Moderate severityNVD Advisory· Published Jan 3, 2024· Updated Apr 17, 2025
Craft CMS Privilege Escalation
CVE-2024-21622
Description
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
craftcms/cmsPackagist | >= 4.0.0-RC1, < 4.5.11 | 4.5.11 |
craftcms/cmsPackagist | >= 3.0.0, < 3.9.6 | 3.9.6 |
Affected products
2Patches
Vulnerability mechanics
References
9- github.com/advisories/GHSA-j5g9-j7r4-6qvxghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2024-21622ghsaADVISORY
- github.com/craftcms/cms/blob/develop/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/craftcms/cms/blob/v3/CHANGELOG.mdghsax_refsource_MISCWEB
- github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aaghsax_refsource_MISCWEB
- github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843ghsax_refsource_MISCWEB
- github.com/craftcms/cms/pull/13931ghsax_refsource_MISCWEB
- github.com/craftcms/cms/pull/13932ghsax_refsource_MISCWEB
- github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvxghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.