PT-2024-28448 · Aimeos · Aimeos/Ai-Admin-Graphql

Ssshah2131

Published

2024-07-02

Updated

2024-07-02

CVE-2024-39323

CVSS v3.1

8.2

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Name of the Vulnerable Software and Affected Versions aimeos/ai-admin-graphql versions 2022.04.01 through 2022.10.09 aimeos/ai-admin-graphql versions 2022.10.10 through 2023.10.05 aimeos/ai-admin-graphql versions 2023.10.06 through 2024.04.05

Description The issue is related to an improper access control vulnerability in the Aimeos GraphQL API admin interface, which allows an editor to modify and take over an admin account in the back end.

Recommendations For versions 2022.04.01 through 2022.10.09, update to version 2022.10.10 or later. For versions 2022.10.10 through 2023.10.05, update to version 2023.10.06 or later. For versions 2023.10.06 through 2024.04.05, update to version 2024.04.6 or later.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-1220

Related Identifiers

CVE-2024-39323

GHSA-VC7J-99JW-JRQM

Affected Products

Aimeos/Ai-Admin-Graphql

PT-2024-28448 · Aimeos · Aimeos/Ai-Admin-Graphql

CVE-2024-39323

Weakness Enumeration

Related Identifiers

Affected Products

References · 10