Home > Vulnerability Database > CVE-2024-21622

Mend.io Vulnerability Database

CVE-2024-21622

Good to know:

Date: January 3, 2024

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

Language: PHP

Severity Score

8.8

Related Resources (9)

Url: https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa

Url: https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843

Url: https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-21622

Url: https://github.com/craftcms/cms/pull/13932

Url: https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16

Url: https://github.com/craftcms/cms/pull/13931

Url: https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

Url: https://www.mend.io/vulnerability-database/CVE-2024-21622

Severity Score

8.8

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Improper Privilege Management

CWE-269

Top Fix

Upgrade Version

Upgrade to version 3.9.6,4.5.11

Learn More

CVSS v3.1

Base Score:	8.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	HIGH

Mend.io Vulnerability Database

We found results for “”

CVE-2024-21622

Good to know:

Date: January 3, 2024

Language: PHP

Severity Score

Related Resources (9)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?