Vulnerability Description
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://github.com/aimeos/ai-admin-graphql/commit/2d89d98cdcad880a9244b50736b08c
- https://github.com/aimeos/ai-admin-graphql/commit/54d6b7cf4530cb3b95f52775c24056
- https://github.com/aimeos/ai-admin-graphql/commit/787028de0a3ecbf3e9f63ab1454eac
- https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-vc7j-99jw-jr
- https://github.com/aimeos/ai-admin-graphql/commit/2d89d98cdcad880a9244b50736b08c
- https://github.com/aimeos/ai-admin-graphql/commit/54d6b7cf4530cb3b95f52775c24056
- https://github.com/aimeos/ai-admin-graphql/commit/787028de0a3ecbf3e9f63ab1454eac
- https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-vc7j-99jw-jr
FAQ
What is CVE-2024-39323?
CVE-2024-39323 is a vulnerability with a CVSS score of 7.1 (HIGH). aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability a...
How severe is CVE-2024-39323?
CVE-2024-39323 has been rated HIGH with a CVSS base score of 7.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-39323?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.