CVE-2024-47876

Sakai: Kernel users created with type roleview can login as a normal user

Description

Sakai is a Collaboration and Learning Environment. Starting in version 23.0 and prior to version 23.2, kernel users created with type roleview can log in as a normal user. This can result in illegal access being granted to the system. Version 23.3 fixes this vulnerability.

Category

8.7
CVSS
Severity: High
CVSS 4.0 •
EPSS 0.04%
Affected: sakaiproject sakai
Published at:
Updated at:

References

Link Tags
https://github.com/sakaiproject/sakai/security/advisories/GHSA-cx95-q6gx-w4qp
https://github.com/sakaiproject/sakai/commit/a9aadd9347cfb204515e89ac0163e1be9e56cc41
https://sakaiproject.atlassian.net/browse/SAK-50571

Frequently Asked Questions

What is the severity of CVE-2024-47876?
CVE-2024-47876 has been scored as a high severity vulnerability.
How to fix CVE-2024-47876?
To fix CVE-2024-47876, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2024-47876 being actively exploited in the wild?
As for now, there are no information to confirm that CVE-2024-47876 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2024-47876?
CVE-2024-47876 affects sakaiproject sakai.
This platform uses data from the NIST NVD, MITRE CVE, MITRE CWE, First.org and CISA KEV but is not endorsed or certified by these entities. CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site.
© 2025 Under My Watch. All Rights Reserved.