Overview
CVE-2024-32642 describes a high-severity vulnerability affecting Masa CMS, an open-source Enterprise Content Management platform. This vulnerability is classified as host header poisoning and allows a malicious actor to potentially take over user accounts via password reset emails. The issue was present in versions prior to 7.2.8, 7.3.13, and 7.4.6 and has been addressed in these respective releases.
Technical Details
The vulnerability stems from insufficient validation of the HTTP Host header. By manipulating the Host header in a password reset request, an attacker can inject a malicious domain. The Masa CMS application then uses this attacker-controlled domain to construct the password reset link sent to the user. When the user clicks on this manipulated link, they are redirected to a phishing site controlled by the attacker, allowing the attacker to steal their credentials or perform other malicious actions.
CVSS Analysis
- CVSS Score: 8.8 (HIGH)
- This score reflects the high impact and exploitability of the vulnerability. The ability to directly compromise user accounts contributes significantly to the high score.
Possible Impact
Successful exploitation of CVE-2024-32642 can have severe consequences:
- Account Takeover: Attackers can gain complete control over user accounts, including administrator accounts.
- Data Breach: Compromised accounts can be used to access sensitive data stored within the CMS.
- Website Defacement: Attackers could alter website content, damaging the organization’s reputation.
- Malware Distribution: The compromised website could be used to distribute malware to visitors.
Mitigation or Patch Steps
The recommended mitigation is to upgrade your Masa CMS installation to one of the following versions:
- 7.2.8 or later
- 7.3.13 or later
- 7.4.6 or later
Regularly update your CMS to the latest version to benefit from security patches and bug fixes.
