3 matches found
CVE-2024-24822
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually...
CVE-2024-24822 Pimcore Admin Classic Bundle permissions are not getting checked when working with tags
Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually...
CVE-2024-24822
Pimcore Admin Classic Bundle (pre-1.3.3) is affected by CVE-2024-24822 due to broken access control in tag management. An attacker can create, delete, and modify tags without proper permissions. A fix is available in version 1.3.3; patch can be applied manually via the referenced PR.