Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-gwwh-p6qp-dqaq
Vulnerability ID VCID-gwwh-p6qp-dqaq
Aliases CVE-2024-41964
GHSA-jm9m-rqr3-wfmh
Summary Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. So disabling the languages.* wildcard permission for a role could not have prohibited updates to existing language definitions. The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The problem has been patched in Kirby 3.6.6.6, Kirby 3.7.5.5, Kirby 3.8.4.4, Kirby 3.9.8.2, Kirby 3.10.1.1, and Kirby 4.3.1. Please update to one of these or a later version to fix the vulnerability. There are no known workarounds for this vulnerability.
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-863 Incorrect Authorization
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2024-41964
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2024-41964
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2024-41964
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-jm9m-rqr3-wfmh
cvssv3.1 8.1 https://github.com/getkirby/kirby
cvssv4 8.8 https://github.com/getkirby/kirby
generic_textual HIGH https://github.com/getkirby/kirby
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
cvssv4 8.8 https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
generic_textual HIGH https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
cvssv4 8.8 https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
generic_textual HIGH https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
cvssv4 8.8 https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
generic_textual HIGH https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
cvssv4 8.8 https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
generic_textual HIGH https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
ssvc Track https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
cvssv4 8.8 https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
generic_textual HIGH https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
cvssv4 8.8 https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
generic_textual HIGH https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.10.1.1
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.10.1.1
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.10.1.1
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.6.6.6
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.6.6.6
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.6.6.6
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.7.5.5
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.7.5.5
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.7.5.5
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.8.4.4
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.8.4.4
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.8.4.4
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.9.8.2
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.9.8.2
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.9.8.2
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/4.3.1
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/4.3.1
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/4.3.1
cvssv3.1 8.1 https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
cvssv3.1_qr HIGH https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
cvssv4 8.8 https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
generic_textual HIGH https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
ssvc Track https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2024-41964
cvssv4 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-41964
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-41964
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-41964
https://github.com/getkirby/kirby
https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
https://github.com/getkirby/kirby/releases/tag/3.10.1.1
https://github.com/getkirby/kirby/releases/tag/3.6.6.6
https://github.com/getkirby/kirby/releases/tag/3.7.5.5
https://github.com/getkirby/kirby/releases/tag/3.8.4.4
https://github.com/getkirby/kirby/releases/tag/3.9.8.2
https://github.com/getkirby/kirby/releases/tag/4.3.1
ab95d172667c3cd529917c2bc94d3c7969706d23 https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
CVE-2024-41964 https://nvd.nist.gov/vuln/detail/CVE-2024-41964
GHSA-jm9m-rqr3-wfmh https://github.com/advisories/GHSA-jm9m-rqr3-wfmh
GHSA-jm9m-rqr3-wfmh https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T16:35:56Z/ Found at https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.10.1.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.10.1.1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.6.6.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.6.6.6
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.7.5.5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.7.5.5
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.8.4.4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.8.4.4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.9.8.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.9.8.2
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/4.3.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/4.3.1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T16:35:56Z/ Found at https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41964
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41964
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.59806
EPSS Score 0.00379
Published At June 11, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-10T18:44:41.033380+00:00 Vulnrichment Import https://github.com/cisagov/vulnrichment/blob/develop/2024/41xxx/CVE-2024-41964.json 38.6.0