CVE-2024-22206

Clerk helps developers build user management. Unauthorized access or privilege escalation due to a logic flaw in auth() in the App Router or getAuth() in the Pages Router. This vulnerability was patched in version 4.29.3.
Configurations

Configuration 1 (hide)

cpe:2.3:a:clerk:javascript:*:*:*:*:*:node.js:*:*

History

21 Nov 2024, 08:55

Type Values Removed Values Added
CVSS v2 : unknown
v3 : 9.8
v2 : unknown
v3 : 9.0
References () https://clerk.com/changelog/2024-01-12 - Release Notes, Vendor Advisory () https://clerk.com/changelog/2024-01-12 - Release Notes, Vendor Advisory
References () https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 - Patch, Release Notes () https://github.com/clerk/javascript/releases/tag/%40clerk%2Fnextjs%404.29.3 - Patch, Release Notes
References () https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg - Patch, Vendor Advisory () https://github.com/clerk/javascript/security/advisories/GHSA-q6w5-jg5q-47vg - Patch, Vendor Advisory

22 Jan 2024, 18:38

Type Values Removed Values Added
New CVE

Information

Published : 2024-01-12 20:15

Updated : 2024-11-21 08:55


NVD link : CVE-2024-22206

Mitre link : CVE-2024-22206

CVE.ORG link : CVE-2024-22206


JSON object : View

Products Affected

clerk

  • javascript
CWE
CWE-284

Improper Access Control

CWE-287

Improper Authentication

CWE-639

Authorization Bypass Through User-Controlled Key