Cleartext Storage of Sensitive Information

Summary

Tina is an open-source content management system (CMS). Sites building with Tina CMS's command line interface (CLI) that use a search token may be vulnerable to the search token being leaked via lock file ("tina-lock.json"). Administrators of Tina-enabled websites with search setups should rotate their keys immediately. This issue has been patched in @tinacms/cli. Upgrading and rotating the search token is required for the proper fix. This issue affects @tinacms/cli versions through 0.0.0-20240830015911, 0.0.0-20240831145920 through 0.0.0-20240901234315, and 0.4.0 through 1.6.1.