What is CVE-2024-47876?

CVE-2024-47876 is a vulnerability in Sakaiproject Sakai, classified under Improper Authorization. Published 2024-10-15.

Is CVE-2024-47876 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Auth bypass in Sakaiproject Sakai

CVE-2024-47876

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Vers…

EPSS: 0.004 (61.9th percentile) — read the EPSS interpretation.

Affected products

Sakaiproject Sakai — versions >= 23.0, < 23.3

Weakness classification (CWE)

Public proof-of-concept exploits

fkie-cad/nvd-json-data-feeds

References

https://github.com/sakaiproject/sakai/security/advisories/GHSA-cx95-q6gx-w4qp (x_refsource_CONFIRM)
https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41 (x_refsource_MISC)
https://sakaiproject.atlassian.net/browse/SAK-50571 (x_refsource_MISC)

Frequently asked questions

What is CVE-2024-47876?: CVE-2024-47876 is a vulnerability in Sakaiproject Sakai, classified under Improper Authorization. Published 2024-10-15.
Is CVE-2024-47876 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.