Lucene search
GitHub_MCVE-2024-22206HistoryJan 12, 2024 - 8:15 p.m.
CVE-2024-22206
2024-01-1220:15:47
CWE-284
CWE-287
CWE-639
GitHub_M
web.nvd.nist.gov
15
clerk
user management
unauthorized access
privilege escalation
logic flaw
auth()
getauth()
app router
pages router
cve-2024-22206
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
28.6%
Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Affected configurations
Node
clerkjavascriptRange4.7.0–4.29.3node.js
| Vendor | Product | Version | CPE |
|---|---|---|---|
| clerk | javascript | * | cpe:2.3:a:clerk:javascript:*:*:*:*:*:node.js:*:* |
CNA Affected
[
{
"vendor": "clerk",
"product": "javascript",
"versions": [
{
"version": ">= 4.7.0, < 4.29.3",
"status": "affected"
}
]
}
]Related
veracode
veracode
Insecure Direct Object Reference
2024-01-15 06:40:04
prion
prion
Privilege escalation
2024-01-12 20:15:00
osv
osv
CVE-2024-22206
2024-01-12 20:15:47
cvelist
cvelist
github
github
nvd
nvd
CVE-2024-22206
2024-01-12 20:15:47
CVSS3
9.8
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
AI Score
9.4
Confidence
High
EPSS
0.001
Percentile
28.6%
Related for CVE-2024-22206