Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS04ZmoyLTU4N3ctNXdocs4AA9d3
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Improper access control allows editors to remove admin group and locale configuration in Aimeos backend
Permalink: https://github.com/advisories/GHSA-8fj2-587w-5whrJSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS04ZmoyLTU4N3ctNXdocs4AA9d3
Source: GitHub Advisory Database
Origin: Unspecified
Severity: Moderate
Classification: General
Published: 5 months ago
Updated: 5 months ago
CVSS Score: 5.5
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Identifiers: GHSA-8fj2-587w-5whr, CVE-2024-39322
References:
- https://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whr
- https://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5
- https://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2
- https://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00
- https://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fb
- https://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026
- https://nvd.nist.gov/vuln/detail/CVE-2024-39322
- https://github.com/advisories/GHSA-8fj2-587w-5whr
Blast Radius: 10.0
Affected Packages
packagist:aimeos/ai-admin-jsonadm
Dependent packages: 8Dependent repositories: 66
Downloads: 288,006 total
Affected Version Ranges: < 2020.10.13, >= 2021.04.1, < 2021.10.6, >= 2022.04.1, < 2022.10.3, >= 2023.04.1, < 2023.10.4, = 2024.04.1
Fixed in: 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, 2024.04.2
All affected versions: 2016.7.1, 2016.7.2, 2016.10.1, 2017.1.1, 2017.1.2, 2017.4.1, 2017.4.2, 2017.4.3, 2017.4.4, 2017.7.1, 2017.7.2, 2017.7.3, 2017.10.1, 2017.10.2, 2017.10.3, 2017.10.4, 2017.10.5, 2018.1.1, 2018.1.2, 2018.4.1, 2018.4.2, 2018.4.3, 2018.7.1, 2018.7.2, 2018.7.3, 2018.10.1, 2018.10.2, 2018.10.3, 2018.10.4, 2018.10.5, 2019.1.1, 2019.4.1, 2019.4.2, 2019.4.3, 2019.7.1, 2019.7.2, 2019.7.3, 2019.10.1, 2019.10.2, 2019.10.3, 2019.10.4, 2019.10.5, 2019.10.6, 2019.10.7, 2019.10.8, 2020.1.1, 2020.4.1, 2020.4.2, 2020.7.1, 2020.7.2, 2020.10.1, 2020.10.2, 2020.10.3, 2020.10.4, 2020.10.5, 2020.10.6, 2020.10.7, 2020.10.8, 2020.10.9, 2020.10.10, 2020.10.11, 2020.10.12, 2021.4.1, 2021.4.2, 2021.4.3, 2021.7.1, 2021.7.2, 2021.7.3, 2021.10.1, 2021.10.2, 2021.10.3, 2021.10.4, 2021.10.5, 2022.4.1, 2022.4.2, 2022.7.1, 2022.10.1, 2022.10.2, 2023.4.1, 2023.7.1, 2023.10.1, 2023.10.2, 2023.10.3, 2024.4.1
All unaffected versions: 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, 2024.4.2, 2024.7.1, 2024.10.1, 2024.10.2