VYPR
Low severityNVD Advisory· Published Jul 2, 2024· Updated Aug 2, 2024

aimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own services

CVE-2024-39324

Description

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
aimeos/ai-admin-graphqlPackagist
>= 2022.04.1, < 2022.10.102022.10.10
aimeos/ai-admin-graphqlPackagist
>= 2023.04.1, < 2023.10.62023.10.6
aimeos/ai-admin-graphqlPackagist
>= 2024.04.1, < 2024.04.22024.04.2

Affected products

2

Patches

Vulnerability mechanics

References

7

News mentions

0

No linked articles in our index yet.