PT-2024-18974 · Craft · Craft
Johnax0
·
Published
2024-01-03
·
Updated
2024-01-10
·
CVE-2024-21622
CVSS v3.1
5.4
Medium
| Vector | AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L |
Name of the Vulnerable Software and Affected Versions
Craft versions 3.x prior to 3.9.6
Craft versions 4.x prior to 4.4.16
Description
This is a potential moderate impact, low complexity privilege escalation issue in Craft with certain user permissions setups. The issue has been fixed in Craft 4.4.16 and Craft 3.9.6.
Recommendations
For Craft versions 3.x prior to 3.9.6, update to at least version 3.9.6 to resolve the issue.
For Craft versions 4.x prior to 4.4.16, update to at least version 4.4.16 to resolve the issue.
Exploit
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Craft