Products
aimeos/ai-admin-jsonadm
- prior to 2020.10.13
- prior to 2021.10.6
- prior to 2022.10.3
- prior to 2023.10.4
- prior to 2024.4.2
Source
security-advisories@github.com
Tags
CVE-2024-39322 details
Published : July 2, 2024, 9:15 p.m.
Last Modified : July 2, 2024, 9:15 p.m.
Last Modified : July 2, 2024, 9:15 p.m.
Description
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.
CVSS Score
1 | 2 | 3 | 4 | 5.5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-863 | Incorrect Authorization | The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
HIGH
Base Score
5.5
Exploitability Score
1.2
Impact Score
4.2
Base Severity
MEDIUM
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
References
URL | Source |
---|---|
https://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5 | security-advisories@github.com |
https://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2 | security-advisories@github.com |
https://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00 | security-advisories@github.com |
https://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fb | security-advisories@github.com |
https://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026 | security-advisories@github.com |
https://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whr | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.