CVE-2024-39323 HIGH

CVE-2024-39323: aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account

Vendor Aimeos
Product ai-admin-graphql
Weakness CWE-1220
Published July 2, 2024
Last update August 2, 2024

CVSS base score

7.1/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality None
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:L

What the vulnerability does

01Description

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.

Key dates

02Disclosure timeline

July 2, 2024 CVE published
August 2, 2024 Record updated