CVE-2024-47876 HIGH

CVE-2024-47876: Sakai: Kernel users created with type roleview can login as a normal user

Vendor Sakaiproject
Product sakai
Weakness CWE-285
Published October 15, 2024
Last update November 21, 2024

CVSS base score

8.7/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction None
Confidentiality
Integrity

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

01Description

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.

Key dates

02Disclosure timeline

October 15, 2024 CVE published
November 21, 2024 Record updated