Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.
{
"cwe_ids": [
"CWE-285",
"CWE-863"
],
"osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2024/47xxx/CVE-2024-47876.json",
"cna_assigner": "GitHub_M"
}[
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"293598256850664584782762962729289317022",
"263414568593742245536644495515616315371",
"18536744973812433979820490423866296984",
"156094255155421982784434261453728542245"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-47876-03db7c03",
"target": {
"file": "kernel/kernel-impl/src/main/java/org/sakaiproject/site/impl/BaseSiteService.java"
}
},
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"239192179803428154967144870984026480002",
"325500107480382794148365098855189641442",
"96713456903121371617655187124523259853",
"63516772592939600703432506869318995335",
"127234235517803887855517416991183001047",
"291663802625754905399107580470653548162",
"291276925102235955677188744639132357921",
"280872762737715439204823922196225957352",
"183972054851689458472071507775930811793",
"263624677805727295653150590231428260187",
"68393144960398861810900195427480374925",
"294145316923689945501611415413726150207",
"591718367285766489943688591782717058",
"56655341477040833455615304134577086501",
"140029117625930571750300337243169657790",
"74854598817419382241762039673509577343",
"257470795484135688267844184046294458918",
"306301328736582546645399361342737871869",
"198552563524858000648421541758377744347",
"123082596355492354511620734905960468049",
"311070595883961331698185595481668383534",
"201542336032030276784425260744125438852",
"230312556535334030396248084848408920231",
"264171386179315160861218674217897283033",
"43224304658393468967872366464840978384"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-47876-3b46f543",
"target": {
"file": "portal/portal-impl/impl/src/java/org/sakaiproject/portal/charon/handlers/RoleSwitchHandler.java"
}
},
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Line",
"digest": {
"line_hashes": [
"72625510565008715920684708017007860723",
"106618680180172372044564407175233975191",
"110507682482013023029876776433454001943",
"204682619951369710915536777904726198948",
"24712010557448524137667180381189643541",
"168065797952646086384175628065911544560",
"3005702863181701277766592414331355411",
"108533526248745750036070444979296599591",
"276725535349547482555882662834903984928",
"130981179544654707102902374768782834904",
"80018172934205883068033764919209777102",
"30731584959583331873574172286593518705",
"15153825090051143065752244867644442855"
],
"threshold": 0.9
},
"deprecated": false,
"id": "CVE-2024-47876-3b745c03",
"target": {
"file": "kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/BaseUserDirectoryService.java"
}
},
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "108760253075326080144124250675478197510",
"length": 2035.0
},
"deprecated": false,
"id": "CVE-2024-47876-57d3e1c7",
"target": {
"function": "doGet",
"file": "portal/portal-impl/impl/src/java/org/sakaiproject/portal/charon/handlers/RoleSwitchHandler.java"
}
},
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "253034799931201197525377011848999044870",
"length": 192.0
},
"deprecated": false,
"id": "CVE-2024-47876-7518901d",
"target": {
"function": "isRoleViewType",
"file": "kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/BaseUserDirectoryService.java"
}
},
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "45213476450600757293570633751929519364",
"length": 771.0
},
"deprecated": false,
"id": "CVE-2024-47876-95cdf557",
"target": {
"function": "addMockUserInSite",
"file": "kernel/kernel-impl/src/main/java/org/sakaiproject/site/impl/BaseSiteService.java"
}
},
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "135076008586469813066612298421700102915",
"length": 105.0
},
"deprecated": false,
"id": "CVE-2024-47876-bce3bf8d",
"target": {
"function": "RoleSwitchHandler",
"file": "portal/portal-impl/impl/src/java/org/sakaiproject/portal/charon/handlers/RoleSwitchHandler.java"
}
},
{
"source": "https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41",
"signature_version": "v1",
"signature_type": "Function",
"digest": {
"function_hash": "115609238192083972891023760583154067113",
"length": 460.0
},
"deprecated": false,
"id": "CVE-2024-47876-f440e25a",
"target": {
"function": "authenticate",
"file": "kernel/kernel-impl/src/main/java/org/sakaiproject/user/impl/BaseUserDirectoryService.java"
}
}
]
"2026-07-15T15:53:38Z"
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-47876.json"