CVE-2024-21622

high

Description

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

References

https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

https://github.com/craftcms/cms/pull/13932

https://github.com/craftcms/cms/pull/13931

https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843

https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa

https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16

Details

Source: Mitre, NVD

Published: 2024-01-03

Updated: 2024-01-10

Risk Information

CVSS v2

Base Score: 9

Vector: CVSS2#AV:N/AC:L/Au:S/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 8.8

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High