Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-w47w-xzfq-7bdk
Vulnerability ID VCID-w47w-xzfq-7bdk
Aliases CVE-2024-41964
GHSA-jm9m-rqr3-wfmh
Summary Kirby has insufficient permission checks in the language settings The missing permission checks allowed attackers with Panel access to manipulate the language definitions. The language definitions are at the core of multi-language content in Kirby. Unauthorized modifications with malicious intent can cause significant damage, for example: - If the `languages` option was enabled but no language exists, creating the first language will switch Kirby to multi-language mode. - Deleting an existing language will lead to content loss of all translated content in that language. Deleting the last language will switch Kirby to single-language mode. - Updating a language allows to change the metadata including the language slug (used in page URLs) and language variables. It also allows to change the default language, which will cause Kirby to use the new default language's content as a fallback for non-existing translations. Depending on the site code, the result of such actions can cause loss of site availability (e.g. error messages in the site frontend) or integrity (due to changed URLs or removed translations).
Status Published
Exploitability 0.5
Weighted Severity 8.0
Risk 4.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-863 Incorrect Authorization
CWE-937 OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities
CWE-1035 OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
System Score Found at
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2024-41964
epss 0.00379 https://api.first.org/data/v1/epss?cve=CVE-2024-41964
cvssv3.1_qr HIGH https://github.com/advisories/GHSA-jm9m-rqr3-wfmh
cvssv3.1 8.1 https://github.com/getkirby/kirby
cvssv4 8.8 https://github.com/getkirby/kirby
generic_textual HIGH https://github.com/getkirby/kirby
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
cvssv4 8.8 https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
generic_textual HIGH https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
cvssv4 8.8 https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
generic_textual HIGH https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
cvssv4 8.8 https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
generic_textual HIGH https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
cvssv4 8.8 https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
generic_textual HIGH https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
ssvc Track https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
cvssv4 8.8 https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
generic_textual HIGH https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
cvssv3.1 8.1 https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
cvssv4 8.8 https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
generic_textual HIGH https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.10.1.1
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.10.1.1
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.10.1.1
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.6.6.6
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.6.6.6
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.6.6.6
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.7.5.5
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.7.5.5
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.7.5.5
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.8.4.4
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.8.4.4
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.8.4.4
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/3.9.8.2
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/3.9.8.2
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/3.9.8.2
cvssv3.1 8.1 https://github.com/getkirby/kirby/releases/tag/4.3.1
cvssv4 8.8 https://github.com/getkirby/kirby/releases/tag/4.3.1
generic_textual HIGH https://github.com/getkirby/kirby/releases/tag/4.3.1
cvssv3.1 8.1 https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
cvssv3.1_qr HIGH https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
cvssv4 8.8 https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
generic_textual HIGH https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
ssvc Track https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
cvssv3.1 8.1 https://nvd.nist.gov/vuln/detail/CVE-2024-41964
cvssv4 8.8 https://nvd.nist.gov/vuln/detail/CVE-2024-41964
generic_textual HIGH https://nvd.nist.gov/vuln/detail/CVE-2024-41964
Reference id Reference type URL
https://api.first.org/data/v1/epss?cve=CVE-2024-41964
https://github.com/getkirby/kirby
https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
https://github.com/getkirby/kirby/releases/tag/3.10.1.1
https://github.com/getkirby/kirby/releases/tag/3.6.6.6
https://github.com/getkirby/kirby/releases/tag/3.7.5.5
https://github.com/getkirby/kirby/releases/tag/3.8.4.4
https://github.com/getkirby/kirby/releases/tag/3.9.8.2
https://github.com/getkirby/kirby/releases/tag/4.3.1
CVE-2024-41964 https://nvd.nist.gov/vuln/detail/CVE-2024-41964
GHSA-jm9m-rqr3-wfmh https://github.com/advisories/GHSA-jm9m-rqr3-wfmh
GHSA-jm9m-rqr3-wfmh https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
No exploits are available.
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/1dbc9215c97a5c22dc7f34a4e3a64d19e1eac151
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/38636655b054e820f66c3b717c55a9d60fe6400a
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/83fce501759782cf843b6f1d9293a7c7167e69af
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T16:35:56Z/ Found at https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/af9b0a58dea63effab85525ae217faa1f5ded423
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/commit/e647a177c75636ef4824662b2ce00d8e5c3a8406
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.10.1.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.10.1.1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.6.6.6
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.6.6.6
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.7.5.5
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.7.5.5
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.8.4.4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.8.4.4
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/3.9.8.2
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/3.9.8.2
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/releases/tag/4.3.1
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/releases/tag/4.3.1
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-29T16:35:56Z/ Found at https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh
Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41964
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:N/SA:N Found at https://nvd.nist.gov/vuln/detail/CVE-2024-41964
Attack Vector (AV) Attack Complexity (AC) Attack Requirements (AT) Privileges Required (PR) User Interaction (UI) Vulnerable System Impact Confidentiality (VC) Vulnerable System Impact Integrity (VI) Vulnerable System Impact Availability (VA) Subsequent System Impact Confidentiality (SC) Subsequent System Impact Integrity (SI) Subsequent System Impact Availability (SA)

network

adjacent

local

physical

low

high

none

present

none

low

high

none

passive

active

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.59745
EPSS Score 0.00379
Published At June 5, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-06-04T16:22:12.911647+00:00 GitLab Importer Import https://gitlab.com/gitlab-org/advisories-community/-/blob/main/packagist/getkirby/cms/CVE-2024-41964.yml 38.6.0