CVE-2024-27292

2024-03-2102:52:19

CWE-706

[email protected]

web.nvd.nist.gov

docassemble

vulnerability

unauthorized access

url manipulation

patch

nvd

cve-2024-27292

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

0.001 Low

EPSS

Percentile

21.7%

JSON

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

Affected configurations

Vulners

Node

jhpyledocassembleRange1.4.53–1.4.97

CNA Affected

[
  {
    "vendor": "jhpyle",
    "product": "docassemble",
    "versions": [
      {
        "version": ">= 1.4.53, < 1.4.97",
        "status": "affected"
      }
    ]
  }
]