Auth bypass in Aimeos Ai-admin-graphql
CVE-2024-39323
aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over…
EPSS: 0.001 (28.1th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 7.1 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L.
Affected products
- Aimeos Ai-admin-graphql — versions >= 2022.04.1, < 2022.10.10, >= 2023.04.1, < 2023.10.6, >= 2024.04.1, < 2024.04.6
Weakness classification (CWE)
References
- https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-vc7j-99jw-jrqm (x_refsource_CONFIRM)
- https://github.com/aimeos/ai-admin-graphql/commit/2d89d98cdcad880a9244b50736b08c1a171379ca (x_refsource_MISC)
- https://github.com/aimeos/ai-admin-graphql/commit/54d6b7cf4530cb3b95f52775c24056c48e6d26e9 (x_refsource_MISC)
- https://github.com/aimeos/ai-admin-graphql/commit/787028de0a3ecbf3e9f63ab1454eac99ce7693a9 (x_refsource_MISC)
Frequently asked questions
- What is CVE-2024-39323?
- CVE-2024-39323 is a high-severity vulnerability in Aimeos Ai-admin-graphql, classified under CWE-1220. CVSS score: 7.1/10. Published 2024-07-02.
- How severe is CVE-2024-39323?
- High severity. CVSS v3 base score is 7.1 out of 10.