Vulnerabilities > CVE-2024-24822 - Missing Authorization vulnerability in Pimcore Admin Classic Bundle

CVSS 9.1 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

pimcore

CWE-862

critical

NVD

Published: 2024-02-07

Updated: 2024-02-15

Summary

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.

Vulnerable Configurations

Part	Description	Count
Application	Pimcore Pimcore Admin Classic Bundle - Pimcore Admin Classic Bundle 1.0.0 Pimcore Admin Classic Bundle 1.0.1 Pimcore Admin Classic Bundle 1.0.2 Pimcore Admin Classic Bundle 1.0.3 Pimcore Admin Classic Bundle 1.0.4 Pimcore Admin Classic Bundle 1.0.6 Pimcore Admin Classic Bundle 1.1.0 Pimcore Admin Classic Bundle 1.1.1 Pimcore Admin Classic Bundle 1.1.2 Pimcore Admin Classic Bundle 1.1.3 Pimcore Admin Classic Bundle 1.1.4 Pimcore Admin Classic Bundle 1.2.0 Pimcore Admin Classic Bundle 1.2.1 Pimcore Admin Classic Bundle 1.2.2 Pimcore Admin Classic Bundle 1.2.3 Pimcore Admin Classic Bundle 1.3.0 Pimcore Admin Classic Bundle 1.3.1 Pimcore Admin Classic Bundle 1.3.2	24

Common Weakness Enumeration (CWE)

CWE-862 - Missing Authorization

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References