PT-2024-32866 · Sakai · Sakai

Published

2024-10-15

Updated

2025-10-30

CVE-2024-47876

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Sakai versions 23.0 through 23.2

Description The issue allows kernel users created with type roleview to log in as a normal user, resulting in illegal access being granted to the system. This can pose security risks.

Recommendations For Sakai versions 23.0 through 23.2, update to version 23.3 to fix this issue. As a temporary workaround, consider restricting access to kernel users created with type roleview until the update is applied.

Exploit

Fix

Incorrect Authorization

Improper Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863CWE-285

Related Identifiers

CVE-2024-47876

GHSA-CX95-Q6GX-W4QP

Affected Products

Sakai

PT-2024-32866 · Sakai · Sakai

CVE-2024-47876

Weakness Enumeration

Related Identifiers

Affected Products

References · 14