We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE

PUBLISHED

CVE-2024-39323

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

Assigner	GitHub_M
Reserved	2024-06-21
Published	2024-07-02
Updated	2024-07-02

Description

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.

HIGH: 7.1

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

Problem types

CWE-1220: Insufficient Granularity of Access Control

CWE-863: Incorrect Authorization

Product status

>= 2022.04.1, < 2022.10.10

affected

>= 2023.04.1, < 2023.10.6

affected

>= 2024.04.1, < 2024.04.6

affected

References

https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-vc7j-99jw-jrqm

https://github.com/aimeos/ai-admin-graphql/commit/2d89d98cdcad880a9244b50736b08c1a171379ca

https://github.com/aimeos/ai-admin-graphql/commit/54d6b7cf4530cb3b95f52775c24056c48e6d26e9

https://github.com/aimeos/ai-admin-graphql/commit/787028de0a3ecbf3e9f63ab1454eac99ce7693a9

cve.org CVE-2024-39323

nvd.nist.gov CVE-2024-39323

Download JSON

https://cve.threatint.com/CVE/CVE-2024-39323

Find us on

Data Privacy
Terms of Use