Lucene search

Veracode Vulnerability DatabaseVERACODE:47886

HistoryJul 03, 2024 - 8:23 a.m.

Improper Access Control

2024-07-0308:23:00

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

aimeos ai-admin-graphql vulnerable access control insufficient restrictions user roles permissions admin account

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

AI Score

6.6

Confidence

Low

JSON

aimeos/ai-admin-graphql is vulnerable to an Improper Access Control. The vulnerability is due to insufficient restrictions or checks on user roles and permissions, allowing an editor to modify and take over an admin account in the back end.

References

github.com/advisories/GHSA-vc7j-99jw-jrqm

github.com/aimeos/ai-admin-graphql/commit/2d89d98cdcad880a9244b50736b08c1a171379ca

github.com/aimeos/ai-admin-graphql/commit/54d6b7cf4530cb3b95f52775c24056c48e6d26e9

github.com/aimeos/ai-admin-graphql/commit/787028de0a3ecbf3e9f63ab1454eac99ce7693a9

github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-vc7j-99jw-jrqm

CVSS3

7.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

AI Score

6.6

Confidence

Low

JSON

Related for VERACODE:47886