Lucene search

[email protected]NVD:CVE-2024-24822

HistoryFeb 07, 2024 - 6:15 p.m.

CVE-2024-24822

2024-02-0718:15:54

CWE-862

[email protected]

web.nvd.nist.gov

cve-2024-24822

backend user interface

permission vulnerability

patch

manual application

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON

Pimcore’s Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.

Affected configurations

Nvd

Node

pimcoreadmin_classic_bundleRange<1.3.3pimcore

VendorProductVersionCPE
pimcoreadmin_classic_bundle*cpe:2.3:a:pimcore:admin_classic_bundle:*:*:*:*:*:pimcore:*:*

Vendor	Product	Version	CPE
pimcore	admin_classic_bundle	*	cpe:2.3:a:pimcore:admin_classic_bundle::::::pimcore::*

References

github.com/pimcore/admin-ui-classic-bundle/commit/24660b6d5ad9cbcb037a48d4309a6024e9adf251

github.com/pimcore/admin-ui-classic-bundle/pull/412

github.com/pimcore/admin-ui-classic-bundle/security/advisories/GHSA-3rfr-mpfj-2jwq

CVSS3

9.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

AI Score

Confidence

High

EPSS

0.001

Percentile

25.0%

JSON

Related for NVD:CVE-2024-24822

veracode1 cvelist1 osv2 github1 cve1 prion1