← Zuruck zu CVEs
CVE-2024-21622
MEDIUM5.4
Beschreibung
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
CVE Details
CVSS v3.1 Bewertung5.4
SchweregradMEDIUM
CVSS VektorCVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
AngriffsvektorADJACENT_NETWORK
KomplexitatLOW
Erforderliche PrivilegienLOW
BenutzerinteraktionNONE
Veroffentlicht1/3/2024
Zuletzt geandert11/21/2024
Quellenvd
Honeypot-Sichtungen0
Betroffene Produkte
craftcms:craft_cms
Schwachen (CWE)
CWE-269
Referenzen
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16(security-advisories@github.com)
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16(security-advisories@github.com)
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa(security-advisories@github.com)
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843(security-advisories@github.com)
https://github.com/craftcms/cms/pull/13931(security-advisories@github.com)
https://github.com/craftcms/cms/pull/13932(security-advisories@github.com)
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx(security-advisories@github.com)
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/pull/13931(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/pull/13932(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx(af854a3a-2127-422b-91ae-364da2661108)
IOC Korrelationen
Keine Korrelationen erfasst
This product uses data from the NVD API but is not endorsed or certified by the NVD.