CVE-2024-39322

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-39322
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-39322.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-39322
Aliases
Published
2024-07-02T20:19:01Z
Modified
2025-10-30T20:28:03.589317Z
Severity
  • 5.5 (Medium) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H CVSS Calculator
Summary
aimeos/ai-admin-jsonadm improper access control vulnerability allows editors to remove required records
Details

aimeos/ai-admin-jsonadm is the Aimeos e-commerce JSON API for administrative tasks. In versions prior to 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2, improper access control allows editors to remove admin group and locale configuration in the Aimeos backend. Versions 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, and 2024.4.2 contain a fix for the issue.

Database specific 
{
    "cwe_ids": [
        "CWE-863"
    ]
}
References

Affected packages

Git / github.com/aimeos/ai-admin-jsonadm

Affected ranges

Type
GIT
Repo
https://github.com/aimeos/ai-admin-jsonadm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected
8c9975951acb1889354e7829353c899ddf4d5dac
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "last_affected": "= 2024.04.1"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-admin-jsonadm
Events
Introduced
85ecd7a5024794940c45f198a90c67322c0a154e
Fixed
50cf668a348551acf2675d93c6a1137609b08489
Database specific 
{
    "versions": [
        {
            "introduced": "2023.04.1"
        },
        {
            "fixed": "2023.10.4"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-admin-jsonadm
Events
Introduced
3d04a222c7887c5cfdce04449c309942e309b1ba
Fixed
24068e0e065a793c1b9e80737498b7ac7c6866d2
Database specific 
{
    "versions": [
        {
            "introduced": "2022.04.1"
        },
        {
            "fixed": "2022.10.3"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-admin-jsonadm
Events
Introduced
e5f9b97e0675b42b22bf3cfc51a834e46b3f07b9
Fixed
e604d5b016494f936671cf6afef8ce36de3307c3
Database specific 
{
    "versions": [
        {
            "introduced": "2021.04.1"
        },
        {
            "fixed": "2021.10.6"
        }
    ]
}
Type
GIT
Repo
https://github.com/aimeos/ai-admin-jsonadm
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
fb793220484a4a90c06f84e695a0940c690af01f
Database specific 
{
    "versions": [
        {
            "introduced": "0"
        },
        {
            "fixed": "2020.10.13"
        }
    ]
}

Affected versions

2016.*

2016.07.1

2017.*

2017.01.1
2017.07.1

2018.*

2018.01.1

2019.*

2019.04.1

2020.*

2020.10.1
2020.10.10
2020.10.11
2020.10.12
2020.10.2
2020.10.3
2020.10.4
2020.10.5
2020.10.6
2020.10.7
2020.10.8
2020.10.9

2024.*

2024.04.1