High severityNVD Advisory· Published Oct 15, 2024· Updated Nov 21, 2024

Sakai: Kernel users created with type roleview can login as a normal user

CVE-2024-47876

Description

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected packages

Versions sourced from the GitHub Security Advisory.

Package	Affected versions	Patched versions
org.sakaiproject.kernel:sakai-kernel-implMaven	>= 23.0, < 23.3	23.3

Affected products

ghsa-coords
pkg:maven/org.sakaiproject.kernel/sakai-kernel-impl
Range: >= 23.0, < 23.3
sakaiproject/sakaicpe-rescue
Range: >= 23.0, < 23.3

Patches

Vulnerability mechanics

References

github.com/advisories/GHSA-cx95-q6gx-w4qpghsaADVISORY
nvd.nist.gov/vuln/detail/CVE-2024-47876ghsaADVISORY
central.sonatype.com/artifact/org.sakaiproject.kernel/sakai-kernel-implghsaWEB
github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41ghsax_refsource_MISCWEB
github.com/sakaiproject/sakai/security/advisories/GHSA-cx95-q6gx-w4qpghsax_refsource_CONFIRMWEB
sakaiproject.atlassian.net/browse/SAK-50571ghsax_refsource_MISCWEB

News mentions

No linked articles in our index yet.

cvss	0.455
epss	0.000
exploit	0.000
kev	0.000
patch	-0.070
ransomware	0.000