Skip to content

SAK-50571 Kernel users created with type roleview can login as a normal user

Critical
ern published GHSA-cx95-q6gx-w4qp Oct 14, 2024

Package

maven org.sakaiproject.kernel:sakai-kernel-impl (Maven)

Affected versions

23.0,23.1,23.2

Patched versions

23.3

Description

Impact

Illegal access can be granted to the system.

References

see https://sakaiproject.atlassian.net/browse/SAK-50571

Severity

Critical

CVE ID

CVE-2024-47876

Weaknesses

No CWEs