High severityNVD Advisory· Published Feb 29, 2024· Updated Aug 2, 2024

Docassemble unauthorized access through URL manipulation

CVE-2024-27292

Description

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
docassemble.webappPyPI	>= 1.4.53, < 1.4.97	1.4.97
docassemble.basePyPI	>= 1.4.53, < 1.4.97	1.4.97

Affected products

ghsa-coords2 versions
pkg:pypi/docassemble.base pkg:pypi/docassemble.webapp
>= 1.4.53, < 1.4.97+ 1 more
- (no CPE)range: >= 1.4.53, < 1.4.97
- (no CPE)range: >= 1.4.53, < 1.4.97
jhpyle/docassemblecpe-rescue
Range: >= 1.4.53, < 1.4.97

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-jq57-3w7p-vwvvghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-27292ghsaADVISORY
github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9ghsax_refsource_MISCWEB
github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvvghsax_refsource_CONFIRMWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.056
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000