CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
31.8%
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
[
{
"vendor": "craftcms",
"product": "cms",
"versions": [
{
"version": ">= 4.0.0-RC1, < 4.5.11",
"status": "affected"
},
{
"version": ">= 3.0.0, < 3.9.6",
"status": "affected"
}
]
}
]
github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
github.com/craftcms/cms/pull/13931
github.com/craftcms/cms/pull/13932
github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx