Home > Vulnerability Database > CVE-2024-27915

Mend.io Vulnerability Database

CVE-2024-27915

Good to know:

Date: March 6, 2024

Sulu is a PHP content management system. Starting in verson 2.2.0 and prior to version 2.4.17 and 2.5.13, access to pages is granted regardless of role permissions for webspaces which have a security system configured and permission check enabled. Webspaces without do not have this issue. The problem is patched in versions 2.4.17 and 2.5.13. Some workarounds are available. One may apply the patch to `vendor/symfony/security-http/HttpUtils.php` manually or avoid installing `symfony/security-http` versions greater equal than `v5.4.30` or `v6.3.6`.

Language: PHP

Severity Score

6.8

Related Resources (4)

Url: https://nvd.nist.gov/vuln/detail/CVE-2024-27915

Url: https://github.com/sulu/sulu/security/advisories/GHSA-jr83-m233-gg6p

Url: https://github.com/sulu/sulu/commit/ec9c3f99e15336dc4f6877f512300f231c17c6da

Url: https://www.mend.io/vulnerability-database/CVE-2024-27915

Severity Score

6.8

Weakness Type (CWE)

Incorrect Authorization

CWE-863

Top Fix

Upgrade Version

Upgrade to version 2.4.17,2.5.13

Learn More

CVSS v3.1

Base Score:	6.8
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	HIGH
Privileges Required (PR):	LOW
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	HIGH
Integrity (I):	HIGH
Availability (A):	NONE

Mend.io Vulnerability Database

We found results for “”

CVE-2024-27915

Good to know:

Date: March 6, 2024

Language: PHP

Severity Score

Related Resources (4)

Severity Score

Weakness Type (CWE)

Top Fix

Upgrade Version

CVSS v3.1

Do you need more information?