CVE-2024-32643

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-32643

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32643.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-32643

Aliases

GHSA-f469-jh82-97fv

Published

2025-12-03T16:43:31.983Z

Modified

2026-03-03T02:52:46.500120Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator

Summary

Masa CMS vulnerable to authentication bypass with /tag/

Details

Masa CMS is an open source Enterprise Content Management platform. Prior to 7.2.8, 7.3.13, and 7.4.6, if the URL to the page is modified to include a /tag/ declaration, the CMS will render the page regardless of group restrictions. This vulnerability is fixed in 7.2.8, 7.3.13, and 7.4.6.

Database specific

{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/32xxx/CVE-2024-32643.json",
    "cna_assigner": "GitHub_M",
    "cwe_ids": [
        "CWE-863"
    ]
}

References

Affected packages

Git / github.com/masacms/masacms

Affected ranges

Type: GIT
Repo: https://github.com/masacms/masacms
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d1a2e57ef8dbc50c87b178eacc85fcccb05f5b6c

Introduced

484759c901bb04016eb8493d31dcf9dcdf129020

Fixed

2ebf767d40d04562417a0e0442d1c1988078a3c6

Introduced

53d53e7c120068ce1102215805238ab19027fb58

Fixed

fb10af6238e3e2e9aae8afce933ca6407d092fde

Affected versions

7.*

7.3

7.3.1

7.3.10

7.3.11

7.3.12

7.3.2

7.3.3

7.3.4

7.3.5

7.3.6

7.3.7

7.3.8

7.3.9

7.4.0

7.4.0-alpha.1

7.4.0-alpha.2

7.4.0-beta.1

7.4.0-beta.2

7.4.0-beta.3

7.4.1

7.4.2

7.4.3

7.4.4

7.4.5

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-32643.json"