Pimcore · Pimcore Admin Classic Bundle · CVE-2024-24822
**Name of the Vulnerable Software and Affected Versions**
Pimcore's Admin Classic Bundle versions prior to 1.3.3
**Description**
The issue allows an attacker to create, delete, etc., tags without having the permission to do so, due to a broken access control flaw. This can lead to the addition of dummy data and affect the integrity and availability of the system.
**Recommendations**
For versions prior to 1.3.3, update to version 1.3.3 to resolve the issue.
As a temporary workaround, one may apply the patch manually.
Restrict access to tag creation and deletion functionality until the issue is resolved.