Ecosyste.ms: Advisories

An open API service providing security vulnerability metadata for many open source software ecosystems.

Security Advisories: GSA_kwCzR0hTQS12YzdqLTk5anctanJxbc4AA9d1

aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.

Permalink: https://github.com/advisories/GHSA-vc7j-99jw-jrqm
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS12YzdqLTk5anctanJxbc4AA9d1
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: 2 months ago
Updated: 2 months ago

CVSS Score: 8.2
CVSS vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L

Identifiers: GHSA-vc7j-99jw-jrqm, CVE-2024-39323
References:

Repository: https://github.com/aimeos/ai-admin-graphql
Blast Radius: 4.9

Affected Packages

packagist:aimeos/ai-admin-graphql

Dependent packages: 2
Dependent repositories: 4
Downloads: 51,789 total
Affected Version Ranges: >= 2024.04.1, < 2024.04.6, >= 2023.04.1, < 2023.10.6, >= 2022.04.1, < 2022.10.10
Fixed in: 2024.04.6, 2023.10.6, 2022.10.10
All affected versions: 2022.10.1, 2022.10.2, 2022.10.3, 2022.10.4, 2022.10.5, 2022.10.6, 2022.10.7, 2022.10.8, 2022.10.9, 2023.4.1, 2023.4.2, 2023.4.3, 2023.7.1, 2023.7.2, 2023.10.1, 2023.10.2, 2023.10.3, 2023.10.4, 2023.10.5, 2024.4.1, 2024.4.2, 2024.4.3, 2024.4.4, 2024.4.5
All unaffected versions: 2022.10.10, 2022.10.11, 2023.10.6, 2023.10.7, 2023.10.8, 2024.4.6, 2024.4.7, 2024.7.1