CVE-2024-32643
BaseFortify
Publication date: 2025-12-03
Last updated on: 2025-12-05
Assigner: GitHub, Inc.
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| masacms | masacms | to 7.2.8 (exc) |
| masacms | masacms | From 7.3 (inc) to 7.3.13 (exc) |
| masacms | masacms | From 7.4.0 (inc) to 7.4.6 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-863 | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Masa CMS allows an attacker to bypass group restrictions by modifying the URL to include a /tag/ declaration. When this is done, the CMS will render the page regardless of the intended access controls, potentially exposing content that should be restricted.
How can this vulnerability impact me? :
The vulnerability can lead to unauthorized access to restricted content within the Masa CMS platform. This means sensitive or confidential information could be exposed to users who should not have permission to view it, potentially leading to data breaches or information leakage.
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
This vulnerability could negatively impact compliance with standards and regulations such as GDPR and HIPAA because unauthorized disclosure of restricted content may involve personal or sensitive data. Such exposure could result in violations of data protection requirements and lead to legal and regulatory consequences.
What immediate steps should I take to mitigate this vulnerability?
Upgrade Masa CMS to version 7.2.8, 7.3.13, or 7.4.6 or later, as these versions contain the fix for the vulnerability that allows bypassing group restrictions via the /tag/ URL modification.