Lucene search

GoogleOSV:CVE-2024-21622

HistoryJan 03, 2024 - 5:15 p.m.

CVE-2024-21622

2024-01-0317:15:12

Google

osv.dev

cve-2024-21622

moderate impact

low complexity

privilege escalation

vulnerability

user permissions

version 3.9.6

version 4.4.16

security fix

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

CPENameOperatorVersion
cmseq2.6.2788
cmseq3.6.7
cmseq4.4.14
cmseq3.0.0-RC16
cmseq4.4.0-beta.1
cmseq1.0.0-alpha.2238
cmseq3.1.30
cmseq3.4.23
cmseq1.2.2337
cmseq2.4.2669

Name	Operator	Version
cms	eq	2.6.2788
cms	eq	3.6.7
cms	eq	4.4.14
cms	eq	3.0.0-RC16
cms	eq	4.4.0-beta.1
cms	eq	1.0.0-alpha.2238
cms	eq	3.1.30
cms	eq	3.4.23
cms	eq	1.2.2337
cms	eq	2.4.2669

Rows per page:

1-10 of 10521

References

github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16

github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa

github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843

github.com/craftcms/cms/pull/13931

github.com/craftcms/cms/pull/13932

github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

8.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

8.8 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

31.9%

JSON

Related for OSV:CVE-2024-21622