CVE-2024-21622: Craft CMS Privilege Escalation

First published: Wed Jan 03 2024(Updated: )

### Impact This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft with certain user permissions setups. ### Patches This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions. ### References https://github.com/craftcms/cms/pull/13932 https://github.com/craftcms/cms/pull/13931 https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16 https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

Credit: security-advisories@github.com security-advisories@github.com

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

• collector/mitre-cve
• collector/github-advisory-latest
• alias/GHSA-j5g9-j7r4-6qvx
• alias/CVE-2024-21622
• agent/author
• agent/type
• agent/first-publish-date
• collector/nvd-api
• source/NVD
• agent/software-canonical-lookup
• agent/last-modified-date
• agent/remedy
• agent/severity
• agent/title
• agent/weakness
• agent/references
• collector/github-advisory
• source/GitHub
• collector/nvd-cve
• agent/softwarecombine
• agent/event
• agent/description
• agent/tags
• collector/epss-latest
• source/FIRST
• agent/epss
• agent/trending
• package-manager/composer
• vendor/craftcms
• canonical/craftcms craft cms
• version/craftcms craft cms/3.0.0
• version/craftcms craft cms/4.0.0
• version/craftcms craft cms/4.5.15