5.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.9%
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
[
{
"vendor": "craftcms",
"product": "cms",
"versions": [
{
"version": ">= 4.0.0-RC1, < 4.5.11",
"status": "affected"
},
{
"version": ">= 3.0.0, < 3.9.6",
"status": "affected"
}
]
}
]
github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
github.com/craftcms/cms/pull/13931
github.com/craftcms/cms/pull/13932
github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
5.4 Medium
CVSS3
Attack Vector
ADJACENT
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
CHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
9 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.9%