CVE-2024-39322

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39322
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39322.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39322
Aliases
Related
Published
2024-07-02T21:15:10Z
Modified
2025-01-08T16:11:25.914778Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
[none]
Details

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.

References

Affected packages

Git / github.com/aimeos/ai-admin-jsonadm

Affected ranges

Type
GIT
Repo
https://github.com/aimeos/ai-admin-jsonadm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5
Fixed
02a063fbd616d4e0a5aaf89f1642a856aa5ac5a5
Fixed
16d013d0e28cecd19781f434d83fabebcc78cdc2
Fixed
16d013d0e28cecd19781f434d83fabebcc78cdc2
Fixed
4c966e02bd52589c3c9382777cfe170eddf17b00
Fixed
4c966e02bd52589c3c9382777cfe170eddf17b00
Fixed
640954243ce85c2c303a00dd6481ed39b3d218fb
Fixed
640954243ce85c2c303a00dd6481ed39b3d218fb
Fixed
7d1c05e8368b0a6419820fe402deac9960500026
Fixed
7d1c05e8368b0a6419820fe402deac9960500026

Affected versions

2016.*

2016.07.1

2017.*

2017.01.1
2017.07.1

2018.*

2018.01.1

2019.*

2019.04.1

2020.*

2020.10.1
2020.10.10
2020.10.11
2020.10.12
2020.10.2
2020.10.3
2020.10.4
2020.10.5
2020.10.6
2020.10.7
2020.10.8
2020.10.9

2021.*

2021.10.1
2021.10.2
2021.10.3
2021.10.4
2021.10.5

2022.*

2022.10.1
2022.10.2

2023.*

2023.10.1
2023.10.2
2023.10.3

2024.*

2024.04.1