Products
aimeos/ai-admin-graphql
- 2022.04.1
- before 2022.10.10
- before 2023.10.6
- before 2024.4.2
Source
security-advisories@github.com
Tags
CVE-2024-39324 details
Published : July 2, 2024, 9:15 p.m.
Last Modified : July 2, 2024, 9:15 p.m.
Last Modified : July 2, 2024, 9:15 p.m.
Description
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.
CVSS Score
1 | 2 | 3.8 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|---|---|
CWE-1220 | Insufficient Granularity of Access Control | The product implements access controls via a policy or other feature with the intention to disable or restrict accesses (reads and/or writes) to assets in a system from untrusted agents. However, implemented access controls lack required granularity, which renders the control policy too broad because it allows accesses from unauthorized agents to the security-sensitive assets. |
CVSS Data
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
HIGH
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
LOW
Base Score
3.8
Exploitability Score
1.2
Impact Score
2.5
Base Severity
LOW
Vector String : CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L
References
URL | Source |
---|---|
https://github.com/aimeos/ai-admin-graphql/commit/4eabc2b973509ffa5924e7f88c8f87ee96e93b38 | security-advisories@github.com |
https://github.com/aimeos/ai-admin-graphql/commit/687059d7eb2e1d55a09ed72dad3814f35edad038 | security-advisories@github.com |
https://github.com/aimeos/ai-admin-graphql/commit/a839a5adf16fee4221d444b7d2f5140d8cabf0ac | security-advisories@github.com |
https://github.com/aimeos/ai-admin-graphql/commit/acbb044620f4ff8e8d78a775cd205ec47cf119b3 | security-advisories@github.com |
https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-jj68-cp4v-98qf | security-advisories@github.com |
This website uses the NVD API, but is not approved or certified by it.