CVE-2024-27292

Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9	Patch
https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv	Third Party Advisory
https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9	Patch
https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv	Third Party Advisory

Configurations

Configuration 1 (hide)

cpe:2.3:a:jhpyle:docassemble:*:*:*:*:*:*:*:*

History

02 Sep 2025, 13:37

Type	Values Removed	Values Added
CPE		cpe:2.3:a:jhpyle:docassemble::::::::
References	~~() https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 -~~	() https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9 - Patch
References	~~() https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv -~~	() https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv - Third Party Advisory
First Time		Jhpyle docassemble Jhpyle

Information

Published : 2024-03-21 02:52

Updated : 2025-09-02 13:37

NVD link : CVE-2024-27292

Mitre link : CVE-2024-27292

CVE.ORG link : CVE-2024-27292

JSON object : View

Products Affected

jhpyle

docassemble

CWE

CWE-706

Use of Incorrectly-Resolved Name or Reference

{"id": "CVE-2024-27292", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-03-21T02:52:19.560", "references": [{"url": "https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9", "tags": ["Patch"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv", "tags": ["Third Party Advisory"], "source": "security-advisories@github.com"}, {"url": "https://github.com/jhpyle/docassemble/commit/97f77dc486a26a22ba804765bfd7058aabd600c9", "tags": ["Patch"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://github.com/jhpyle/docassemble/security/advisories/GHSA-jq57-3w7p-vwvv", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-706"}]}], "descriptions": [{"lang": "en", "value": "Docassemble is an expert system for guided interviews and document assembly. The vulnerability allows attackers to gain unauthorized access to information on the system through URL manipulation. It affects versions 1.4.53 to 1.4.96. The vulnerability has been patched in version 1.4.97 of the master branch."}, {"lang": "es", "value": "Docassemble es un sistema experto para entrevistas guiadas y montaje de documentos. La vulnerabilidad permite a los atacantes obtener acceso no autorizado a informaci\u00f3n del sistema mediante la manipulaci\u00f3n de URL. Afecta a las versiones 1.4.53 a 1.4.96. La vulnerabilidad ha sido parcheada en la versi\u00f3n 1.4.97 de la rama maestra."}], "lastModified": "2025-09-02T13:37:21.560", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jhpyle:docassemble:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9BF71B1D-D8DC-4B52-AB46-4611911CCC72", "versionEndExcluding": "1.4.97", "versionStartIncluding": "1.4.53"}], "operator": "OR"}]}], "sourceIdentifier": "security-advisories@github.com"}