Описание
Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
Ссылки
- Release Notes
- Release Notes
- Patch
- Patch
- Issue TrackingPatch
- Issue TrackingPatch
- Vendor Advisory
- Release Notes
- Release Notes
- Patch
- Patch
- Issue TrackingPatch
- Issue TrackingPatch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия от 3.0.0 (включая) до 3.9.6 (исключая)Версия от 4.0.0 (включая) до 4.5.15 (включая)
Одно из
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
cpe:2.3:a:craftcms:craft_cms:*:*:*:*:*:*:*:*
EPSS
Процентиль: 28%
0.00103
Низкий
5.4 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo
Связанные уязвимости
EPSS
Процентиль: 28%
0.00103
Низкий
5.4 Medium
CVSS3
8.8 High
CVSS3
Дефекты
CWE-269
NVD-CWE-noinfo