QwikSec

Security Database

CVE

CWE

Training

CVE-2024-21622

Published: Jan 3, 2024

Modified: Apr 17, 2025

PUBLISHED

CVSS v3.1

5.4

MEDIUM

Description

Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.

Vendor	Product	Versions
craftcms	cms	affected `>= 4.0.0-RC1, < 4.5.11` affected `>= 3.0.0, < 3.9.6`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L

Attack Vector

Adjacent

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Changed

Confidentiality

None

Integrity

Low

Availability

Low

References

https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

x_refsource_CONFIRM

https://github.com/craftcms/cms/pull/13931

x_refsource_MISC

https://github.com/craftcms/cms/pull/13932

x_refsource_MISC

https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa

x_refsource_MISC

https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843

x_refsource_MISC

https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16

x_refsource_MISC

https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

x_refsource_MISC

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.