8.8

CVE-2024-21622

Craft CMS Privilege Escalation

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
CraftcmsCraft Cms Version >= 3.0.0 < 3.9.6
CraftcmsCraft Cms Version >= 4.0.0 <= 4.5.15
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.59% 0.434
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
security-advisories@github.com 5.4 2.3 2.7
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L
CWE-269 Improper Privilege Management

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
Release Notes
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
Release Notes
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
Patch
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
Patch
https://github.com/craftcms/cms/pull/13931
Patch
Issue Tracking
https://github.com/craftcms/cms/pull/13932
Patch
Issue Tracking
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
Vendor Advisory