CVE-2024-39324

CVSS v3.1

3.8

Low

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L

Name of the Vulnerable Software and Affected Versions aimeos/ai-admin-graphql versions 2022.04.1 through 2022.10.9 aimeos/ai-admin-graphql versions 2022.10.10 through 2023.10.5 aimeos/ai-admin-graphql versions 2023.10.6 through 2024.4.1

Description The issue is related to improper access control in the Aimeos GraphQL API admin interface, allowing editors to manage their own services via the GraphQL API, which is not permitted in the JQAdm front end.

Recommendations For versions 2022.04.1 through 2022.10.9, update to version 2022.10.10 or later. For versions 2022.10.10 through 2023.10.5, update to version 2023.10.6 or later. For versions 2023.10.6 through 2024.4.1, update to version 2024.4.2 or later.

Exploit

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-1220

Related Identifiers

CVE-2024-39324

GHSA-JJ68-CP4V-98QF

Affected Products

Aimeos/Ai-Admin-Graphql

CVE-2024-39324

Weakness Enumeration

Related Identifiers

Affected Products

References · 12