CVE-2024-47876

Summary

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.

Affected Software

VendorProductVersion RangeStatus
sakaiprojectsakai>= 23.0, < 23.3affected

Weaknesses

  • CWE-285: CWE-285: Improper Authorization
  • CWE-863: CWE-863: Incorrect Authorization

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References