CVE-2024-45392

See a problem?
Please try reporting it to the source first.

Source

https://cve.org/CVERecord?id=CVE-2024-45392

Import Source

https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45392.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2024-45392

Aliases

BIT-suitecrm-2024-45392
GHSA-8qfx-h7pm-2587

Published

2024-09-05T16:34:14.271Z

Modified

2026-04-10T05:16:51.506370Z

Severity

7.7 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:N CVSS Calculator

Summary

SuiteCRM has wrong deletion permission checks on API delete call

Details

SuiteCRM is an open-source customer relationship management (CRM) system. Prior to version 7.14.5 and 8.6.2, insufficient access control checks allow a threat actor to delete records via the API. Versions 7.14.5 and 8.6.2 contain a patch for the issue.

Database specific

{
    "cna_assigner": "GitHub_M",
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/45xxx/CVE-2024-45392.json",
    "cwe_ids": [
        "CWE-284"
    ]
}

References

Affected packages

Git / github.com/salesagility/suitecrm

Affected ranges

Type: GIT
Repo: https://github.com/salesagility/suitecrm
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

1a114a92e699d7ad5035518c31ee639fdc5cf825

Affected versions

7.*

7.9.6

v.*

v.7.9.11

v7.*

v7.0.2

v7.1

v7.1.1

v7.1.2

v7.1.3

v7.1.4

v7.10.0

v7.10.1

v7.10.10

v7.10.11

v7.10.12

v7.10.2

v7.10.3

v7.10.4

v7.10.5

v7.10.6

v7.10.7

v7.11.0

v7.11.1

v7.11.11

v7.11.12

v7.11.13

v7.11.14

v7.11.15

v7.11.16

v7.11.17

v7.11.18

v7.11.2

v7.11.3

v7.11.4

v7.11.5

v7.11.6

v7.11.7

v7.11.8

v7.12-rc

v7.12.0

v7.12.1

v7.12.2

v7.12.3

v7.12.4

v7.12.5

v7.12.6

v7.12.7

v7.12.8

v7.13.0

v7.13.0-beta

v7.13.1

v7.13.2

v7.13.3

v7.13.4

v7.14.0

v7.14.0-beta

v7.14.1

v7.14.2

v7.14.3

v7.14.4

v7.2

v7.2.1

v7.2beta

v7.2beta2

v7.3

v7.3-beta

v7.3.1

v7.3.2

v7.4.1

v7.4.2

v7.4.3

v7.5-beta

v7.5-beta.2

v7.5.1

v7.6

v7.6.1

v7.7

v7.7-beta1

v7.7-beta2

v7.7-rc

v7.7-rc2

v7.7.2

v7.7.3

v7.7.4

v7.8.0

v7.8.0-beta

v7.8.0-beta.2

v7.8.0-rc

v7.8.1

v7.8.2

v7.9.0

v7.9.0-beta

v7.9.0-rc

v7.9.1

v7.9.10

v7.9.11

v7.9.12

v7.9.13

v7.9.14

v7.9.3

v7.9.4

v7.9.5

v7.9.8

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45392.json"

Git / github.com/salesagility/suitecrm-core

Affected ranges

Type

GIT

Repo

https://github.com/salesagility/suitecrm-core

Events

Introduced

55c1ee9cbdf409ed41c04da0bbf442b311a3ab57

Fixed

1ebb0b2b9fe04b26ecb49cd7c2cedd41b0ed60bf

Database specific

{
    "versions": [
        {
            "introduced": "8.0.0"
        },
        {
            "fixed": "8.6.2"
        }
    ]
}

Affected versions

v8.*

v8.0.0

v8.0.1

v8.0.2

v8.0.3

v8.0.4

v8.1.0

v8.1.1

v8.1.2

v8.1.3

v8.2.0

v8.2.0-beta.2

v8.2.1

v8.2.2

v8.2.3

v8.2.4

v8.3.0

v8.3.1

v8.4.0

v8.4.0-beta

v8.4.1

v8.4.2

v8.5.0

v8.5.1

v8.6.0

v8.6.1

Database specific

source

"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-45392.json"