{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T08:41:58.809","vulnerabilities":[{"cve":{"id":"CVE-2024-39324","sourceIdentifier":"security-advisories@github.com","published":"2024-07-02T21:15:11.213","lastModified":"2024-11-21T09:27:27.850","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. Starting in version 2022.04.1 and prior to versions 2022.10.10, 2023.10.6, and 2024.4.2, improper access control allows a editors to manage own services via GraphQL API which isn't allowed in the JQAdm front end. Versions 2022.10.10, 2023.10.6, and 2024.4.2 contain a patch for the issue.\n"},{"lang":"es","value":"aimeos/ai-admin-graphql es la interfaz de administración de la API Aimeos GraphQL. A partir de la versión 2022.04.1 y antes de las versiones 2022.10.10, 2023.10.6 y 2024.4.2, el control de acceso inadecuado permite a los editores administrar sus propios servicios a través de la API GraphQL, lo cual no está permitido en la interfaz JQAdm. Las versiones 2022.10.10, 2023.10.6 y 2024.4.2 contienen un parche para el problema."}],"metrics":{"cvssMetricV31":[{"source":"security-advisories@github.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5},{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:L","baseScore":3.8,"baseSeverity":"LOW","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"LOW"},"exploitabilityScore":1.2,"impactScore":2.5}]},"weaknesses":[{"source":"security-advisories@github.com","type":"Secondary","description":[{"lang":"en","value":"CWE-863"},{"lang":"en","value":"CWE-1220"}]},{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-863"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:ai-admin-graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"2022.04.1","versionEndExcluding":"2022.10.10","matchCriteriaId":"CCCBEC57-5E51-404A-A93E-F04C20753EE8"},{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:ai-admin-graphql:*:*:*:*:*:*:*:*","versionStartIncluding":"2023.04.1","versionEndExcluding":"2023.10.6","matchCriteriaId":"342DA783-3693-4F4A-9338-A419FB2BD435"},{"vulnerable":true,"criteria":"cpe:2.3:a:aimeos:ai-admin-graphql:2024.04.1:*:*:*:*:*:*:*","matchCriteriaId":"1942C6DA-0B87-45DD-BDEE-1C68C33BCC1A"}]}]}],"references":[{"url":"https://github.com/aimeos/ai-admin-graphql/commit/4eabc2b973509ffa5924e7f88c8f87ee96e93b38","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/commit/687059d7eb2e1d55a09ed72dad3814f35edad038","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/commit/a839a5adf16fee4221d444b7d2f5140d8cabf0ac","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/commit/acbb044620f4ff8e8d78a775cd205ec47cf119b3","source":"security-advisories@github.com","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-jj68-cp4v-98qf","source":"security-advisories@github.com","tags":["Vendor Advisory"]},{"url":"https://github.com/aimeos/ai-admin-graphql/commit/4eabc2b973509ffa5924e7f88c8f87ee96e93b38","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/commit/687059d7eb2e1d55a09ed72dad3814f35edad038","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/commit/a839a5adf16fee4221d444b7d2f5140d8cabf0ac","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/commit/acbb044620f4ff8e8d78a775cd205ec47cf119b3","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Patch"]},{"url":"https://github.com/aimeos/ai-admin-graphql/security/advisories/GHSA-jj68-cp4v-98qf","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]}]}}]}