← Back

CVE-2024-39322

nvd nist
Published: Jul 2, 2024Modified: Nov 21, 2024

JSON object

Loading...
5.5
Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Exploitability: 1.2 / Impact: 4.2
Source: NVD

Description

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.

Affected (5)

Aimeos Project
1 product
Ai Controller Frontend
Configuration A
5 vulnerable
Vulnerable SoftwareAffected Versions
Aimeos Project
Ai Controller Frontend
Before 2020.10.13
Ai Controller Frontend
From 2021.04.1 to 2021.10.6
Ai Controller Frontend
From 2022.04.1 to 2022.10.3
Ai Controller Frontend
From 2023.04.1 to 2023.10.4
Ai Controller Frontend
Version 2024.04.1

Related CWEs

CWE-863
Incorrect Authorization
The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

References (12)

Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Patch
Source: security-advisories@github.com
Third Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Patch
Source: af854a3a-2127-422b-91ae-364da2661108
Third Party Advisory

Timeline

No history available yet.