Statamic account takeover via XSS and password reset link
CVE-2024-24570

8.2HIGH

Key Information:

Vendor: Statamic
Status: Cms
Vendor: CVE Published:; 1 February 2024

What is CVE-2024-24570?

Statamic, a Laravel and Git powered content management system (CMS), is susceptible to a cross-site scripting (XSS) vulnerability. This security issue arises when HTML files are manipulated to mimic JPG files, enabling malicious uploads via front-end forms without proper mime type validation. Additionally, the vulnerability impacts asset fields in the control panel and the asset browser, posing a risk if an authorized user executes the crafted XSS. This exploitation may also lead to unauthorized access to a user's password reset token through the 'copy password reset link' feature. In response, versions 4.46.0 and 3.4.17 have patched the XSS vulnerability and disabled the password reset link functionality.

Affected Version(s)

cms < 3.4.17 < 3.4.17

cms >= 4.0.0, < 4.46.0 < 4.0.0, 4.46.0

References

https://github.com/statamic/cms/security/advisories/GHSA-...

x_refsource_CONFIRM

http://seclists.org/fulldisclosure/2024/Feb/17

http://packetstormsecurity.com/files/177133/Statamic-CMS-...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

Low

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 1, 2024
Vulnerability Reserved
Jan 25, 2024

CVE-2024-24570 Data

JSON