VulnerableCode Vulnerability Details

Staging Environment: Content and features may be unstable or change without notice.

Search for vulnerabilities

Vulnerability details: VCID-wcsx-j8xk-r7c7

Essentials
Severities (30)
References (10)
Severity details (27)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-wcsx-j8xk-r7c7
Aliases	CVE-2024-21622 GHSA-j5g9-j7r4-6qvx
Summary	Craft is a content management system. This is a potential moderate impact, low complexity privilege escalation vulnerability in Craft starting in 3.x prior to 3.9.6 and 4.x prior to 4.4.16 with certain user permissions setups. This has been fixed in Craft 4.4.16 and Craft 3.9.6. Users should ensure they are running at least those versions.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (3)

CWE-269	Improper Privilege Management
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21622
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21622
epss	0.00103	https://api.first.org/data/v1/epss?cve=CVE-2024-21622
cvssv3.1_qr	MODERATE	https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
cvssv3.1	5.4	https://github.com/craftcms/cms
generic_textual	MODERATE	https://github.com/craftcms/cms
cvssv3.1	5.4	https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
generic_textual	MODERATE	https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
ssvc	Track	https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
cvssv3.1	5.4	https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
generic_textual	MODERATE	https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
ssvc	Track	https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
cvssv3.1	5.4	https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
generic_textual	MODERATE	https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
ssvc	Track	https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
cvssv3.1	5.4	https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
generic_textual	MODERATE	https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
ssvc	Track	https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
cvssv3.1	5.4	https://github.com/craftcms/cms/pull/13931
generic_textual	MODERATE	https://github.com/craftcms/cms/pull/13931
ssvc	Track	https://github.com/craftcms/cms/pull/13931
cvssv3.1	5.4	https://github.com/craftcms/cms/pull/13932
generic_textual	MODERATE	https://github.com/craftcms/cms/pull/13932
ssvc	Track	https://github.com/craftcms/cms/pull/13932
cvssv3.1	5.4	https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
cvssv3.1_qr	MODERATE	https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
generic_textual	MODERATE	https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
ssvc	Track	https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx
cvssv3.1	5.4	https://nvd.nist.gov/vuln/detail/CVE-2024-21622
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2024-21622

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2024-21622
13931		https://github.com/craftcms/cms/pull/13931
13932		https://github.com/craftcms/cms/pull/13932
76caf9af07d9964be0fd362772223be6a5f5b6aa		https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa
be81eb653d633833f2ab22510794abb6bb9c0843		https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843
CHANGELOG.md#396---2023-11-16		https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16
CHANGELOG.md#4511---2023-11-16		https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16
CVE-2024-21622		https://nvd.nist.gov/vuln/detail/CVE-2024-21622
GHSA-j5g9-j7r4-6qvx		https://github.com/advisories/GHSA-j5g9-j7r4-6qvx
GHSA-j5g9-j7r4-6qvx		https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

No exploits are available.

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/ Found at https://github.com/craftcms/cms/blob/develop/CHANGELOG.md#4511---2023-11-16

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/ Found at https://github.com/craftcms/cms/blob/v3/CHANGELOG.md#396---2023-11-16

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/ Found at https://github.com/craftcms/cms/commit/76caf9af07d9964be0fd362772223be6a5f5b6aa

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/ Found at https://github.com/craftcms/cms/commit/be81eb653d633833f2ab22510794abb6bb9c0843

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms/pull/13931

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/ Found at https://github.com/craftcms/cms/pull/13931

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms/pull/13932

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/ Found at https://github.com/craftcms/cms/pull/13932

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-01-08T17:11:55Z/ Found at https://github.com/craftcms/cms/security/advisories/GHSA-j5g9-j7r4-6qvx

Vector: CVSS:3.1/AV:A/AC:L/PR:L/UI:N/S:C/C:N/I:L/A:L Found at https://nvd.nist.gov/vuln/detail/CVE-2024-21622

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.2763
EPSS Score	0.00103
Published At	June 11, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-06-10T18:39:01.343429+00:00	Vulnrichment	Import	https://github.com/cisagov/vulnrichment/blob/develop/2024/21xxx/CVE-2024-21622.json	38.6.0