1 results (0.002 seconds)
CVSS: 8.1EPSS: 0%CPEs: 6EXPL: 0
CVE-2024-41964 – Insufficient permission checks in the language settings in Kirby CMS
https://notcve.org/view.php?id=CVE-2024-41964
Kirby is a CMS targeting designers and editors. Kirby allows to restrict the permissions of specific user roles. Users of that role can only perform permitted actions. Permissions for creating and deleting languages have already existed and could be configured, but were not enforced by Kirby's frontend or backend code. A permission for updating existing languages has not existed before the patched versions. • https://github.com/getkirby/kirby/commit/ab95d172667c3cd529917c2bc94d3c7969706d23 https://github.com/getkirby/kirby/security/advisories/GHSA-jm9m-rqr3-wfmh • CWE-863: Incorrect Authorization •