Back

CVE-2024-39322

July 2, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

aimeos/ai-admin-jsonadm

  • prior to 2020.10.13
  • prior to 2021.10.6
  • prior to 2022.10.3
  • prior to 2023.10.4
  • prior to 2024.4.2

Source

security-advisories@github.com

Tags

security-advisories@github.com
CWE-863
2024-07-02
CVE-2024-39322

CVE-2024-39322 details

Published : July 2, 2024, 9:15 p.m.
Last Modified : July 2, 2024, 9:15 p.m.

Description

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.

CVSS Score

1 2 3 4 5.5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-863 Incorrect Authorization The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

HIGH

Base Score

5.5

Exploitability Score

1.2

Impact Score

4.2

Base Severity

MEDIUM

Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

References

URL Source
https://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5 security-advisories@github.com
https://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2 security-advisories@github.com
https://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00 security-advisories@github.com
https://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fb security-advisories@github.com
https://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026 security-advisories@github.com
https://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whr security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.