Skip to main content

Admin Classic Bundle CVE-2024-24822

CRITICAL
Missing Authorization (CWE-862)
2024-02-07 security-advisories@github.com
9.1
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
9.1 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Feb 07, 2024 - 18:15 nvd
CRITICAL 9.1

DescriptionNVD

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually.

AnalysisAI

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated critical severity (CVSS 9.1), this vulnerability is remotely exploitable, no authentication required, low attack complexity. This Missing Authorization vulnerability could allow attackers to access resources or perform actions without proper authorization checks.

Technical ContextAI

This vulnerability is classified as Missing Authorization (CWE-862), which allows attackers to access resources or perform actions without proper authorization checks. Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Prior to version 1.3.3, an attacker can create, delete etc. tags without having the permission to do so. A fix is available in version 1.3.3. As a workaround, one may apply the patch manually. Affected products include: Pimcore Admin Classic Bundle. Version information: version 1.3.3.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Implement role-based access control, validate authorization on every request server-side, apply principle of least privilege.

CVE-2024-25625 CRITICAL POC
9.3 Feb 19

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Rated critical severity (CVSS 9.3), this vulnerability

CVE-2024-23646 HIGH POC
8.8 Jan 24

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulne

CVE-2024-23648 HIGH POC
8.8 Jan 24

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated high severity (CVSS 8.8), this vulne

CVE-2023-5844 HIGH POC
7.2 Oct 30

Unverified Password Change in GitHub repository pimcore/admin-ui-classic-bundle prior to 1.2.0. Rated high severity (CVS

CVE-2024-41109 MEDIUM POC
6.5 Jul 30

Pimcore's Admin Classic Bundle provides a backend user interface for Pimcore. Rated medium severity (CVSS 6.5), this vul

CVE-2023-47636 MEDIUM POC
5.3 Nov 15

The Pimcore Admin Classic Bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.3), this vulnerability

CVE-2026-23495 MEDIUM POC
4.3 Jan 15

Pimcore Admin Classic Bundle versions prior to 2.2.3 and 1.7.16 fail to enforce proper authorization on the Predefined P

CVE-2023-49075 HIGH
7.2 Nov 28

The Admin Classic Bundle provides a Backend UI for Pimcore. Rated high severity (CVSS 7.2), this vulnerability is remote

CVE-2023-46722 MEDIUM
6.1 Oct 31

The Pimcore Admin Classic Bundle provides a backend UI for Pimcore. Rated medium severity (CVSS 6.1), this vulnerability

CVE-2023-37280 MEDIUM
6.1 Jul 11

Pimcore Admin Classic Bundle provides a Backend UI for Pimcore based on the ExtJS framework. Rated medium severity (CVSS

CVE-2023-42817 MEDIUM
5.4 Sep 25

Pimcore admin-ui-classic-bundle provides a Backend UI for Pimcore. Rated medium severity (CVSS 5.4), this vulnerability

CVE-2025-30166 LOW
1.8 Apr 08

Pimcore's Admin Classic Bundle provides a Backend UI for Pimcore. Rated low severity (CVSS 1.8), this vulnerability is r

Share

CVE-2024-24822 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy