CVE-2024-21622 — MEDIUM (5.4)

Q: How severe is CVE-2024-21622?

CVE-2024-21622 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2024-21622?

Check the references section above for vendor advisories and patch information. Affected products include: Craftcms Craft Cms.

Vulnerability Description

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

CVSS Score

5.4

MEDIUM

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Attack Vector

ADJACENT_NETWORK

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

CHANGED

Confidentiality

NONE

Integrity

LOW

Availability

LOW

Affected Products

Vendor	Product	Versions
Craftcms	Craft Cms	>= 3.0.0, < 3.9.6

Related Weaknesses (CWE)

CWE-269

References

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16Release Notes
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16Release Notes
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aaPatch
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843Patch
https://github.com/craftcms/cms/pull/13931Issue TrackingPatch
https://github.com/craftcms/cms/pull/13932Issue TrackingPatch
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvxVendor Advisory
https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16Release Notes
https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16Release Notes
https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aaPatch
https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843Patch
https://github.com/craftcms/cms/pull/13931Issue TrackingPatch
https://github.com/craftcms/cms/pull/13932Issue TrackingPatch
https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvxVendor Advisory

FAQ

What is CVE-2024-21622?

CVE-2024-21622 is a vulnerability with a CVSS score of 5.4 (MEDIUM). Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certai...

How severe is CVE-2024-21622?

CVE-2024-21622 has been rated MEDIUM with a CVSS base score of 5.4/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2024-21622?

Check the references section above for vendor advisories and patch information. Affected products include: Craftcms Craft Cms.