Improper access control in Sakai - CVE-2024-47876

 

Improper access control in Sakai - CVE-2024-47876

Published: October 15, 2024 / Updated: April 28, 2026


Vulnerability identifier: #VU128320
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2024-47876
CWE-ID: CWE-284
Exploitation vector: Remote access
Exploit availability: No public exploit available
Vendor: Sakai
Affected software:
Sakai

Detailed vulnerability description

The vulnerability allows a remote attacker to gain unauthorized access to the system.

The vulnerability exists due to improper access control in kernel user account handling when processing logins for users created with the type roleview. A remote attacker can authenticate using such an account to gain unauthorized access to the system.


How to mitigate CVE-2024-47876

Install security update from vendor's website.

Sources