CVE-2024-47876

Oct. 16, 2024, 4:38 p.m.

0.0
No Score

Description

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.

Product(s) Impacted

Product Versions
Sakai
  • 23.0 - 23.2

Weaknesses

Common security weaknesses mapped to this vulnerability.

CWE-285
Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

References

https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41
https://github.com/sakaiproject/sakai/security/advisories/GHSA-cx95-q6gx-w4qp
https://sakaiproject.atlassian.net/browse/SAK-50571

Tags

security-advisories@github.com
CWE-285
2024-10-15
CVE-2024-47876

Timeline

Published: Oct. 15, 2024, 4:15 p.m.
Last Modified: Oct. 16, 2024, 4:38 p.m.

Status : Awaiting Analysis

CVE has been recently published to the CVE List and has been received by the NVD.

More info

Source

security-advisories@github.com

*Disclaimer: Some vulnerabilities do not have an associated CPE. To enhance the data, we use AI to infer CPEs based on CVE details. This is an automated process and might not always be accurate.