4.0.1
3.0.1
CVE-2024-21622 represents a privilege escalation vulnerability discovered in Craft CMS. This flaw allows attackers with specific user permissions to potentially elevate their privileges within the system, leading to unauthorized access and control. The vulnerability affects Craft CMS versions 3.0.0–>= 4.0.0-RC1, and all versions prior to 4.5.11. A fix has been released in Craft CMS 4.4.16 and 3.9.6.
Successful exploitation of CVE-2024-21622 could grant an attacker elevated privileges within a Craft CMS installation. This could allow them to modify sensitive data, install malicious code, or gain complete control over the CMS and its associated website. The specific impact depends on the permissions of the user account exploited and the configuration of the Craft CMS instance. A malicious actor could potentially modify content, user accounts, or even system configurations, leading to data breaches, website defacement, or denial of service. The low complexity of the vulnerability suggests that exploitation may be relatively straightforward for attackers with some knowledge of Craft CMS.
CVE-2024-21622 was publicly disclosed on January 3, 2024. There is no indication of active exploitation campaigns at this time. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are not widely available, but the relatively low complexity of the vulnerability suggests that they may emerge.
Organizations using Craft CMS versions 3.0.0–>= 4.0.0-RC1 and < 4.5.11, particularly those with custom user roles or overly permissive user configurations, are at risk. Shared hosting environments utilizing Craft CMS are also potentially vulnerable if the hosting provider has not applied the necessary updates.
disclosure
Exploit-Status
EPSS
0.10% (28% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2024-21622 is to upgrade Craft CMS to version 4.4.16 or 3.9.6. If an immediate upgrade is not feasible, review user permission configurations to ensure that no user accounts have excessive privileges. Implement the principle of least privilege, granting users only the minimum permissions required to perform their tasks. Consider implementing a web application firewall (WAF) with rules to detect and block attempts to exploit privilege escalation vulnerabilities. Monitor Craft CMS logs for suspicious activity, such as unauthorized access attempts or privilege changes.
Actualice Craft CMS a la versión 4.4.16 o superior, o a la versión 3.9.6 o superior. Esto solucionará la vulnerabilidad de escalada de privilegios. Realice una copia de seguridad antes de actualizar.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2024-21622 is a medium severity privilege escalation vulnerability in Craft CMS affecting versions 3.0.0–>= 4.0.0-RC1 and < 4.5.11. Attackers with specific permissions could elevate their privileges.
You are affected if you are using Craft CMS versions 3.0.0–>= 4.0.0-RC1 and < 4.5.11. Check your version and upgrade if necessary.
Upgrade Craft CMS to version 4.4.16 or 3.9.6. Review and tighten user permission configurations to minimize potential impact.
There is currently no indication of active exploitation in the wild or publicly available proof-of-concept exploits.
Refer to the official Craft CMS security advisory for details: [https://craftcms.com/security/bulletins/cve-2024-21622](https://craftcms.com/security/bulletins/cve-2024-21622)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.