Home > Vulnerability Database > CVE-2024-21622

Mend.io Vulnerability Database

CVE-2024-21622

Date: January 3, 2024

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

Language: PHP

Severity Score

5.4

Related Resources (10)

Url: https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa

Url: https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843

Url: https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

Url: https://github.com/craftcms/cms

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-21622

Url: https://github.com/craftcms/cms/pull/13932

Url: https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16

Url: https://github.com/craftcms/cms/pull/13931

Url: https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

Url: https://www.mend.io/vulnerability-database/CVE-2024-21622

Severity Score

5.4

Weakness Type (CWE)

Insufficient Information

NVD-CWE-noinfo

Improper Privilege Management

CWE-269

CVSS v3.1

Base Score:	5.4
Attack Vector (AV):	ADJACENT_NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	CHANGED
Confidentiality (C):	NONE
Integrity (I):	LOW
Availability (A):	LOW

Mend.io Vulnerability Database

We found results for “”

CVE-2024-21622

Date: January 3, 2024

Language: PHP

Severity Score

Related Resources (10)

Severity Score

Weakness Type (CWE)

CVSS v3.1

Do you need more information?