← Volver a CVEs
CVE-2024-21622
MEDIUM5.4
Descripcion
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
Detalles CVE
Puntuacion CVSS v3.15.4
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
Vector de ataqueADJACENT_NETWORK
ComplejidadLOW
Privilegios requeridosLOW
Interaccion usuarioNONE
Publicado1/3/2024
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
craftcms:craft_cms
Debilidades (CWE)
CWE-269
Referencias
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16(security-advisories@github.com)
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16(security-advisories@github.com)
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa(security-advisories@github.com)
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843(security-advisories@github.com)
https://github.com/craftcms/cms/pull/13931(security-advisories@github.com)
https://github.com/craftcms/cms/pull/13932(security-advisories@github.com)
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx(security-advisories@github.com)
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/pull/13931(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/pull/13932(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.