Skip to content

Privilege Escalation

Moderate
angrybrad published GHSA-j5g9-j7r4-6qvx Jan 3, 2024

Package

composer craftcms/cms (Composer)

Affected versions

>= 4.0.0-RC1, <= 4.5.11
>= 3.0.0, <= 3.9.5

Patched versions

4.5.11
3.9.6

Description

Impact

This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups.

Patches

This has been fixed in Craft 4.5.11 and Craft 3.9.6. Users should ensure they are running at least those versions.

References

#13932
#13931
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

Severity

Moderate
5.4
/ 10

CVSS base metrics

Attack vector
Adjacent
Attack complexity
Low
Privileges required
Low
User interaction
None
Scope
Changed
Confidentiality
None
Integrity
Low
Availability
Low
CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

CVE ID

CVE-2024-21622

Weaknesses

No CWEs

Credits