Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS04ZmoyLTU4N3ctNXdocs4AA9d3

aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records

Improper access control allows editors to remove admin group and locale configuration in Aimeos backend

Permalink: https://github.com/advisories/GHSA-8fj2-587w-5whr
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ZmoyLTU4N3ctNXdocs4AA9d3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 12 days ago
Updated: 9 days ago


CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H

Identifiers: GHSA-8fj2-587w-5whr, CVE-2024-39322
References: Repository: https://github.com/aimeos/ai-admin-jsonadm
Blast Radius: 10.0

Affected Packages

packagist:aimeos/ai-admin-jsonadm
Dependent packages: 8
Dependent repositories: 66
Downloads: 273,320 total
Affected Version Ranges: < 2020.10.13, >= 2021.04.1, < 2021.10.6, >= 2022.04.1, < 2022.10.3, >= 2023.04.1, < 2023.10.4, = 2024.04.1
Fixed in: 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, 2024.04.2
All affected versions: 2016.7.1, 2016.7.2, 2016.10.1, 2017.1.1, 2017.1.2, 2017.4.1, 2017.4.2, 2017.4.3, 2017.4.4, 2017.7.1, 2017.7.2, 2017.7.3, 2017.10.1, 2017.10.2, 2017.10.3, 2017.10.4, 2017.10.5, 2018.1.1, 2018.1.2, 2018.4.1, 2018.4.2, 2018.4.3, 2018.7.1, 2018.7.2, 2018.7.3, 2018.10.1, 2018.10.2, 2018.10.3, 2018.10.4, 2018.10.5, 2019.1.1, 2019.4.1, 2019.4.2, 2019.4.3, 2019.7.1, 2019.7.2, 2019.7.3, 2019.10.1, 2019.10.2, 2019.10.3, 2019.10.4, 2019.10.5, 2019.10.6, 2019.10.7, 2019.10.8, 2020.1.1, 2020.4.1, 2020.4.2, 2020.7.1, 2020.7.2, 2020.10.1, 2020.10.2, 2020.10.3, 2020.10.4, 2020.10.5, 2020.10.6, 2020.10.7, 2020.10.8, 2020.10.9, 2020.10.10, 2020.10.11, 2020.10.12, 2021.4.1, 2021.4.2, 2021.4.3, 2021.7.1, 2021.7.2, 2021.7.3, 2021.10.1, 2021.10.2, 2021.10.3, 2021.10.4, 2021.10.5, 2022.4.1, 2022.4.2, 2022.7.1, 2022.10.1, 2022.10.2, 2023.4.1, 2023.7.1, 2023.10.1, 2023.10.2, 2023.10.3, 2024.4.1
All unaffected versions: 2024.4.2