How severe is CVE-2024-35228?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.5 out of 10.

What type of vulnerability is CVE-2024-35228?

This is classified as CWE-280, which is a common weakness in software security.

CVE-2024-35228 - MEDIUM Severity | CVSS 5.5

Vulnerability Description

Wagtail is an open source content management system built on Django. Due to an improperly applied permission check in the `wagtail.contrib.settings` module, a user with access to the Wagtail admin and knowledge of the URL of the edit view for a settings model can access and update that setting, even when they have not been granted permission over the model. The vulnerability is not exploitable by an ordinary site visitor without access to the Wagtail admin. Patched versions have been released as Wagtail 6.0.5 and 6.1.2. Wagtail releases prior to 6.0 are unaffected. Users are advised to upgrade. Site owners who are unable to upgrade to a patched version can avoid the vulnerability in `ModelViewSet` by registering the model as a snippet instead. No workaround is available for `wagtail.contrib.settings`.

Related Vulnerabilities

CVE-2022-30727

MEDIUM

CVSS:5.5(Medium)

Improper handling of insufficient permissions vulnerability in addAppPackageNameToAllowList in PersonaManagerService prior to SMR Jun-2022 Release 1 allows local attackers to set some setting value in...

CWE-2802022

CVE-2024-35301

MEDIUM

CVSS:5.5(Medium)

In JetBrains TeamCity before 2024.03.1 commit status publisher didn't check project scope of the GitHub App token

CWE-2802024

CVE-2024-6302

MEDIUM

CVSS:5.5(Medium)

Lack of privilege checking when processing a redaction in Conduit versions v0.6.0 and lower, allowing a local user to redact any message from users on the same server, given that they are able to send...

CWE-2802024

CVE-2025-31172

MEDIUM

CVSS:5.5(Medium)

Memory write permission bypass vulnerability in the kernel futex module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CWE-2802025

CVE-2025-46584

MEDIUM

CVSS:5.5(Medium)

Vulnerability of improper authentication logic implementation in the file system module Impact: Successful exploitation of this vulnerability may affect service confidentiality.

CWE-2802025

CVE-2020-10072

MEDIUM

CVSS:5.3(Medium)

Improper Handling of Insufficient Permissions or Privileges in zephyr. Zephyr versions >= v1.14.2, >= v2.2.0 contain Improper Handling of Insufficient Permissions or Privileges (CWE-280). For more inf...

CWE-2802020