CVE-2024-41964 – Insufficient permission checks in the language settings in Kirby CMS

https://notcve.org/view.php?id=CVE-2024-41964

29 Aug 2024 — Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. • https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23 • CWE-863: Incorrect Authorization •