GHSA-vc7j-99jw-jrqm

Suggest an improvement
Source
https://github.com/advisories/GHSA-vc7j-99jw-jrqm
Import Source
https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2024/07/GHSA-vc7j-99jw-jrqm/GHSA-vc7j-99jw-jrqm.json
JSON Data
https://api.osv.dev/v1/vulns/GHSA-vc7j-99jw-jrqm
Aliases
Published
2024-07-02T21:20:33Z
Modified
2024-07-05T18:03:16.249687Z
Severity
  • 8.2 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:L CVSS Calculator
Summary
aimeos/ai-admin-graphql improper access control vulnerability allows an editor to modify admin account
Details

aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.01 and prior to versions 2022.10.10, 2023.10.6, and 2024.04.6, an improper access control vulnerability allows an editor to modify and take over an admin account in the back end. Versions 2022.10.10, 2023.10.6, and 2024.04.6 fix this issue.

References

Affected packages

Packagist / aimeos/ai-admin-graphql

Package

Name
aimeos/ai-admin-graphql
Purl
pkg:composer/aimeos/ai-admin-graphql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2022.04.1
Fixed
2022.10.10

Affected versions

2022.*

2022.10.1
2022.10.2
2022.10.3
2022.10.4
2022.10.5
2022.10.6
2022.10.7
2022.10.8
2022.10.9

Packagist / aimeos/ai-admin-graphql

Package

Name
aimeos/ai-admin-graphql
Purl
pkg:composer/aimeos/ai-admin-graphql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2023.04.1
Fixed
2023.10.6

Affected versions

2023.*

2023.04.1
2023.04.2
2023.04.3
2023.07.1
2023.07.2
2023.10.1
2023.10.2
2023.10.3
2023.10.4
2023.10.5

Packagist / aimeos/ai-admin-graphql

Package

Name
aimeos/ai-admin-graphql
Purl
pkg:composer/aimeos/ai-admin-graphql

Affected ranges

Type
ECOSYSTEM
Events
Introduced
2024.04.1
Fixed
2024.04.6

Affected versions

2024.*

2024.04.1
2024.04.2
2024.04.3
2024.04.4
2024.04.5