CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
31.8%
This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups.
This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
https://github.com/craftcms/cms/pull/13932
https://github.com/craftcms/cms/pull/13931
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
github.com/craftcms/cms
github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
github.com/craftcms/cms/pull/13931
github.com/craftcms/cms/pull/13932
github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
nvd.nist.gov/vuln/detail/CVE-2024-21622
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
31.8%