CVE-2024-47876

Source
https://cve.org/CVERecord?id=CVE-2024-47876
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47876.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2024-47876
Aliases
Published
2024-10-15T15:49:05.040Z
Modified
2026-07-15T15:53:38.282796Z
Severity
  • 8.7 (High) CVSS_V4 - CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N CVSS Calculator
Summary
Sakai: Kernel users created with type roleview can login as a normal user
Details

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.

Database specific
{
    "cwe_ids": [
        "CWE-285",
        "CWE-863"
    ],
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47876.json",
    "cna_assigner": "GitHub_M"
}
References

Affected packages

Git / github.com/sakaiproject/sakai

Affected ranges

Type
GIT
Repo
https://github.com/sakaiproject/sakai
Events
Database specific
{
    "cpe": "cpe:2.3:a:sakailms:sakai:*:*:*:*:*:*:*:*",
    "extracted_events": [
        {
            "introduced": "23.0"
        },
        {
            "fixed": "23.2"
        }
    ],
    "source": [
        "CPE_RANGE",
        "REFERENCES"
    ]
}

Affected versions

23.*
23.0
23.1

Database specific

vanir_signatures
[
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "293598256850664584782762962729289317022",
                "263414568593742245536644495515616315371",
                "18536744973812433979820490423866296984",
                "156094255155421982784434261453728542245"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2024-47876-03db7c03",
        "target": {
            "file": "kernel/kernel-impl/src/main/java/org/sakaiproject/site/impl/BaseSiteService.java"
        }
    },
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "239192179803428154967144870984026480002",
                "325500107480382794148365098855189641442",
                "96713456903121371617655187124523259853",
                "63516772592939600703432506869318995335",
                "127234235517803887855517416991183001047",
                "291663802625754905399107580470653548162",
                "291276925102235955677188744639132357921",
                "280872762737715439204823922196225957352",
                "183972054851689458472071507775930811793",
                "263624677805727295653150590231428260187",
                "68393144960398861810900195427480374925",
                "294145316923689945501611415413726150207",
                "591718367285766489943688591782717058",
                "56655341477040833455615304134577086501",
                "140029117625930571750300337243169657790",
                "74854598817419382241762039673509577343",
                "257470795484135688267844184046294458918",
                "306301328736582546645399361342737871869",
                "198552563524858000648421541758377744347",
                "123082596355492354511620734905960468049",
                "311070595883961331698185595481668383534",
                "201542336032030276784425260744125438852",
                "230312556535334030396248084848408920231",
                "264171386179315160861218674217897283033",
                "43224304658393468967872366464840978384"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2024-47876-3b46f543",
        "target": {
            "file": "portal/portal-impl/impl/src/java/org/sakaiproject/portal/charon/handlers/RoleSwitchHandler.java"
        }
    },
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Line",
        "digest": {
            "line_hashes": [
                "72625510565008715920684708017007860723",
                "106618680180172372044564407175233975191",
                "110507682482013023029876776433454001943",
                "204682619951369710915536777904726198948",
                "24712010557448524137667180381189643541",
                "168065797952646086384175628065911544560",
                "3005702863181701277766592414331355411",
                "108533526248745750036070444979296599591",
                "276725535349547482555882662834903984928",
                "130981179544654707102902374768782834904",
                "80018172934205883068033764919209777102",
                "30731584959583331873574172286593518705",
                "15153825090051143065752244867644442855"
            ],
            "threshold": 0.9
        },
        "deprecated": false,
        "id": "CVE-2024-47876-3b745c03",
        "target": {
            "file": "kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/BaseUserDirectoryService.java"
        }
    },
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "108760253075326080144124250675478197510",
            "length": 2035.0
        },
        "deprecated": false,
        "id": "CVE-2024-47876-57d3e1c7",
        "target": {
            "function": "doGet",
            "file": "portal/portal-impl/impl/src/java/org/sakaiproject/portal/charon/handlers/RoleSwitchHandler.java"
        }
    },
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "253034799931201197525377011848999044870",
            "length": 192.0
        },
        "deprecated": false,
        "id": "CVE-2024-47876-7518901d",
        "target": {
            "function": "isRoleViewType",
            "file": "kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/BaseUserDirectoryService.java"
        }
    },
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "45213476450600757293570633751929519364",
            "length": 771.0
        },
        "deprecated": false,
        "id": "CVE-2024-47876-95cdf557",
        "target": {
            "function": "addMockUserInSite",
            "file": "kernel/kernel-impl/src/main/java/org/sakaiproject/site/impl/BaseSiteService.java"
        }
    },
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "135076008586469813066612298421700102915",
            "length": 105.0
        },
        "deprecated": false,
        "id": "CVE-2024-47876-bce3bf8d",
        "target": {
            "function": "RoleSwitchHandler",
            "file": "portal/portal-impl/impl/src/java/org/sakaiproject/portal/charon/handlers/RoleSwitchHandler.java"
        }
    },
    {
        "source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
        "signature_version": "v1",
        "signature_type": "Function",
        "digest": {
            "function_hash": "115609238192083972891023760583154067113",
            "length": 460.0
        },
        "deprecated": false,
        "id": "CVE-2024-47876-f440e25a",
        "target": {
            "function": "authenticate",
            "file": "kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/BaseUserDirectoryService.java"
        }
    }
]
vanir_signatures_modified
"2026-07-15T15:53:38Z"
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47876.json"