token is required for the proper fix.
Title Tina search token leak via lock file in TinaCMS
Weaknesses CWE-200
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}


cve-icon MITRE

Status: PUBLISHED

Assigner: GitHub_M

Published:

Updated: 2024-09-03T20:23:59.611Z

Reserved: 2024-08-28T20:21:32.801Z

Link: CVE-2024-45391

cve-icon Vulnrichment

Updated: 2024-09-03T20:23:56.008Z

cve-icon NVD

Status : Analyzed

Published: 2024-09-03T20:15:08.627

Modified: 2024-09-12T20:13:30.917

Link: CVE-2024-45391

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

No data.