FKIE_CVE-2024-39322

Vulnerability from fkie_nvd - Published: 2024-07-02 21:15 - Updated: 2024-11-21 09:27
Severity ?
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
5.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H
Summary
aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.
References
security-advisories@github.comhttps://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5Patch
security-advisories@github.comhttps://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2Patch
security-advisories@github.comhttps://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00Patch
security-advisories@github.comhttps://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fbPatch
security-advisories@github.comhttps://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026Patch
security-advisories@github.comhttps://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whrThird Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fbPatch
af854a3a-2127-422b-91ae-364da2661108https://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026Patch
af854a3a-2127-422b-91ae-364da2661108https://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whrThird Party Advisory
Impacted products
Vendor Product Version
aimeos_project ai-controller-frontend *
aimeos_project ai-controller-frontend *
aimeos_project ai-controller-frontend *
aimeos_project ai-controller-frontend *
aimeos_project ai-controller-frontend 2024.04.1
To clipboard 

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "C45182A8-B450-4945-913E-AF1DA2E359CB",
              "versionEndExcluding": "2020.10.13",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "0D3C76AD-CE98-445C-9269-43136E83B546",
              "versionEndExcluding": "2021.10.6",
              "versionStartIncluding": "2021.04.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "705119C6-A65C-497C-A609-E4AC45A0434E",
              "versionEndExcluding": "2022.10.3",
              "versionStartIncluding": "2022.04.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aimeos_project:ai-controller-frontend:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "BBD12E8E-F80E-4CAF-89D7-8A8467F43908",
              "versionEndExcluding": "2023.10.4",
              "versionStartIncluding": "2023.04.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:aimeos_project:ai-controller-frontend:2024.04.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "B525E59F-606E-4777-9395-17F8B49E76BD",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.\n"
    },
    {
      "lang": "es",
      "value": "aimeos/ai-admin-jsonadm es la API JSON de comercio electr\u00f3nico de Aimeos para tareas administrativas. En versiones anteriores a 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4 y 2024.4.2, el control de acceso inadecuado permite a los editores eliminar el grupo de administraci\u00f3n y la configuraci\u00f3n local en el backend de Aimeos. Las versiones 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4 y 2024.4.2 contienen una soluci\u00f3n para el problema."
    }
  ],
  "id": "CVE-2024-39322",
  "lastModified": "2024-11-21T09:27:27.537",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "LOW",
          "privilegesRequired": "HIGH",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.2,
        "impactScore": 4.2,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2024-07-02T21:15:10.997",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fb"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whr"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/16d013d0e28cecd19781f434d83fabebcc78cdc2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/4c966e02bd52589c3c9382777cfe170eddf17b00"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/640954243ce85c2c303a00dd6481ed39b3d218fb"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/commit/7d1c05e8368b0a6419820fe402deac9960500026"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/aimeos/ai-admin-jsonadm/security/advisories/GHSA-8fj2-587w-5whr"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-863"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or observed by the user.
  • Confirmed: The vulnerability has been validated from an analyst's perspective.
  • Published Proof of Concept: A public proof of concept is available for this vulnerability.
  • Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
  • Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
  • Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
  • Not confirmed: The user expressed doubt about the validity of the vulnerability.
  • Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.



Detection rules are retrieved from Rulezet.