Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
References
Link | Resource |
---|---|
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16 | Release Notes |
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16 | Release Notes |
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa | Patch |
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843 | Patch |
https://github.com/craftcms/cms/pull/13931 | Issue Tracking Patch |
https://github.com/craftcms/cms/pull/13932 | Issue Tracking Patch |
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx | Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
10 Jan 2024, 18:34
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:* | |
First Time |
Craftcms
Craftcms craft Cms |
|
CWE | NVD-CWE-noinfo | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 8.8 |
Summary |
|
|
References | () https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16 - Release Notes | |
References | () https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16 - Release Notes | |
References | () https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa - Patch | |
References | () https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843 - Patch | |
References | () https://github.com/craftcms/cms/pull/13931 - Issue Tracking, Patch | |
References | () https://github.com/craftcms/cms/pull/13932 - Issue Tracking, Patch | |
References | () https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx - Vendor Advisory |
03 Jan 2024, 17:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2024-01-03 17:15
Updated : 2024-01-10 18:34
NVD link : CVE-2024-21622
Mitre link : CVE-2024-21622
CVE.ORG link : CVE-2024-21622
JSON object : View
Products Affected
craftcms
- craft_cms
CWE