Back

CVE-2024-39324

July 2, 2024, 9:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

aimeos/ai-admin-graphql

  • 2022.04.1
  • before 2022.10.10
  • before 2023.10.6
  • before 2024.4.2

Source

security-advisories@github.com

Tags

security-advisories@github.com
CWE-1220
2024-07-02
CVE-2024-39324

CVE-2024-39324 details

Published : July 2, 2024, 9:15 p.m.
Last Modified : July 2, 2024, 9:15 p.m.

Description

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.

CVSS Score

1 2 3.8 4 5 6 7 8 9 10

Weakness

Weakness Name Description
CWE-1220 Insufficient Granularity of Access Control The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets.

CVSS Data

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

HIGH

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

LOW

Base Score

3.8

Exploitability Score

1.2

Impact Score

2.5

Base Severity

LOW

Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

References

URL Source
https://github.com/aimeos/ai-admin-graphql/commit/4eabc2b973509ffa5924e7f88c8f87ee96e93b38 security-advisories@github.com
https://github.com/aimeos/ai-admin-graphql/commit/687059d7eb2e1d55a09ed72dad3814f35edad038 security-advisories@github.com
https://github.com/aimeos/ai-admin-graphql/commit/a839a5adf16fee4221d444b7d2f5140d8cabf0ac security-advisories@github.com
https://github.com/aimeos/ai-admin-graphql/commit/acbb044620f4ff8e8d78a775cd205ec47cf119b3 security-advisories@github.com
https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-jj68-cp4v-98qf security-advisories@github.com
This website uses the NVD API, but is not approved or certified by it.