GitHub Advisory DatabaseGHSA-J5G9-J7R4-6QVXCraft CMS Privilege Escalation
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.9%
Impact
This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups.
Patches
This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
References
https://github.com/craftcms/cms/pull/13932
https://github.com/craftcms/cms/pull/13931
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
Affected configurations
| CPE | Name | Operator | Version |
|---|---|---|---|
| craftcms/cms | le | 3.9.5 | |
| craftcms/cms | le | 4.5.10 |
References
github.com/advisories/GHSA-j5g9-j7r4-6qvx
github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
github.com/craftcms/cms/pull/13931
github.com/craftcms/cms/pull/13932
github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
nvd.nist.gov/vuln/detail/CVE-2024-21622
Related
8.8 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.4 High
AI Score
Confidence
High
0.001 Low
EPSS
Percentile
31.9%